wiki.returnofreckoning.com Open in urlscan Pro
2606:4700:20::ac43:4416 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://wiki.returnofreckoning.com/
Effective URL:
https://wiki.returnofreckoning.com/Main_Page
Submission: On December 05 via api (December 5th 2023, 5:26:03 am UTC) from US — Scanned from DE

Summary HTTP 125 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 13 domains to perform 125 HTTP transactions. The main IP is 2606:4700:20::ac43:4416, located in United States and belongs to CLOUDFLARENET, US. The main domain is wiki.returnofreckoning.com.
TLS certificate: Issued by GTS CA 1P5 on December 3rd 2023. Valid for: 3 months.

This is the only time wiki.returnofreckoning.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 23	2606:4700:20:... 2606:4700:20::ac43:4416	13335 (CLOUDFLAR...) (CLOUDFLARENET)
39	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:81c::2001	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
6 8	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
3 7	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	185.89.210.212 185.89.210.212	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	34.247.14.54 34.247.14.54	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2600:9000:243... 2600:9000:243d:3200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2600:1f13:800... 2600:1f13:800:7781:b300:4e0a:a2f0:cc36	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	142.250.185.166 142.250.185.166	15169 (GOOGLE) (GOOGLE)
1 2	54.154.43.253 54.154.43.253	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ed6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
125	19

23 2606:4700:20::ac43:4416 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

wiki.returnofreckoning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.returnofreckoning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.186.66 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.18.36.155 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.212 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.247.14.54 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-14-54.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:243d:3200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.154.43.253 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-43-253.eu-west-1.compute.amazonaws.com

ihg.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ed6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	495 KB
23	returnofreckoning.com 2 redirects wiki.returnofreckoning.com www.returnofreckoning.com	286 KB
22	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515 ad.doubleclick.net — Cisco Umbrella Rank: 139	156 KB
14	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	173 KB
12	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com — Cisco Umbrella Rank: 567	103 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	4 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
3	gstatic.com www.gstatic.com	17 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	192 KB
2	demdex.net 1 redirects ihg.demdex.net — Cisco Umbrella Rank: 7591	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1586	63 KB
125	13

	Domain	Requested by
29	pagead2.googlesyndication.com	wiki.returnofreckoning.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
22	wiki.returnofreckoning.com	2 redirects wiki.returnofreckoning.com
17	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net wiki.returnofreckoning.com
14	s0.2mdn.net	wiki.returnofreckoning.com s0.2mdn.net googleads.g.doubleclick.net
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
8	dt.adsafeprotected.com	googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
3	www.googletagservices.com	googleads.g.doubleclick.net
2	ihg.demdex.net	1 redirects googleads.g.doubleclick.net
2	ad.doubleclick.net	wiki.returnofreckoning.com
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	wiki.returnofreckoning.com
2	fw.adsafeprotected.com	1 redirects wiki.returnofreckoning.com
2	www.google.com	1 redirects tpc.googlesyndication.com
1	code.createjs.com	s0.2mdn.net
1	www.returnofreckoning.com	wiki.returnofreckoning.com
125	20

This site contains links to these domains. Also see Links.

Domain
returnofreckoning.com
www.returnofreckoning.com
twitter.com
www.facebook.com
www.mediawiki.org

Subject Issuer	Validity	Valid
returnofreckoning.com GTS CA 1P5	`2023-12-03` - `2024-03-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh

This page contains 19 frames:

Primary Page: https://wiki.returnofreckoning.com/Main_Page
Frame ID: 2933C5FDEC2070A776A3A9A723817157
Requests: 32 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20190131/zrt_lookup_fy2021.html
Frame ID: 5173DC5522A89DB55229329969B68ADB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Frame ID: 103779397A486C10C3DBFFAC41229912
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&adk=1812271804&adf=3025194257&lmt=1676302857&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958427&bpp=2&bdt=455&idt=193&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=171x600&nras=1&correlator=4362551188982&frm=20&pv=1&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=198
Frame ID: 26F240B54165878C077D15FB8453612D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3D74A750C3AFD2F491F54E8BEE4CAA2E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 778945E376102A52D7DA1B2336E341A6
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUDJo7ndofKRdjWhss9PmBB6bGkyqqTs82vbNTm1MrZzyN4dGhHMeFRtHP1KYPr5TzP1QBoAPVTbhpk_gNCUePYfZjfGBdxfdc8-ouQiRynTfP1LlKY22PXzmGmhuTqmJV3BnQeCM9L54wRsH04uP0l8roagsah-uSTtstIl3E6CU-H8b8
Frame ID: 855EF96637BA1342AD1330D77C98F9BE
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 81E96A1276027507D3F61F121A0E051E
Requests: 27 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: EE73CB0347CEA81B1C14B6A2D29401A0
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
Frame ID: 3501E81C83D6E9A40892919190492B13
Requests: 8 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: CF04C701FB639880298AA3CC22F9A9B5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 389AE0A74CE0F729F136E483D6FE22C6
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: F1DF39AC2608FC4D503A9C3164BC1F9D
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COO1YRDml88BGKaltfcBMAE&v=APEucNXvMy_S075LvYd0BMpzQpZg456B-AzK2P1v1hs_MuYuq_-BfXqFTbfahT5npf3IBHiGg8bGsP-ZGxl_QVVoljAQ2YNbdVUqHYytEYvgKIENAWvSRYyEYM3LolcabIYup9Ncbs7NVA3HRJN65xlPsAmjXkl18U5hi-WSLVvQvAz1oPgEpO4
Frame ID: 0C15FAC0FBB50050B74F096F2951EF93
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 067A25B8E5F00A86C3587E0298FDE6E8
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 16E743B5C9BF278B3576886F35C4DF52
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 0BFBC83D65F1269E9BC4B42CAC6FA123
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250
Frame ID: FEEB9FB97BF9CA07D996B8CC3DFE0612
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js
Frame ID: 5CB6BB9C7533389BBBDA30F6729495CC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RoR Wiki

Page URL History Show full URLs

http://wiki.returnofreckoning.com/ HTTP 301
https://wiki.returnofreckoning.com/ HTTP 301
https://wiki.returnofreckoning.com/Main_Page Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Page Statistics

125
Requests

92 %
HTTPS

61 %
IPv6

13
Domains

20
Subdomains

19
IPs

4
Countries

1490 kB
Transfer

4264 kB
Size

12
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://returnofreckoning.com/

Search URL Search Domain Scan URL

URL: https://www.returnofreckoning.com/join.php#download
Title: Game Installation

Search URL Search Domain Scan URL

URL: https://twitter.com/WAR_RoR
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/returnofreckoning/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents
Title: Help about MediaWiki

Search URL Search Domain Scan URL

URL: https://www.mediawiki.org/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://wiki.returnofreckoning.com/ HTTP 301
https://wiki.returnofreckoning.com/ HTTP 301
https://wiki.returnofreckoning.com/Main_Page Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

Request Chain 44

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW60Z0yV1JCpk5iZuOm2XAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

Request Chain 45

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMXhP8VNkeLg0StMewLv1sQ%26google_cver%3D1

Request Chain 46

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NDgyNDcxNTc1NjU1NDUzNQ%3D%3D

Request Chain 69

https://fw.adsafeprotected.com/rfw/st/987057/61527764/4.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-9302098306226831&ias_chanId=1&ias_placementId=20343401411&bidurl=https://wiki.returnofreckoning.com/Main_Page&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jd_jk0Mhzhs2EMzcfwDgNG&adContainerId=brand_safety_Z7RuZdDmCPKb9u8PxI2HoAU&cbFunctionName=goog_wrapCb_Z7RuZdDmCPKb9u8PxI2HoAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwiki.returnofreckoning.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwiki.returnofreckoning.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9302098306226831%26output%3Dhtml%26h%3D600%26slotname%3D7706214335%26adk%3D354745794%26adf%3D1210279177%26pi%3Dt.ma~as.7706214335%26w%3D171%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1676302857%26rafmt%3D1%26format%3D171x600%26url%3Dhttps%253A%252F%252Fwiki.returnofreckoning.com%252FMain_Page%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1701753958410%26bpp%3D5%26bdt%3D438%26idt%3D196%26shv%3Dr20231130%26mjsv%3Dm202311300101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26correlator%3D4362551188982%26frm%3D20%26pv%3D2%26ga_vid%3D1322392026.1701753959%26ga_sid%3D1701753959%26ga_hid%3D526164428%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D19%26ady%3D433%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079863%252C31079920%252C44807763%252C44808149%252C44808285%252C44809072%26oid%3D2%26pvsid%3D88014727593511%26tmod%3D1553857455%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CaEe%257C%26abl%3DCA%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D1%26uci%3Da!1%26fsb%3D1%26dtd%3D204&adsafe_type=bed&adsafe_jsinfo=,id:e7fe35cb-8738-e147-8204-88f8bd4328b3,c:vTUPb7,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-594854db75-7nbks,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:grpm1,mtim:3,mot:0,app:0,maw:0,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,tt:rjss,et:12,oid:c5e2876e-932e-11ee-bce8-7a8be380833e,v:19.8.463,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_Z7RuZdDmCPKb9u8PxI2HoAU&cbFunctionName=goog_wrapCb_Z7RuZdDmCPKb9u8PxI2HoAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js

Request Chain 100

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 104

https://ihg.demdex.net/event?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917 HTTP 302
https://ihg.demdex.net/firstevent?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW60Z0yV1JCpk5iZuOm2XAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1

Request Chain 110

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI1MTEzOTczNDI2MjA2NDI5MA%3D%3D

125 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request Main_Page Show response
wiki.returnofreckoning.com/
Redirect Chain

http://wiki.returnofreckoning.com/
https://wiki.returnofreckoning.com/
https://wiki.returnofreckoning.com/Main_Page

24 KB
7 KB

169ms
169ms

Document
text/html

2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e7de0800efbf4e7c5d6802a84e7f68b5906cc0e46b68b97076dc688bc7def16

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8309df1c495f9baa-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 05:25:57 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Mon, 13 Feb 2023 15:40:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qjpjtDxjHbuehyz%2BTu%2FKf0q032EkGKLoGvds8tg6Prz%2BGw32Nn9%2Bdr8cyvdf8ADVeYN2ecMksHQ9%2FUgDDQBTghfoq2c4N7o9q5DhXfcZn6W5g6y5FMSVId%2BFLeit9cWgkfrRE0QBLYO3JE3mGxKeoOnC1e4uMuUZ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Cookie
x-content-type-options: nosniff
x-request-id: 65727ab13146bfdae4e4b526

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: private, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8309df1b48a39baa-FRA
content-type: text/html; charset=UTF-8
date: Tue, 05 Dec 2023 05:25:57 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
last-modified: Tue, 05 Dec 2023 05:25:57 GMT
location: https://wiki.returnofreckoning.com/Main_Page
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IixxVTffJE2gtaF7bNQLrCD%2BQKGwxqFC94lH6UpYflAVvlIUOWFz%2FUYRW3S6Kp%2FxsbMoH5SxWw0HeatOoRB8H4A0i5IRgfFWu3JU6lGMYwA5PEzLBTDie%2F%2B8OgcEiVlL4ZdJDc1yBsajyUoQ1ErUcJP%2Fa37ixcEL"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,Cookie
x-content-type-options: nosniff
x-request-id: eaba28e880e5f6ef75162ce5

GET
H3 200 load.php
wiki.returnofreckoning.com/ 80 KB
11 KB 243ms
243ms Stylesheet
text/css 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.skinning.interface%7Cskins.darkvector.styles&only=styles&skin=darkvector

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a3d02c31b83a7477833108ffe85d26d012fcc3385c3db4a1d8c55dfe45dead8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-request-id: 46c58fc4f1e2e1bc38bc31d4
server: cloudflare
etag: W/"1w08x-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xWwwp4E%2FYzMvlRTZ3zmkpT8PV02QtTw8dpHXrdWT43ckVLfWv5Ef1nz3tewtog9QKv%2FQXMLtFfgZEz2wvru2GV7lW6WPbB6v1SsecYgRywDxxgq9VRE%2FsYzyzb578dq39X%2FZbFHYyhJO2d2rKQISoQLVpAmG65B0"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300, s-maxage=300
cf-ray: 8309df1d5c0e18e1-FRA
link: </resources/assets/ror_wiki.jpg?3de64>;rel=preload;as=image
expires: Tue, 05 Dec 2023 05:30:58 GMT

GET
H3 200 load.php
wiki.returnofreckoning.com/ 4 KB
2 KB 178ms
177ms Stylesheet
text/css 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/load.php?lang=en&modules=site.styles&only=styles&skin=darkvector

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e9ded868de28c6279e355c24e549bbc5076dd5a3c07436dfb697b634f85088e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-request-id: 65df2ac062d4a01bbb2cbb78
server: cloudflare
etag: W/"1nmxo-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdBO7%2BYbm0dLsJjpIuBHeVdeuki2jrp9afLBABETvp0XkXPKrCrKLIlxJFvtkWNG%2Bn3%2B5IbdG9yIOlYieSQ82wAFD8i0vwmkiD8fzfzcfdhxpEI8h%2FTcZk8GBaORj7p%2Bbc3E3pH3Vkag%2BFrBMCXZ3YoHJmOlDJLU"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=300, s-maxage=300
cf-ray: 8309df1d5c0f18e1-FRA
expires: Tue, 05 Dec 2023 05:30:58 GMT

GET
H3 200 431px-Return_of_Reckoning_logo.png
wiki.returnofreckoning.com/images/thumb/9/9e/Return_of_Reckoning_logo.png/ 30 KB
31 KB 38ms
37ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/9/9e/Return_of_Reckoning_logo.png/431px-Return_of_Reckoning_logo.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 502ceab2e9727d9c113a18f5e48a938865ef4c52884e6720fe57aed20aa24823

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=31941
alt-svc: h3=":443"; ma=86400
content-length: 30921
cf-bgj: imgq:85,h2pri
last-modified: Tue, 05 Jan 2021 23:22:53 GMT
server: cloudflare
etag: "5ff4f4cd-7cc5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NyaMDUNxevjJFkPLAbkx1IG%2BRjbjPY%2Fb1vHCMBFTsEK9NQVpvYH1WYXeI0DKXpHcqB3LdQi%2Bqh%2F4eFHd8Bv%2FyzDCvzOn7EUOfEue9TkWTahoL3g3WztQ9d4JQc%2FNZA1I%2FvdqfZj2ArjUyByuwkWVRFmBD2dpubCL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1218e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_quest.png
wiki.returnofreckoning.com/images/thumb/4/46/Ea_icon_corner_quest.png/ 5 KB
5 KB 44ms
43ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/4/46/Ea_icon_corner_quest.png/46px-Ea_icon_corner_quest.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e57911cd8bc28f9819a0d3bfe5fd4b05aaf4d1330ca55a78c427ae3a242fad82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=4891
alt-svc: h3=":443"; ma=86400
content-length: 4784
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:11:41 GMT
server: cloudflare
etag: "5ff74edd-131b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aOzrBZ1VDrfm8dGIlQA5nQDK0HCOBNUsu7Uhz%2FlBxGEvNJXQ4ybc%2BFV%2F6UWEFbpDI9CuKqxzhRYFwsg89kn6obFy7UP%2FK0k%2FIAd25Bi6pNrpbbcy7ZoZGua7%2Fpz%2FQ4mBEdk5D0QQPEGvZaPVloClFiU9Bu26AzcC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1318e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_character.png
wiki.returnofreckoning.com/images/thumb/f/f9/Ea_icon_corner_character.png/ 4 KB
5 KB 18ms
16ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/f/f9/Ea_icon_corner_character.png/46px-Ea_icon_corner_character.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a4b102038a72a3bce751aa8dfbcdc084d69f7703101e33ca6cbf9d7308c363f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450292
cf-polished: origSize=4280
alt-svc: h3=":443"; ma=86400
content-length: 4091
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:16:45 GMT
server: cloudflare
etag: "5ff7500d-10b8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UbDIS3zP4j6KzseWvxNB8dBYx6W9IF3MVWU80E76ddnK5p50xJe0fkE4KWK4%2Fy4kWg7mWv6oS5ouO19rynDufVe7Uthjamrez3RGOM9fL4%2BIcms9E7p2J%2BZzvvgGfNViAtd5iKuxZ42RdTQlcQ7r2NvjWa%2B4p1ae"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1418e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_spellbook.png
wiki.returnofreckoning.com/images/thumb/6/69/Ea_icon_corner_spellbook.png/ 5 KB
5 KB 19ms
18ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/6/69/Ea_icon_corner_spellbook.png/46px-Ea_icon_corner_spellbook.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f41f21b2aa71d59971a9127af5e708081a8cd838e0b9402c52c13504a048957

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 584083
cf-polished: origSize=4886
alt-svc: h3=":443"; ma=86400
content-length: 4811
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:24:34 GMT
server: cloudflare
etag: "5ff751e2-1316"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0IETpUWaXKO8n8SPTJligDXBr88Qi14fXQ%2BSMMJlsQLPNVc%2Bi5WXHxKnzqRJD2%2FBf3MX3mKZy5ZfZX%2FqnqGYXw%2Fz0t8TLLzMS2R38mkTXbg06hAm0w5sZ0P%2BOVYFEDIvj0InXIV%2FL2WBmOQtoDnnk8CFMGoZ7E48"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1518e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_help.png
wiki.returnofreckoning.com/images/thumb/9/9c/Ea_icon_corner_help.png/ 4 KB
4 KB 23ms
22ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/9/9c/Ea_icon_corner_help.png/46px-Ea_icon_corner_help.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdd05deac929021f9fb85923a579e57472e883e491dc4460150e6af677d803d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1944432
cf-polished: origSize=3772
alt-svc: h3=":443"; ma=86400
content-length: 3585
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:11:41 GMT
server: cloudflare
etag: "5ff74edd-ebc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xGFVb2GRKNz9Rxv84RT4X8Au0NI%2B249S4wUC54TJCViHRkRII32VAG8q3JXpNLOfOq8ZiL4pBoRVHu5agC469ljoIolzoTiHj38qK9O27AGe7ZWACJMn2FdByj013I5glqbTalf8uV0a3eaBzCZzInKDLRSWkw9Z"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1618e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_rvr.png
wiki.returnofreckoning.com/images/thumb/7/7c/Ea_icon_corner_rvr.png/ 4 KB
4 KB 45ms
44ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/7/7c/Ea_icon_corner_rvr.png/46px-Ea_icon_corner_rvr.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4b6aedefec8a8c951593dde14beeb12c18bcbb2681d1d92906c34a6aedae1f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=4172
alt-svc: h3=":443"; ma=86400
content-length: 3913
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:11:41 GMT
server: cloudflare
etag: "5ff74edd-104c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftMC1rjzwdHhZbxOXEU%2FVwxoLuebX0pUdamHQ9KWI82%2FAviOgvMWlmKFMdnwlb3XH2NfPYxSwdRXsiGLlixgnf8MYxKC4qW7z3KJmhY%2ByNpcdnjrovQOusqtBS1gKnahnLSK4Co7P1%2Fan%2Bqs3cZ9gIzauEp6kiY4"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1818e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_cultivating.png
wiki.returnofreckoning.com/images/thumb/8/8b/Ea_icon_corner_cultivating.png/ 4 KB
5 KB 46ms
45ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/8/8b/Ea_icon_corner_cultivating.png/46px-Ea_icon_corner_cultivating.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0ac1f9971d9399e3e626ba42089bffccb2969f050bce5f3505d6233b0658894

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=4328
alt-svc: h3=":443"; ma=86400
content-length: 4269
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:13:49 GMT
server: cloudflare
etag: "5ff74f5d-10e8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWnCwy%2FjHIy5XMtbbkjwIDw8mxqG9x%2B%2FrO6SZvKAfOmooWRrzg3d9G5NKMX%2Ftbgexcrxdig5L32STg5SL2o%2F%2BtB3ht%2Be9ktGNWGIgL5uxE1H1xPHYZJcARqNMS%2Fm7d8S0losEH2%2FYMee6Vfl0WSO27FUPpm3UciX"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1918e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_customizeui.png
wiki.returnofreckoning.com/images/thumb/a/ac/Ea_icon_corner_customizeui.png/ 3 KB
4 KB 21ms
20ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/a/ac/Ea_icon_corner_customizeui.png/46px-Ea_icon_corner_customizeui.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5da279c9b6d0f1d8cc0ce5840350f404ad161a82d772d51eb09c762851901973

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450292
cf-polished: origSize=3214
alt-svc: h3=":443"; ma=86400
content-length: 3138
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:12:24 GMT
server: cloudflare
etag: "5ff74f08-c8e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGglzdPRqNAEUp8QmaSZzMDz5BXjessba9dX3rRGnexYckA0afpxxBsH9fCi7UJSWA04wk6y7u4tGifr%2FD21%2FURUhGxLjn7kCs5cbr0CL61o9xqv7JdUO1na%2Fs9%2Bz5QjxeKVMVYTSOY09nJyeJz1bTx1ESracbuG"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1b18e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 46px-Ea_icon_corner_mail.png
wiki.returnofreckoning.com/images/thumb/a/ab/Ea_icon_corner_mail.png/ 4 KB
5 KB 25ms
24ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/images/thumb/a/ab/Ea_icon_corner_mail.png/46px-Ea_icon_corner_mail.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f392288477b416424d96ef0c5a08f2d24d9936dea70eb29b2cad0ef250e353f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 232741
cf-polished: origSize=4453
alt-svc: h3=":443"; ma=86400
content-length: 4367
cf-bgj: imgq:85,h2pri
last-modified: Thu, 07 Jan 2021 18:11:41 GMT
server: cloudflare
etag: "5ff74edd-1165"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5t%2FvnSWMNgWVM3fgD56%2Bb3u46QFAg%2BRZCPxThIy2DxTPJlhm1pyoTuqhd%2F012AvCAxzuU5B48GVyU3bCwcWXuHspx5vJ7og1B1DB%2BleOFP9c7L%2Fokns5UzonlQ0ZCzpydjSoA92B8HK%2Fah3lOjBT1UPWq5gTspvH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1d5c1d18e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 rocket-loader.min.js Show response
wiki.returnofreckoning.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 12ms
11ms Script
application/javascript 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65660ffd-302c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mMQtqv27ILbKaVtH6rstdh5FmuPrDcprmB7XnPLiHwqsl1RFQjzk2fqnibaFEQC8opJciqByMK4Dn6xIXvN%2BQMvIy%2BucyXRDJieeTw1fTlIKsAfdpUxVj6hpQcaXCND9T%2BBuENzDJWVvYgQ9k5qfS1I7LdnKH8FX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 8309df1d5c1f18e1-FRA
expires: Thu, 07 Dec 2023 05:25:57 GMT

GET
H3 200 ror_wiki.jpg
wiki.returnofreckoning.com/resources/assets/ 5 KB
6 KB 17ms
17ms Image
image/jpeg 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/resources/assets/ror_wiki.jpg?3de64
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff22ab6094533b3d20eb158046fa8b587f0ae249af11c8df7ae60d29231bb4a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2135996
cf-polished: degrade=85, origSize=25164
alt-svc: h3=":443"; ma=86400
content-length: 5177
cf-bgj: imgq:85,h2pri
last-modified: Sun, 03 Jan 2021 16:43:55 GMT
server: cloudflare
etag: "5ff1f44b-624c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qUZ89KvABvIS8W1CLo0GQLPrbjRvJSE3XffWb%2FF6rF4BnLRaC5KkwUv%2FTLGp7p%2FPMHzbApt0DwOow%2BO1bEXvtv7bmzlnJAMX8evZ32aw9VueQ%2FOS9zILdZR5EvsrhYFjXwOkHVQed0egSFKgJunP%2Bq991PVZNDYS"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1eed2218e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
51 KB 126ms
104ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

479033ae51a8aed3b896d7d61943b87bc92d61c324bfac469c7254ca39b6b20b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52003
x-xss-protection: 0
server: cafe
etag: 17732610830486250134
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:58 GMT

GET
H3 200 load.php Show response
wiki.returnofreckoning.com/ 35 KB
12 KB 739ms
739ms Script
text/javascript 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=darkvector

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42dc9ee1c4ce49acea179f6c8c858fde08ed43ae24028dd33278b1d3eed00559

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1hmnv-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HyhW14pskL9dVC8%2BB2a%2BhFNGQeyM61Z7JaOxaRM1JnrqD%2BASEdigaZF6bd%2BiftEVMerV93VCyjD0GW%2BV02K1p13N1xDh3zvms016uqaNmu8CVxPUvImOdBlUvYnEnlpvzYsrZCv3LWKSf7exyki7qPs%2B9qYirYyx"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=300, s-maxage=300
cf-ray: 8309df1eed2918e1-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: 7494f592f883fb9269c7e2ba
expires: Tue, 05 Dec 2023 05:30:58 GMT

GET
H2 200 ror.jpg
www.returnofreckoning.com/forum/styles/dawar/theme/images/theme/ 66 KB
66 KB 31ms
17ms Image
image/jpeg 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.returnofreckoning.com/forum/styles/dawar/theme/images/theme/ror.jpg
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/load.php?lang=en&modules=site.styles&only=styles&skin=darkvector
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70c859431ed8e242967e93868b7496e153e7f9237513c9e0fb6184328127b263

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 357342
cf-polished: degrade=85, origSize=133664
alt-svc: h3=":443"; ma=86400
content-length: 67505
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Sep 2023 21:21:18 GMT
server: cloudflare
etag: "650b624e-20a20"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m1HZVszu3Fc3X1ZT9RdBywiovuOQ%2Fjr489k4gs4pFkcpBxWVnJb4EP8V3Jxh8mmBeUqkB3GIm9Bpzd97DDDecvFt61VWnidEsq9KDFStXDQLe8T1F%2FMAvIBxf9TARjTzkP3LLFSB5pOu1IcLwZxzhZ5kcK8jzFQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1f0b189baa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 tab-break.png
wiki.returnofreckoning.com/skins/DarkVector/images/ 125 B
669 B 17ms
17ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/skins/DarkVector/images/tab-break.png?2df0f
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.skinning.interface%7Cskins.darkvector.styles&only=styles&skin=darkvector
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea40f4f405204f6403c97a6ad2b2f06ba2bfe2fe42e85ac28a9d59ded147721f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.skinning.interface%7Cskins.darkvector.styles&only=styles&skin=darkvector
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 586346
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 125
cf-bgj: imgq:85,h2pri
last-modified: Fri, 23 Sep 2022 22:02:26 GMT
server: cloudflare
etag: "632e2cf2-7d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xe7YYktdTSmSKelDiHa%2BNT%2BZWf1dMIdNSWLj5oTEDvVLA5VwWBMNbcM1QLSgzkFertC060rYb7JMkuDt9ydhMwLArCPGpQ9okxJ19jAVuecabAX%2F3ctSd1xd9XHGqhAH9F63Ted0uo1pUV5CVmC7m7yRqn65HZSo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1eed2a18e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 search.svg
wiki.returnofreckoning.com/skins/DarkVector/images/ 219 B
674 B 17ms
17ms Image
image/svg+xml 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/skins/DarkVector/images/search.svg?7a80f
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.skinning.interface%7Cskins.darkvector.styles&only=styles&skin=darkvector
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d83b0c995f47d465d9c2e9ba76c14eb6e8f501f9b855b3a5974e67c55c1e5ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.desktopArticleTarget.noscript%7Cmediawiki.skinning.interface%7Cskins.darkvector.styles&only=styles&skin=darkvector
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 23 Sep 2022 22:02:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 2285706
etag: W/"632e2cf2-db"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXEVuPOwDLidzddpOOUjwYuixJvUKBRdfPrgW6twXcoY4jgi1%2BLaeD5bQ0Jy6ZQ2UmjkmGNJhvLyJQV1UNv2jNwpz1ytvKpnbv1zaMHewCKhqEh8OD1JWoPlR5mCzpxqvnciPjWA7GcPmSrpZa4%2BV5MeesvBW0eH"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
cf-ray: 8309df1eed2b18e1-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 poweredby_mediawiki_88x31.png
wiki.returnofreckoning.com/resources/assets/ 3 KB
4 KB 17ms
17ms Image
image/png 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://wiki.returnofreckoning.com/resources/assets/poweredby_mediawiki_88x31.png
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9646faa910bf46eb34358bfb94ca36d267cfb8129d182caeedb7720d28ec8ceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 427436
cf-polished: origSize=3839
alt-svc: h3=":443"; ma=86400
content-length: 3412
cf-bgj: imgq:85,h2pri
last-modified: Fri, 23 Sep 2022 21:57:58 GMT
server: cloudflare
etag: "632e2be6-eff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3VCLIyNAK2xMmi%2BUj%2Bmh5B6XLVLIBvMpQiqMElGTdK01JkmABm8arvoSIEkY3kZRBOcQxbvzpCWvG1Anm7SL3snUDs8eRLhGYmQOoqt2zHkzIeSJobHePyRtLVxckhnTr3BHGroEfUZBoKK5Hs6sGArSWi%2BDrVc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8309df1f0d3918e1-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ 398 KB
135 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7e263e007442c865f82623cf2a5528838f601145efd94e6559e1c005003723b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137568
x-xss-protection: 0
server: cafe
etag: 11068386907086954537
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:58 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231130/r20190131/ Frame 5173 9 KB
4 KB 8ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231130/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 11984
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 02:06:14 GMT
etag: 12051592065903069241
expires: Tue, 19 Dec 2023 02:06:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 56ms
42ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://wiki.returnofreckoning.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1037 26 KB
11 KB 398ms
398ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95cb310b793f324e82e1b24449a1d56e116e207a8b8491990afe5d59f315cee2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10773
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
expires: Tue, 05 Dec 2023 05:25:59 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 55ms
55ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231130&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

89c1b1f5c741dfa102098707129994f4903286d1350d17c1c6f705cd572e1fe9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12371
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 26F2 315 KB
90 KB 706ms
706ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&adk=1812271804&adf=3025194257&lmt=1676302857&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958427&bpp=2&bdt=455&idt=193&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&prev_fmts=171x600&nras=1&correlator=4362551188982&frm=20&pv=1&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=198

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05033dca3f70cfb136413f0b9c8fdc66c940a595411a0ab6adc3eb3817752f0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 91977
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
expires: Tue, 05 Dec 2023 05:25:59 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 43ms
23ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 05 Dec 2023 05:25:58 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 42ms
41ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://wiki.returnofreckoning.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3D74 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 26729
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 22:00:29 GMT
expires: Tue, 03 Dec 2024 22:00:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7789 829 B
1 KB 37ms
16ms Document
text/html 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c3c65e8c0bf0810f493253701a2cef5c578d962c55e7e6307d69128f6e13c27d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bq3lRkSydWG8r1baUe5Hdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-bq3lRkSydWG8r1baUe5Hdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:58 GMT
expires: Tue, 05 Dec 2023 05:25:58 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 3D74 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 21:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 21:09:52 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7789 0
0 41ms
41ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231130&jk=88014727593511&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3D74 0
10 B 6ms
6ms Image
text/plain 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?m9bi5A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 load.php Show response
wiki.returnofreckoning.com/ 61 KB
18 KB 111ms
110ms Script
text/javascript 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.visualEditor.core.utils.parsing%7Cext.visualEditor.desktopArticleTarget.init%7Cext.visualEditor.progressBarWidget%2CsupportCheck%2CtargetLoader%2CtempWikitextEditorWidget%2Ctrack%2Cve&skin=darkvector&version=ehfxs

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=darkvector

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c527305b71aee5a8d7d7f5191ce033859c13dd381e51e723a7e37d5835e02857

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ehfxs-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bNFBS8Ftw2LWHzgUZWr10tGy1y5nbrFGTD2IA5JUiwLCpo3FEy8B6lqGcTzX0swFcHblftnlADRmC2YZKRm7uXuv5UqyiybDWnKkwlTUMhrmAZYM6k%2B87B%2BgxyD8B2aSpRz95ZH1cK5zlPZVIE707%2F2xOBDOkScW"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=2592000, s-maxage=2592000
cf-ray: 8309df23980d18e1-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: c86863bb3ba9c60cbdbad8ff
expires: Thu, 04 Jan 2024 05:25:59 GMT

GET
H3 200 load.php Show response
wiki.returnofreckoning.com/ 303 KB
88 KB 159ms
158ms Script
text/javascript 2606:4700:20::ac43:4416
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wiki.returnofreckoning.com/load.php?lang=en&modules=ext.SimpleTooltip%7Cjquery%2Csite%7Cjquery.client%2Ccookie%2CtextSelection%7Cmediawiki.String%2CTitle%2CUri%2Capi%2Cbase%2Ccldr%2Ccookie%2CjqueryMsg%2Clanguage%2Cstorage%2Cuser%2Cutil%7Cmediawiki.editfont.styles%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready&skin=darkvector&version=wo2ep

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=darkvector

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:4416 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41b6df75a259d0930bc341f3a09b8009c5665573e4a5a69fb8089a267da491fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/Main_Page
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"wo2ep-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Xtl77oP3ogTKQhRYomC3DsNjsro%2F2pKehgHOzxxyRnoG61qv7%2BzqqYol%2FpjaxW9JVxYUABx5jjq5gcVX4YTKJI96IWU6HObfBQUFV7jLx2UxytehgUOObLGtBL1v2E8qJkvoQtButCEI6Ug7voMgkF2v6%2BfQ0w1"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=2592000, s-maxage=2592000
cf-ray: 8309df23980e18e1-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: 9863a960f328042bdeac780b
expires: Thu, 04 Jan 2024 05:25:59 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 855E 624 B
246 B 48ms
48ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUDJo7ndofKRdjWhss9PmBB6bGkyqqTs82vbNTm1MrZzyN4dGhHMeFRtHP1KYPr5TzP1QBoAPVTbhpk_gNCUePYfZjfGBdxfdc8-ouQiRynTfP1LlKY22PXzmGmhuTqmJV3BnQeCM9L54wRsH04uP0l8roagsah-uSTtstIl3E6CU-H8b8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
expires: Tue, 05 Dec 2023 05:25:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 81E9 89 KB
31 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame 81E9 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 22:00:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame 81E9 20 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

240ed2cf95df9fa682cc2a820a6681e8faa474dcd678ffbe844351ccbda9bb6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:01:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37463
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8549
x-xss-protection: 0
server: cafe
etag: 755982428571291914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:01:36 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 81E9 202 KB
64 KB 42ms
21ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dce4158779dce6da3ede11337029f817a03f45c9559b1f91d8a7c5ac130f38c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65147
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701694399686299"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81E9 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AhVzylEV-aqLR49DcFcNH6IA9PoEmLH0ZUW48RMs2zWOqhKdP_h6_n-L_23lC5XjlIk40rI7FxXT61n_el5JLhB8cXtxfr5SlyPHaEhYx9paLmSFM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81E9 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8145119924468&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81E9 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8145119924468&version=m202309260101&ct=76&x=1&cor=2140901434836385000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 81E9 107 KB
41 KB 49ms
49ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfC9tYHfnlDIB0728g4HDbJdK39JAKteLm5_8sAE5RNZa1jnk5WtRkrcb7a_n36meT0BBsSqdVNGvmhED3gUUjmiwbMFy06gx9VvP6UHjt-Z97DOqc7hDnBRHlRhrQnOW4jO2YaU_F6-JT1DAoY06Uic9p2jhGZipXB9kxmxOGohoTQec&dbm_d=AKAmf-ApKRWHhZvd6Q3LgwyvjBd0LfgBp_-uwmXYoZJonACxP_ROFsRpq7YUIobgk-ReDJbUK9GVfOovKwTHqAGl5EvdUCITQZNI04bUbmLzQVldyd6YWMGfc0Da1C-g46rM0yM-nYWnRBcufEYJcHgR-KEWdZyXmYyHxWadEK2ZyQ7AQr1Lk7KztnRlObLnfoBvrigq2vuS9e0z7UszhzNOBub7AbJFXG8aLU2Y0UwqlVjlWF36A73P7YxBl9KxpVrfKKsgZxE4RDWa5FIRg69QquARI_0bw6VSd_mFsITDegaw5w7uxdjl6CYaRSyaU7LF8uXc36K_KrLBu42nQaBuX9YV3s3hcTLbNIMkYBdnve0HCipjWAWvZbl6DEPlm56ZiQx50I3E4sftuW8l32Z8cR15N9Kq7dvxX2qSo5dB6nc8_m2adpV5qail0wlPaIy6CJ2QbSFZawZ-MDPkcVWVL7g5FyRGFLiloOiOyJCB-2TxW8s2aqx0REyw9JW4-rhGlZOcMffGQeysUbpw81pluoRxVBMseztBSpSuYZDJKwVgphBf11eOmZFN8-TuLcrxJPbKzyfMrbVqTLdlJ9Pxn6XukhWlIPMb2rcskuVW6I4sT7PX5ikxmgRSrIxRRrZaTPPD6O22ZSjnZ-T7dFmslQ6JF4OC5hDqoo5j0g_od30qXytKik9YLUCg97nmlr0jOQTpDlST6-QUwm4_2af4Bim4lhinVFC9RNEYAKgkHXzj-5CVVVwADQz-eTfafUhBfoafoI95c9zrWnCwRsy2TfMHTmMcdY8HusmJaQsXGcGWPYvfjd0769LZiB6H2PpBQyNo2SGrIFXEa7D6-ZhzhdYZbLefuzhbNwDbVo3kQ0yeKT3FIHG88eDft-42CyQUnV9uGobODU4x05KhLg04rpZhtM3AWPk62InqzF2chL7KzqA9m6burSHYvoq2t7Fo0UpxtMGEgmLd6__QeZXjQh4FgO07kJzVePyvUfrojIT3taabdOudQXNZjL8xq1XjMxlSr1q6eoZ7TKFEc03IHXTx2ZVf9wydW4V3N17yuhivLOe5qQlpJHDhFVvBymCIAUbMPpwXLHfEWwS-4FFMneW6V3Oj6biaW2cpK07qo_vHMa6vWq28upTbXjGIVX_Tuzj4Ah3eqJrCw22aJuhyKa6H-_uCKvFFt6CuFA7xj44KkYaOEKx1beViFsrTHEvg1Muco9zf6Ucl-7u618fuxjtrlR0EaXBiTtEfR8ANOEM82kYY_W-DTkp57d2NA5KZkA3ylGhl8-Aij41IsrUiZp2siA3cQeaYmjfkxtMNRJfp2zQMIIWiZkXjS4wiJNjtVcLea2hHMVH8Dj0DG0bZbaBbvT1qvQKHgYrqPlHtwy3XvvpM5Vj21wE0P3mv5-A94od_sRu8AuHI96eIwIuc6FGrbjD48qT9w8Xjcko51BKBUZdP7OQmXqZ3faigbcKUEG2McOvqOWos3XsQYrdSrfP_Dea8VBXf9g0S2DQQ9OHIWJZtC_hpqKMCUHxOrIChJcmwnJb2sGfJR8mnBakOuqltcHXLWxrIdxrT97WUeQuxsnbSXOLfTWMPsQCLvUjKUCvD74BdnAv2mxKy5b4GQzzRerTQS4IgA8l00y4tkb6CHiKafDLAYlEdIN9-hk3OnExEgZtynp2ivSJmD7i71LQfk-PrSuDQ1s7YKSMlxC-wQvnYFWBDt5AfqXQEFwCkvpIekLoZmqLtSDBhyIpX6HA2XA3LGO5sbRJeYqL7rLq1HoevvLOGZgwZzNBGAIclT0wNrUm3hIOw8SDBEiCTVeL5rzoKJM3nfl39gtvpj8-3V3CiOZBlt5UFSTHW-powHw-pAGBRmg3ckUFO8N2_Ps7fKGgEIg6Zm8eIAj9dDjFX4vIzYvV8c4IRFfCi7LSLj9KQdht4MHap7e18KBxmjAUtPe80FRYQJsyK6EhOrRNEf78vzIrj6irPulmoe6gHE6dvTbqmfDNBnNvTONiA03AfLzM4WMuEy0SZtibefyb1yB-PKpqc7Nxv28mEsWZrsSG2dvHQXVXBvCBQTi5Rx3BpTWlTTSyvDFJD8tvZbDBkOnLJVJtCPibSrahNFrZunGWnkNzRE-NcK-eDbqZezLdk6yTqfDSVZ1mnUMKmhGpGl7yDS7oVMnkPU7x79YFWR7Er5Zwf69-H0flpHrtKcu5mej_snax4F-jvmd5b-GqIn_CspprgEQ3bLV4lzSR0BDwMgzpQElNdt6tJ0cmh_zXoRy4xvxr6V5h2tmYZevrloiW67MgH38o6AOAmx2syXhIaf9vWq6eLroD_bNFh3SGqqmF_D2UZk_SgFZQ0hrEuSowtdT5JOKGKU-B6k8qXuI7VBfbHk-YogBRqpkt5KKqxebf8K7rmHqxlL5xBLdvor88a7EWexVRo3JlsJnIeaHnpvxrDbzUolhjDtlIuZx8UfGkga4XiKNWCwWeM8xCoVzX8Q-VvW8UuuzxEFwW3BZtwen4TvFHLDjFhLMpau152Sqk2s6R5ZvoEnQKnccaAX5wFHigww38QNq70HgwILBAulO1s7rgIc-DIbr2BeOgLkjDq8bY66ghaSJjKuxN2F6W6BAnOfrtx-uV8m_0Q4Zm0eu2kziXOJvxoYeDV8Mkj2zGOqt_d6MJeGKY9W8HNpZssIfZT-aO__s1IAAxApD0yIe6qUU_5Bd5H_OSC1djRzlZMwbg9Bh3AkuAXCDOOVds4S8LySMoD5UnItRMjJ207qdcoS7XMrh1hmTsaI8fMHpte4ekkJupp-jVt_mwKX5viC2zNBN0gKuA4TcZA9zlwkzCFQ9JV6fjS6Q_cY_Lb-b6-4OG5myogubVtIGcFF0CuUXZ1gnE9gNu674fHcqSPGkVaXULnz44lbpu3OwY_Spr6saMAi3JsI5nZcXlxWZagsXlT8rYAXzZAouc4Z-Nw0OdhWjwgkk7Ge9SeCso3GuaQArMi97EOJup6BTc5IrUhZa6_lyCnM4E6vAz85zf9bPyuH8zFZPFmHICQDUrpvV5GGlDsvvJZ9efdQWgLpSJ-fndKUKp16pnuh5EIN_I2wl3wwRVKqByCvmXFugRcDbgwQrmr_DnTJRogxusycPegDqNNIz0WFbLh_mY1105lcC-qWdWwpyE296dNMqUcTAYXqN-zCdMwPIvIT-PWzwpzHraF-vJxZx4GEJYJlyMPzOzRr4XgJ40dvY__ZQB_rZjbw5pQLkQLPW705s0v9yi7t6JHQdoIAyvy0AjIzdXmwNbdsbq99WNyRMP9hA1Pjn-TTCZauVuhAFZ_mrR6e8LC2ATc6kpwEcu9A7YiDw0jJgnIkeip-w7udYu3nICF61_JECz4XvbJw7WeJ7oMpZOZH-4YKf7GHcJ99hNL01gLj7Js2rl6piptMuLAdtwliVmrxlPrT-sJ1BL39fulps7m-hykUu7b3-zhNCoaMR4GjRLNf0BVfF-baq6SKFeBSF5l7xiqgmOkbOkIek50iyK4ea_6m8yfc8ziHE3V4NyVl5sPjCBd_EdHLys1pOoXeuBy0Cze29FYtaRtYl2Igpf0yVe86sZ9hjP415y_bRE06NZAvEMM3LprPj9jHkLXsmCdfaE1CwXDkJQCuXX8Pyqn0Afo5eNE9fFh8u2ZDBdrD7ah3LBAWAyS0HiC8lhUUecIGeiXnxQe8PUy0OqV504EQ2GtdVe479lPBnROlKPgKjBu3gUKa3x2pYTI53NUIju_84BeBDSElJ8yN7DO1c3wC6dNnjsQy1ye0Rug_Iv389qDtHORMzDhPiTXBevPGsAbd3T8J33NcTr0I-RuSrtDCCL_mTtoLQ9OT84Sxz4Kcapx&cid=CAQSTwDICaaNAfH1XrcXtWQCkOP8yKy6szM7BdAC7HweKYZUuVDYrtGnx2IEXN3ebXk9ocHS5LyB_mhG2RKT8OnbTUpM2ZvDbOyzik0dx3DhJjUYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwiki.returnofreckoning.com%2F&ds=l&xdt=1&iif=1&cor=2140901434836385000&adk=2307692974&idt=87&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c24f3d8f3dfcb28322f4d411d2f0d48c7313dd91817bff0886e6e6164299421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 855E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

43 B
333 B

24ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUDJo7ndofKRdjWhss9PmBB6bGkyqqTs82vbNTm1MrZzyN4dGhHMeFRtHP1KYPr5TzP1QBoAPVTbhpk_gNCUePYfZjfGBdxfdc8-ouQiRynTfP1LlKY22PXzmGmhuTqmJV3BnQeCM9L54wRsH04uP0l8roagsah-uSTtstIl3E6CU-H8b8
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HB%2BvrSRvporIqk2u7cWP5MSgWb6YjFlSy75MmJqMu4PKDbJxMqUpAT1pLRe5eiQxLMxT5FV3OsODiaqPQlUjmzoTD24tm1vCoCj388cnaSrKEGRqGm16YOInVFuUg9g0VxW9Vg0jc0n2YA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8309df253c1f996c-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 855E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW60Z0yV1JCpk5iZuOm2XAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

43 B
767 B

25ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUDJo7ndofKRdjWhss9PmBB6bGkyqqTs82vbNTm1MrZzyN4dGhHMeFRtHP1KYPr5TzP1QBoAPVTbhpk_gNCUePYfZjfGBdxfdc8-ouQiRynTfP1LlKY22PXzmGmhuTqmJV3BnQeCM9L54wRsH04uP0l8roagsah-uSTtstIl3E6CU-H8b8
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwA3cxK1ruzhAAwgRyYx9Zs311Z1MjlvXb8XL4KDp2EQ3O%2B5CY5lKj0SKiTymdpzSJF7Y34Ut3MLcNw%2BCIXNCAXrUxXETN8hIeCOrrUPbJDfl5r3he8MN1OOgfYbsHUzcsUUcqb3FQx6pw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8309df257a5c18d2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 855E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMXhP8VNkeLg0StMewLv1sQ%26google_cver%3D1

43 B
893 B

14ms
14ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMXhP8VNkeLg0StMewLv1sQ%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKOMxDkyTkYpq39xAEwAQ&v=APEucNUDJo7ndofKRdjWhss9PmBB6bGkyqqTs82vbNTm1MrZzyN4dGhHMeFRtHP1KYPr5TzP1QBoAPVTbhpk_gNCUePYfZjfGBdxfdc8-ouQiRynTfP1LlKY22PXzmGmhuTqmJV3BnQeCM9L54wRsH04uP0l8roagsah-uSTtstIl3E6CU-H8b8

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
an-x-request-uuid: 53d69e58-1713-4a14-a49f-9cace62885c9
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 80.255.10.203; 80.255.10.203; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
an-x-request-uuid: e583b09d-f149-42e5-bb0f-d0c7f86e4c54
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMXhP8VNkeLg0StMewLv1sQ%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.203; 80.255.10.203; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 855E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NDgyNDcxNTc1NjU1NDUzNQ%3D%3D

170 B
243 B

25ms
25ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NDgyNDcxNTc1NjU1NDUzNQ%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
an-x-request-uuid: 6b12a493-a79b-466c-9022-eda5b42b7271
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ0NDgyNDcxNTc1NjU1NDUzNQ%3D%3D
x-proxy-origin: 80.255.10.203; 80.255.10.203; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/987057/61527764/ Frame 81E9 256 KB
77 KB 111ms
32ms Script
application/javascript 34.247.14.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/987057/61527764/skeleton.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-9302098306226831&ias_chanId=1&ias_placementId=20343401411&bidurl=https://wiki.returnofreckoning.com/Main_Page&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0jd_jk0Mhzhs2EMzcfwDgNG
Requested by: Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.14.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-14-54.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 0e84b494346c7a19da3fffe6e54955239cdffbb7c09a2fa1f07aa5297dd73cd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 81E9 111 KB
39 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34473
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/ Frame 81E9 11 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DfC9tYHfnlDIB0728g4HDbJdK39JAKteLm5_8sAE5RNZa1jnk5WtRkrcb7a_n36meT0BBsSqdVNGvmhED3gUUjmiwbMFy06gx9VvP6UHjt-Z97DOqc7hDnBRHlRhrQnOW4jO2YaU_F6-JT1DAoY06Uic9p2jhGZipXB9kxmxOGohoTQec&dbm_d=AKAmf-ApKRWHhZvd6Q3LgwyvjBd0LfgBp_-uwmXYoZJonACxP_ROFsRpq7YUIobgk-ReDJbUK9GVfOovKwTHqAGl5EvdUCITQZNI04bUbmLzQVldyd6YWMGfc0Da1C-g46rM0yM-nYWnRBcufEYJcHgR-KEWdZyXmYyHxWadEK2ZyQ7AQr1Lk7KztnRlObLnfoBvrigq2vuS9e0z7UszhzNOBub7AbJFXG8aLU2Y0UwqlVjlWF36A73P7YxBl9KxpVrfKKsgZxE4RDWa5FIRg69QquARI_0bw6VSd_mFsITDegaw5w7uxdjl6CYaRSyaU7LF8uXc36K_KrLBu42nQaBuX9YV3s3hcTLbNIMkYBdnve0HCipjWAWvZbl6DEPlm56ZiQx50I3E4sftuW8l32Z8cR15N9Kq7dvxX2qSo5dB6nc8_m2adpV5qail0wlPaIy6CJ2QbSFZawZ-MDPkcVWVL7g5FyRGFLiloOiOyJCB-2TxW8s2aqx0REyw9JW4-rhGlZOcMffGQeysUbpw81pluoRxVBMseztBSpSuYZDJKwVgphBf11eOmZFN8-TuLcrxJPbKzyfMrbVqTLdlJ9Pxn6XukhWlIPMb2rcskuVW6I4sT7PX5ikxmgRSrIxRRrZaTPPD6O22ZSjnZ-T7dFmslQ6JF4OC5hDqoo5j0g_od30qXytKik9YLUCg97nmlr0jOQTpDlST6-QUwm4_2af4Bim4lhinVFC9RNEYAKgkHXzj-5CVVVwADQz-eTfafUhBfoafoI95c9zrWnCwRsy2TfMHTmMcdY8HusmJaQsXGcGWPYvfjd0769LZiB6H2PpBQyNo2SGrIFXEa7D6-ZhzhdYZbLefuzhbNwDbVo3kQ0yeKT3FIHG88eDft-42CyQUnV9uGobODU4x05KhLg04rpZhtM3AWPk62InqzF2chL7KzqA9m6burSHYvoq2t7Fo0UpxtMGEgmLd6__QeZXjQh4FgO07kJzVePyvUfrojIT3taabdOudQXNZjL8xq1XjMxlSr1q6eoZ7TKFEc03IHXTx2ZVf9wydW4V3N17yuhivLOe5qQlpJHDhFVvBymCIAUbMPpwXLHfEWwS-4FFMneW6V3Oj6biaW2cpK07qo_vHMa6vWq28upTbXjGIVX_Tuzj4Ah3eqJrCw22aJuhyKa6H-_uCKvFFt6CuFA7xj44KkYaOEKx1beViFsrTHEvg1Muco9zf6Ucl-7u618fuxjtrlR0EaXBiTtEfR8ANOEM82kYY_W-DTkp57d2NA5KZkA3ylGhl8-Aij41IsrUiZp2siA3cQeaYmjfkxtMNRJfp2zQMIIWiZkXjS4wiJNjtVcLea2hHMVH8Dj0DG0bZbaBbvT1qvQKHgYrqPlHtwy3XvvpM5Vj21wE0P3mv5-A94od_sRu8AuHI96eIwIuc6FGrbjD48qT9w8Xjcko51BKBUZdP7OQmXqZ3faigbcKUEG2McOvqOWos3XsQYrdSrfP_Dea8VBXf9g0S2DQQ9OHIWJZtC_hpqKMCUHxOrIChJcmwnJb2sGfJR8mnBakOuqltcHXLWxrIdxrT97WUeQuxsnbSXOLfTWMPsQCLvUjKUCvD74BdnAv2mxKy5b4GQzzRerTQS4IgA8l00y4tkb6CHiKafDLAYlEdIN9-hk3OnExEgZtynp2ivSJmD7i71LQfk-PrSuDQ1s7YKSMlxC-wQvnYFWBDt5AfqXQEFwCkvpIekLoZmqLtSDBhyIpX6HA2XA3LGO5sbRJeYqL7rLq1HoevvLOGZgwZzNBGAIclT0wNrUm3hIOw8SDBEiCTVeL5rzoKJM3nfl39gtvpj8-3V3CiOZBlt5UFSTHW-powHw-pAGBRmg3ckUFO8N2_Ps7fKGgEIg6Zm8eIAj9dDjFX4vIzYvV8c4IRFfCi7LSLj9KQdht4MHap7e18KBxmjAUtPe80FRYQJsyK6EhOrRNEf78vzIrj6irPulmoe6gHE6dvTbqmfDNBnNvTONiA03AfLzM4WMuEy0SZtibefyb1yB-PKpqc7Nxv28mEsWZrsSG2dvHQXVXBvCBQTi5Rx3BpTWlTTSyvDFJD8tvZbDBkOnLJVJtCPibSrahNFrZunGWnkNzRE-NcK-eDbqZezLdk6yTqfDSVZ1mnUMKmhGpGl7yDS7oVMnkPU7x79YFWR7Er5Zwf69-H0flpHrtKcu5mej_snax4F-jvmd5b-GqIn_CspprgEQ3bLV4lzSR0BDwMgzpQElNdt6tJ0cmh_zXoRy4xvxr6V5h2tmYZevrloiW67MgH38o6AOAmx2syXhIaf9vWq6eLroD_bNFh3SGqqmF_D2UZk_SgFZQ0hrEuSowtdT5JOKGKU-B6k8qXuI7VBfbHk-YogBRqpkt5KKqxebf8K7rmHqxlL5xBLdvor88a7EWexVRo3JlsJnIeaHnpvxrDbzUolhjDtlIuZx8UfGkga4XiKNWCwWeM8xCoVzX8Q-VvW8UuuzxEFwW3BZtwen4TvFHLDjFhLMpau152Sqk2s6R5ZvoEnQKnccaAX5wFHigww38QNq70HgwILBAulO1s7rgIc-DIbr2BeOgLkjDq8bY66ghaSJjKuxN2F6W6BAnOfrtx-uV8m_0Q4Zm0eu2kziXOJvxoYeDV8Mkj2zGOqt_d6MJeGKY9W8HNpZssIfZT-aO__s1IAAxApD0yIe6qUU_5Bd5H_OSC1djRzlZMwbg9Bh3AkuAXCDOOVds4S8LySMoD5UnItRMjJ207qdcoS7XMrh1hmTsaI8fMHpte4ekkJupp-jVt_mwKX5viC2zNBN0gKuA4TcZA9zlwkzCFQ9JV6fjS6Q_cY_Lb-b6-4OG5myogubVtIGcFF0CuUXZ1gnE9gNu674fHcqSPGkVaXULnz44lbpu3OwY_Spr6saMAi3JsI5nZcXlxWZagsXlT8rYAXzZAouc4Z-Nw0OdhWjwgkk7Ge9SeCso3GuaQArMi97EOJup6BTc5IrUhZa6_lyCnM4E6vAz85zf9bPyuH8zFZPFmHICQDUrpvV5GGlDsvvJZ9efdQWgLpSJ-fndKUKp16pnuh5EIN_I2wl3wwRVKqByCvmXFugRcDbgwQrmr_DnTJRogxusycPegDqNNIz0WFbLh_mY1105lcC-qWdWwpyE296dNMqUcTAYXqN-zCdMwPIvIT-PWzwpzHraF-vJxZx4GEJYJlyMPzOzRr4XgJ40dvY__ZQB_rZjbw5pQLkQLPW705s0v9yi7t6JHQdoIAyvy0AjIzdXmwNbdsbq99WNyRMP9hA1Pjn-TTCZauVuhAFZ_mrR6e8LC2ATc6kpwEcu9A7YiDw0jJgnIkeip-w7udYu3nICF61_JECz4XvbJw7WeJ7oMpZOZH-4YKf7GHcJ99hNL01gLj7Js2rl6piptMuLAdtwliVmrxlPrT-sJ1BL39fulps7m-hykUu7b3-zhNCoaMR4GjRLNf0BVfF-baq6SKFeBSF5l7xiqgmOkbOkIek50iyK4ea_6m8yfc8ziHE3V4NyVl5sPjCBd_EdHLys1pOoXeuBy0Cze29FYtaRtYl2Igpf0yVe86sZ9hjP415y_bRE06NZAvEMM3LprPj9jHkLXsmCdfaE1CwXDkJQCuXX8Pyqn0Afo5eNE9fFh8u2ZDBdrD7ah3LBAWAyS0HiC8lhUUecIGeiXnxQe8PUy0OqV504EQ2GtdVe479lPBnROlKPgKjBu3gUKa3x2pYTI53NUIju_84BeBDSElJ8yN7DO1c3wC6dNnjsQy1ye0Rug_Iv389qDtHORMzDhPiTXBevPGsAbd3T8J33NcTr0I-RuSrtDCCL_mTtoLQ9OT84Sxz4Kcapx&cid=CAQSTwDICaaNAfH1XrcXtWQCkOP8yKy6szM7BdAC7HweKYZUuVDYrtGnx2IEXN3ebXk9ocHS5LyB_mhG2RKT8OnbTUpM2ZvDbOyzik0dx3DhJjUYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwiki.returnofreckoning.com%2F&ds=l&xdt=1&iif=1&cor=2140901434836385000&adk=2307692974&idt=87&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:16:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:16:11 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/ Frame 81E9 31 KB
12 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f84f4f65c00630a8dd0f354e652293a2cf51e95722f447fb2ea869bbbe664446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:08:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11937
x-xss-protection: 0
server: cafe
etag: 9249472389583843189
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 22:08:43 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 81E9 41 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 300051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
DATA 200
OK truncated
/ Frame 81E9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0156c43305d5ae1916c924e55d216039bff61f04a793c7054c12e7587b3d3eb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame EE73 38 KB
13 KB 7ms
7ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 113843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 21:48:36 GMT
expires: Mon, 02 Dec 2024 21:48:36 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8464527532860307799/ Frame 3501 153 KB
23 KB 23ms
7ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59b036fb5e133a03feca939ab701a5eae28842f15573265dc8da1bfd5d100e6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 11338
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 23802
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 02:17:01 GMT
expires: Wed, 04 Dec 2024 02:17:01 GMT
last-modified: Wed, 09 Feb 2022 10:28:50 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 81E9 0
0 80ms
52ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst9oa81MXSZHYKtmp3Z_PrhbLOxiUYNz49-bw9fIhOinNtxgNlzCjZgPbIRjzvcG07odXvsJgGTG8WuMtnZCnShHQO9Ae0oq_lE5QoY7n2LtEPufBQSHllp7ORdtbiPfpohCvKHyezNcCE87pa888_5E6ZJ--7RpBOjf3vCewYeH9I_kQmNRKEq8nuQFYB2UfoNhpzVEPZBzTRM8tk_x-_vBdhrhRJgDCafKAPpSU35VzrArhr4Mi-YwdECXlnDdDB0L7mcjeC27iuvKxwW2MWkXKlxQUONb22wDp7H2M5Lshp9XE0PeQC2JKWMjfmB791UXXgghMcdgg5EZlfP4BoH2D05wYO7OXfe_3X_OpUAn4eOhxAgow8e3y1wiGNGmIQIWuD7LNfhHShpNvodrqcsL21iC2v8tP-JDdk9I476OllKfC0A1voZIGc7tjfbOtRxJKvZ8gbguf9yn1LHDCogGmOx6-XJyl-vsnicLwUhj28BaUz1pp3pTt5g1UJ5ysFdPp5cFZVbkr2LRhEG9XK5voM4udGLunEqj6UI8PXgMBefgkYIRvLRg3ZrpYi93h5vxqm9NHdz0wHVpKU2-U-uzin-qx_vBEA9pED8ilqPKEEqxMeWfY6ScHlI4AZRXgMRK5urbdqatJtKHW_Uc_W7CM8RhotPohw4jUO3cBlYpVxK0hh8ZbIKcgac51TRHWXjziLnJg84WwpnbAtzRDXdM1qakUmDuO4TdALwkk7mqifCWqH40xz10G73fCf_bp7qi1uFKfce_xoghyKiqXt778-UNrDD1dnZRBR93jQckUSc67H81vmLJCyOPG604DVmFxoim_ZDHQ0FCzNei0hJOWQ4s5Q-_ohEpANrEKoKUrVyO295Dxp4fGDHCpPWnmDTJ32lpTn1tf-LaO402JmLH72clWLm2zH_Kw5mnvg5x3Ao9HERpA8wqry4XpHNDoCBW9xl5mxtmeZalgSa2ctn0jVxL3_5GpxprattmbXZd6sZndWUx6s1v0vlGLbCo-nvfPXbXlYgaFx94r3h693Jolq79epXWNG4dmfigzdZGGK_jxsTsvO-Tru1ryc_9Jxl8I092qYtuP7GoLnz8CmgyJKWPO1SgagF2MvOyvVRip_VkqVVOKSmSTnQbneP1IZv8UGFBTXwpcGtCQmpKC07aHfjkoSL7aq7oOCHi2LzldQt4As7jN_M0LvCR-m1cBKBBMB42SSn0V1E7TQqYlMn0KBbaxcK8ycWDvJcQQbiSLAh6JCAH_rPiVSJXoyep40w0W5i0ACVuNPJHMSnC2IDSmQPUDpB8Bj_-FcDITfxy16MnamyDMtu8F6B_ditSl-y0n6VTIrkMXego8uhb00pycC4OSZ7GiH3StuyTqMNuZQUafnzw0_w7xNKf3CeqTrOVj6sfPopjkTp9-R-TfEAHbaN&sai=AMfl-YRPN5CPjbECn0Yw1hEE7YLNtkHG5PoVOBKl-eFZ8Z8tA0k2bBVwSMKLDwZi1dMXG2uiKQiXYFIJgVy3K_0zK8toQMax0IoDRTjsmIVhlEcYVsoPDyXsLwBAenGdsbWk52xq80DgOueX1-OUBDx7dbKWbng1AKj-UD4FLj7B5GGn6dbmQhXSz1XO958ciNxvP7wfS75AgVIyw9-9YxiiBc98NzsnsZBS1WioP1ITu5WOdUL9eO3JkmNIxGfv7iVLURfNCkEmO3G06JPuAKAlkN1MBiD2AhBOKFiObrSZFFVEM4KRAZ63yFZ9KFDdYrktjw&sig=Cg0ArKJSzKrldnMltEhWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=53&cbvp=1&cstd=51&cisv=r20231130.73056&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame EE73 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 21:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 21:09:52 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 3501 29 KB
10 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:16:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50987
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 15:16:12 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 81E9 0
0 44ms
44ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst9oa81MXSZHYKtmp3Z_PrhbLOxiUYNz49-bw9fIhOinNtxgNlzCjZgPbIRjzvcG07odXvsJgGTG8WuMtnZCnShHQO9Ae0oq_lE5QoY7n2LtEPufBQSHllp7ORdtbiPfpohCvKHyezNcCE87pa888_5E6ZJ--7RpBOjf3vCewYeH9I_kQmNRKEq8nuQFYB2UfoNhpzVEPZBzTRM8tk_x-_vBdhrhRJgDCafKAPpSU35VzrArhr4Mi-YwdECXlnDdDB0L7mcjeC27iuvKxwW2MWkXKlxQUONb22wDp7H2M5Lshp9XE0PeQC2JKWMjfmB791UXXgghMcdgg5EZlfP4BoH2D05wYO7OXfe_3X_OpUAn4eOhxAgow8e3y1wiGNGmIQIWuD7LNfhHShpNvodrqcsL21iC2v8tP-JDdk9I476OllKfC0A1voZIGc7tjfbOtRxJKvZ8gbguf9yn1LHDCogGmOx6-XJyl-vsnicLwUhj28BaUz1pp3pTt5g1UJ5ysFdPp5cFZVbkr2LRhEG9XK5voM4udGLunEqj6UI8PXgMBefgkYIRvLRg3ZrpYi93h5vxqm9NHdz0wHVpKU2-U-uzin-qx_vBEA9pED8ilqPKEEqxMeWfY6ScHlI4AZRXgMRK5urbdqatJtKHW_Uc_W7CM8RhotPohw4jUO3cBlYpVxK0hh8ZbIKcgac51TRHWXjziLnJg84WwpnbAtzRDXdM1qakUmDuO4TdALwkk7mqifCWqH40xz10G73fCf_bp7qi1uFKfce_xoghyKiqXt778-UNrDD1dnZRBR93jQckUSc67H81vmLJCyOPG604DVmFxoim_ZDHQ0FCzNei0hJOWQ4s5Q-_ohEpANrEKoKUrVyO295Dxp4fGDHCpPWnmDTJ32lpTn1tf-LaO402JmLH72clWLm2zH_Kw5mnvg5x3Ao9HERpA8wqry4XpHNDoCBW9xl5mxtmeZalgSa2ctn0jVxL3_5GpxprattmbXZd6sZndWUx6s1v0vlGLbCo-nvfPXbXlYgaFx94r3h693Jolq79epXWNG4dmfigzdZGGK_jxsTsvO-Tru1ryc_9Jxl8I092qYtuP7GoLnz8CmgyJKWPO1SgagF2MvOyvVRip_VkqVVOKSmSTnQbneP1IZv8UGFBTXwpcGtCQmpKC07aHfjkoSL7aq7oOCHi2LzldQt4As7jN_M0LvCR-m1cBKBBMB42SSn0V1E7TQqYlMn0KBbaxcK8ycWDvJcQQbiSLAh6JCAH_rPiVSJXoyep40w0W5i0ACVuNPJHMSnC2IDSmQPUDpB8Bj_-FcDITfxy16MnamyDMtu8F6B_ditSl-y0n6VTIrkMXego8uhb00pycC4OSZ7GiH3StuyTqMNuZQUafnzw0_w7xNKf3CeqTrOVj6sfPopjkTp9-R-TfEAHbaN&sai=AMfl-YRPN5CPjbECn0Yw1hEE7YLNtkHG5PoVOBKl-eFZ8Z8tA0k2bBVwSMKLDwZi1dMXG2uiKQiXYFIJgVy3K_0zK8toQMax0IoDRTjsmIVhlEcYVsoPDyXsLwBAenGdsbWk52xq80DgOueX1-OUBDx7dbKWbng1AKj-UD4FLj7B5GGn6dbmQhXSz1XO958ciNxvP7wfS75AgVIyw9-9YxiiBc98NzsnsZBS1WioP1ITu5WOdUL9eO3JkmNIxGfv7iVLURfNCkEmO3G06JPuAKAlkN1MBiD2AhBOKFiObrSZFFVEM4KRAZ63yFZ9KFDdYrktjw&sig=Cg0ArKJSzKrldnMltEhWEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=99&vt=11&dtpt=46&dett=3&cstd=51&cisv=r20231130.73056&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 tui_logo_live_happy.svg
s0.2mdn.net/creatives/assets/4364511/ Frame 3501 6 KB
2 KB 8ms
8ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4364511/tui_logo_live_happy.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 657
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2072
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 07:44:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:30:02 GMT

GET
H3 200 cta_jetzt_buchen.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 3501 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/cta_jetzt_buchen.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:22:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1056
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 09:19:56 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:37:09 GMT

GET
H3 200 logo_flextarif.svg
s0.2mdn.net/creatives/assets/4331440/ Frame 3501 3 KB
1 KB 15ms
14ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4331440/logo_flextarif.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:13:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 768
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1288
x-xss-protection: 0
last-modified: Thu, 21 Oct 2021 13:24:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:28:11 GMT

GET
H3 200 head2_5line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 3501 12 KB
3 KB 13ms
13ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head2_5line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ae81817c90052995774cacf096b367d746225338fcbbdf50031aec87f6165ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:24:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3267
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:13 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:39:31 GMT

GET
H3 200 head1_3line_family.svg
s0.2mdn.net/creatives/assets/4453672/ Frame 3501 7 KB
2 KB 14ms
14ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/head1_3line_family.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec24c22b9203d16dbd13f6f6898ec8b39c5b2fb7f6ef5571b9f2481bbdb862f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:21:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 270
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2235
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:09 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:36:29 GMT

GET
H3 200 160x600_kv_family.jpg
s0.2mdn.net/creatives/assets/4453672/ Frame 3501 38 KB
38 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4453672/160x600_kv_family.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89f34b3bc1c9a0181dffc795420e5e13874189f4f65c42f1523c882db1516c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8464527532860307799/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:14:57 GMT
x-content-type-options: nosniff
age: 662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38489
x-xss-protection: 0
last-modified: Mon, 07 Feb 2022 08:15:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 05:29:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
43ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231130&jk=88014727593511&bg=!5eal5qnNAAY3kmNgF5I7ADQBe5WfOBVCKEsw8mhM0Wey50U8xOzgCc2TQQg2lLkFEbfiGy6xcH96XIBUWTqei_aCi0lzAgAAADZSAAAAAWgBB5kC0ZD3pgjO6YO6Qtw5I8wm5pvKM6wGehW3ApZxD8I6-0GSevih4aStpE2tEh0axRJLwVLUvAxOTRQxfoD5DDaUsScMzckw4btkL168CO1pcuJAUaxt-I4p6OvQhbBQm348jMlIaqEq0x27eS85kReB34J9mT5Ay2kWVfCS7z1WmhctStT_u3V3kF67IGvRhBe-Ble7VVjU-XK5aRFlEx1U1SvLTScRIgvBmBCLJ9mAP974d0GAjv4dSkLGseXQBJihcKJ7AS4p9zVC-FxKz_5uUoJdO0850-2jPGTA6oQzqwh3NeFnRFIGPxkU4_v7JFzdcs9m2LBWEH0r5lAhIi2sKhEIGuQZgQ_7gVuk2CaDVMlOqJ3bR6r6zM55ETWGwGMU383rqzlrwST3FPRDwqpq-ovgnB6qICOaj3Aeo9S-FRjfsDn8ke3AuqIFM2LJjre8WZnYcg6L-ZE0vTv9J-0BAe7WCg7tyyfKA74OTi4_PXJB1fSQR6nijzibkThQ3ALips_XIL2rvJP9IhCkDwjPczO3UU5KuZy1EsXQ3NuhVcmdX4R-xKPwPa6eTRSIolkSVO9J1jpnI7Ay3NAYxxptWmPB1zPBqJGmpcE_2tE3hBI2T_12ySurF3ErB9Pws9qRohpANCee5VS6-SC1Y8TjO9aZZVbaEH9ot30P2Gu1NVlSsbeb8NUMqkUb3FxqcfADpOI5fW23YVNRyvIU3J1t-4gbk_ORqYAb1aP1h6jSTdWMfSl6_JSBM3x2WWP7wNNmpygh4G5ZpYXKmK4mu3s62ee3A1enq2dYX7f8y4UnFTedbtVJjCp-Z6eZK_jiZjszYeZXeWV4mS0FHXeIY8Ji62EA3sQbgdAEMH4y5JOAya5cAwjDXcKf5Xu3wMjMmnT2feA7VBiSux_8-_EpTpkuZog_f7auvQef2_XJFrc4VrTX6rZKzw8BnyX-jcy8bKrgpkw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 41ms
41ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://wiki.returnofreckoning.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE73 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BNVqUZ7RuZdDmCPKb9u8PxI2HoAUAAAAAOAHgBAI&bg=!9fal9rnNAAY3kmNgF5I7ADQBe5WfOOCU2PqDwI4DQH_3vlK8CTliL0Dp0XY4cclMc58nMSJhR02t_hrnXlvTwpQeWLJ3AgAAAD5SAAAAAWgBBwoATXmG9utOdhsvmvIpnh_XdVYQWmADDCwl5-aBedSO31yBex_2VqFc8VhBdQoe6HL1dndI4uKj38SE5ovr59ZvA2lrxKGgGoNSGjMr9VERmQMPCmT6kOrvu-ftCtg54BvlVQyv4L2zuiphtZOlRM1kVy-Ery0JuDuTXaynCLujHNPVvpFKhijMal0PC0AcN0RBar0zweATQxKIQ69FpEovPs7Xm0NGiSKbFXHY38BeP6028EAjw-PZb1ezkAA4ILGwMU7jMmGHKBTJdKv82WfICDTpTVSRAIzbWcvx7XzkAtg5vc4k8LAJBFPPDbH_L96f8oVjiWRB2zcwz5kJr8ZcuOB2SYag_CmpYGjWL5UHiEXv3NImMXVZVF3tLnY-zMZ9PubHMOjgqLAtoRMwkAOV8ephKWYknP-MatzXSds3PQqxiAr8sD7OBogEGfa7Y3Fvl-tBgVgwVA4EhXL9tUhUBVp_eJG2JifZyNzG-tD_lN4wvJb3_iFLffQouO63mDugHlVGc7N54WYQp2Oqn2KzlB3w5GKP8RVqTrt7dl_YGivVwxd0-bvFPgCgoHv0iSe-f0Nu8bCkNzs5vHIjfSo_0sFCsHEfGQl-UWySpH_V5cYqATyhQf7UugFvMl8izxcb1CbC569gZETBZSfnlxzKwwqQ2sBD0Ry4e6Y0CLjNZNtKIQB0y4E213FFKLN6q7ddQ1vlRtw2ekV7Nt20rXzJsGtVHOiE4RirSPgsIZq9VkJ7sTk--nSJrZ_J39c0yS3CnX9-exl84OaBq7NrcLVAb_griKnjievzqFPAi0F5btxa2cxkQaIPYYE9RHksoXGF4oEyme0es1-cC9YDOpLVcTzPgTfLEpSWLAr3L64Vdsko1FW7IbxFmTdGgoRhZ8lhm8MYv31FXZ5BWwOHs7FYL0uqw414Z9JSAs-CP-vsb6AcO5mvsZqdzeFT3hDSafaCXQjzA3fg-FegxUkbrqH8lQlprRJ9OVpD4YM4BJOLRHJAm4lHFhanp4SA6-nQ0i3Xd30YnXkEUjZOXY9iGApwjoHJjdFS0lbShXdxmmLehCn9SBMBwjo46RUH9XKTnAs3tsTajusFZNkfxRP0_VD933MhBlfOJCvAN_zxlHfx_kEfnu8nIyxO_1JT171959Cl

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/ 160 KB
55 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b896fdbec9c14bfc6ea900ab9ceeaf8d5d3bd8772c8fee94c262fb80e573893c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wiki.returnofreckoning.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55955
x-xss-protection: 0
server: cafe
etag: 13315009822961286039
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame 81E9
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/987057/61527764/4.js?ias_dspID=3&ias_campId=1013380671&ias_pubId=pub-9302098306226831&ias_chanId=1&ias_placementId=20343401411&bidurl=https://wiki.returnofreck...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_Z7RuZdDmCPKb9u8PxI2HoAU&cbFunctionName=goog_wrapCb_Z7RuZdDmCPKb9u8PxI2HoAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpass...

1 KB
1 KB

9ms
9ms

Script
application/javascript

2600:9000:243d:3200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_Z7RuZdDmCPKb9u8PxI2HoAU&cbFunctionName=goog_wrapCb_Z7RuZdDmCPKb9u8PxI2HoAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Server: 2600:9000:243d:3200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:54:05 GMT
x-amz-version-id: 4Cmv1jyFRAmZ7XChlLsmb9GJS5ztjryA
content-encoding: gzip
via: 1.1 222ed61ce1f992de78327a3786f482e2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 34315
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 04 Dec 2023 19:54:03 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: 6UcYb9GGlXxUhmZKtQgKB4O_EsK1FrtKOjQJy22koH-YLxLc_Q_zjg==

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: nginx
x-server-name: app08.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_Z7RuZdDmCPKb9u8PxI2HoAU&cbFunctionName=goog_wrapCb_Z7RuZdDmCPKb9u8PxI2HoAU&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_160x600.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame CF04 91 KB
23 KB 29ms
9ms Script
application/javascript 2600:9000:243d:3200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:243d:3200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 11 Jan 2023 08:50:00 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 222ed61ce1f992de78327a3786f482e2.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P4
age: 28326960
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: n8MdCG4SvgVOaRB20A-B46yJm2X4WtfghgCMurBGFC3ZQZ1bsD8c8A==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
216 B 507ms
167ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPbp,pingTime:-3,time:29,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:29,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B24~0%5D,as:%5B24~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:0,renddet:na,siq:12%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 513ms
176ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPbq,pingTime:-6,time:30,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:30,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B25~0%5D,as:%5B25~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:0,renddet:na,siq:12%7D&tpiLookup=ao:wiki.returnofreckoning.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 505ms
168ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPbt,pingTime:-2,time:33,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:342,beZ:343,mfA:345,cmA:346,inA:346,inZ:349,prA:349,prZ:351,si:354,poA:355,poZ:369,cmZ:369,mfZ:369,loA:372,loZ:374,ltA:375,ltZ:375%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:33,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B28~0%5D,as:%5B28~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:12,sinceFw:21,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 42ms
42ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://wiki.returnofreckoning.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/ Frame 389A 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 10407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 02:32:32 GMT
etag: 12051592065903069241
expires: Tue, 19 Dec 2023 02:32:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/ Frame F1DF 9 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wiki.returnofreckoning.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 10407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4121
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 02:32:32 GMT
etag: 12051592065903069241
expires: Tue, 19 Dec 2023 02:32:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 389A 4 KB
1 KB 51ms
21ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Dec 2023 03:52:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 389A 205 B
295 B 39ms
11ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 17:58:29 GMT
x-content-type-options: nosniff
age: 41250
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 03 Dec 2024 17:58:29 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 389A 604 B
1 KB 38ms
10ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 03:38:28 GMT
x-content-type-options: nosniff
age: 6451
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 04 Dec 2024 03:38:28 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/ Frame 389A 16 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6df8215439f8c1a4f31e4407a93cdb72cfc12b525cc378678ad717f8451325d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 14:37:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 53286
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6758
x-xss-protection: 0
server: cafe
etag: 13232977368472197749
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 14:37:53 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/ Frame 389A 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e3e3fc8cdf8924500e7972820c834a71917633559f5deb528ea3091959130ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 11:50:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 63357
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9196
x-xss-protection: 0
server: cafe
etag: 14855042226819348905
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 11:50:02 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0C15 624 B
245 B 72ms
49ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COO1YRDml88BGKaltfcBMAE&v=APEucNXvMy_S075LvYd0BMpzQpZg456B-AzK2P1v1hs_MuYuq_-BfXqFTbfahT5npf3IBHiGg8bGsP-ZGxl_QVVoljAQ2YNbdVUqHYytEYvgKIENAWvSRYyEYM3LolcabIYup9Ncbs7NVA3HRJN65xlPsAmjXkl18U5hi-WSLVvQvAz1oPgEpO4

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
expires: Tue, 05 Dec 2023 05:25:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame F1DF 111 KB
39 KB 36ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:51:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34473
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 05 Dec 2023 19:51:26 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/ Frame F1DF 7 KB
3 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:11:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26098
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3071
x-xss-protection: 0
server: cafe
etag: 10674441169935035545
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 22:11:01 GMT

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/ Frame F1DF 24 KB
9 KB 33ms
8ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231130/r20110914/abg_lite_fy2021.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a7b1c8d19c1d74836d2aaaaaf1fb2bde2a42708f6d4bb4c9168d7609503fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35669
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9313
x-xss-protection: 0
server: cafe
etag: 8709779397046830652
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:31:30 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame F1DF 41 KB
14 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 300051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 Nov 2024 18:05:08 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame F1DF 3 KB
1 KB 33ms
9ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 22:00:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame F1DF 20 KB
8 KB 34ms
10ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

240ed2cf95df9fa682cc2a820a6681e8faa474dcd678ffbe844351ccbda9bb6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:01:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37463
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8549
x-xss-protection: 0
server: cafe
etag: 755982428571291914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:01:36 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F1DF 42 B
63 B 67ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DEFfto56IOn2Sa_g7ypM_xPEWpjmYPML-myNTYLJOMNStSAcjbxnTJJ_ysYEbU0gkzQ4WdW8QJ9QT7jmANryhRl9ecO90NyZoEBV7dZmiO6STIrMc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame F1DF 202 KB
64 KB 49ms
21ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dce4158779dce6da3ede11337029f817a03f45c9559b1f91d8a7c5ac130f38c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65147
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701694399686299"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 067A 14 KB
1 KB 23ms
17ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 05 Dec 2023 03:51:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame 067A 2 KB
822 B 20ms
15ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:01:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37493
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:01:06 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/ Frame 067A 24 KB
9 KB 22ms
16ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

50a7b1c8d19c1d74836d2aaaaaf1fb2bde2a42708f6d4bb4c9168d7609503fbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 18:59:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37590
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9313
x-xss-protection: 0
server: cafe
etag: 8709779397046830652
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 18:59:29 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 16E7 143 B
168 B 20ms
15ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1298
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:04:21 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame 067A 3 KB
1 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 22:00:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 22:00:27 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/ Frame 067A 20 KB
8 KB 24ms
19ms Script
text/javascript 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231130/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

240ed2cf95df9fa682cc2a820a6681e8faa474dcd678ffbe844351ccbda9bb6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 19:01:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37463
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8549
x-xss-protection: 0
server: cafe
etag: 755982428571291914
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Dec 2023 19:01:36 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 067A 202 KB
64 KB 36ms
31ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dce4158779dce6da3ede11337029f817a03f45c9559b1f91d8a7c5ac130f38c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65147
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701694399686299"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 05:25:59 GMT

GET
H2 200 7a8419aef3683f04c437bd15cecf843d.js Show response
www.gstatic.com/mysidia/ Frame 067A 37 KB
15 KB 17ms
12ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/7a8419aef3683f04c437bd15cecf843d.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 22:31:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197665
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15452
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 19:10:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Mar 2024 22:31:34 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0BFB 38 KB
13 KB 21ms
8ms Document
text/html 2a00:1450:4001:81c::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 113843
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 03 Dec 2023 21:48:36 GMT
expires: Mon, 02 Dec 2024 21:48:36 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 16E7
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
19 B

21ms
21ms

Document
text/html

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
expires: Tue, 05 Dec 2023 05:25:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 05 Dec 2023 05:25:59 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F1DF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca9c83b6409291c196656bf5bb3ac28b1de99cdb035c9b1cfcfed25a40c2ee40

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 728x90-IHG-EN.html Show response
s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/ Frame FEEB 6 KB
2 KB 7ms
7ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f479a635c244cf12054c66b1eb160e5a61bca9c6651785d67ad4ed09507ca91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 24536
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2369
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 22:37:03 GMT
expires: Tue, 03 Dec 2024 22:37:03 GMT
last-modified: Fri, 22 Sep 2023 14:31:20 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F1DF 0
0 95ms
59ms Fetch
image/gif 142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssnUnnVHA2_Rou5CKfi2_pLp3EzA3OxWvcL4UGVdIIvSUqUen466P7FqPHjCwbYE1v9dQS0zGIR_z0NvJAE-XFrE_uvHP3RnF1f7xvWxiE13Wq5Qb7p4IkzWatiovLHLLECMVWkN6iLX_ps7R4Lx1f_YyObH1EpR_uK0sHl3Deahwutl5yGlN2xerxvukIBAbKAR-FBtHYBppUjtOvq0bD2844mR4rN9WgwRjAlAhS3_CZlyORlL0Iwq2GqMQr-RkmCCogQNMe7r796LlKf-vkpMu6gPdUzih2XcWvNT6uG8QObtaKTB3HSgbMcWY7VFhUJ9VyRTVrLMQyLu0SU0LY2X_0SdVaLlPP8Wbaj5EiOzjPCeELNn1YB-wIcRiEHJphBMG7u69lZT8hJ-XcYt89Uy7cM8g23vuO1qW_qEBd3m2V8lo_9Gd18j4BqRH2T2gxL115li1gAq9rD9I7p6DKcHIwgdfrxbZdQYRqwyjx3Deq3oQp54LUZ39zQB-eRAmGE3Uy3TY_IukJYQKNkTqFCnjFNQKndwJsn2ZJyRbmmX1hXzeRBGvufVpbdNPoAYhvu39Dh73swXyrD7LS9wgN-ULe38sQReATjD8T4QZtjf0--D_9w2wyyUYa9ANjpHzmkWeCwEmtv4siddPgSCqANKpqj-kMdk-fndnS7HPm6UmIYe-hCLRn7hQPS6mKW9p0G60hA_t9MYOMPrMD2-9N9nGs8k6ym7KTKldGxhjtNS4J2tDa6I08RA291F5rm-wrGEGvxgOKHxPxAQY5U956yjO4x8UOcophUYZORaiuXk9Wn80etXeyUdOhXSNFowuOfUMNhpSjQO_RiBMYd8V5q0r_5EbiS_MOtbU592A1nNjkIMVueIcGO-345pAEU73STcZoFuvOB2RkVTy-fw4EAm7xhJy_GHj2ikGSsIqqaTxvPdU-SECGFzM6UgMxyCqisBSrY3FQEeAX6Uoq4SQvHHQDxhdIgfYfCbc7IBnqw412Bjtu7VHqurwDrmdvLREQwvd0mFiU7eFPZ0Fxyhc0-e6b3ihA17nlgMkbJPHw3j-Bc8aKrXJ8NryNuDOTyoOzMD2QttPcMwbUL9vRSqRvc41Mranqt80YujetyhiUV0jkbutx5bgCVNvKfcLxFF13Fnx2y9qk_lGoUHvyJx_nW6jbQgGYUNJStS9P_K5DWCTR3T0EQcJ22B27nLFcNT9XsFeUI0o9U1CzkON1khA8cCae7Nmo_66M7l1hPLz6ecWLxJQylXHk4WFPokOpsfNjF0c8WcYMd0w8L8bQMOPGDVJaEpEMLGuVuE3nnAAnQLHKjJuYunlgm1iK1t7nZNK6nqvnOinvlGDhvfmPBizmBeTjDz5nO332U2MbZVbd_BtokDMF4Tg&sai=AMfl-YRCggGACPdef1URQtApSqnTPqOrSLiBfzdRx5PdlunYajvAD5nQBlcJEejpZqovM_CjMgpxsTk1qXC-NkDuQpA07fMOoXBnB5ctGRoqwWUIU2JaoYDUNUe7E2d_1E6fJXI9pXFdJ7A-E9rGb-3OAHvRx-ar16e2e0spq5DqQCyKMfzf6oxd8d4zqngzJkrXg2h7wvR_p5KqF52GZo2ZIOXYuCJ893HPDsqn2tGaANAy1a8PncDKwsT1QTztPzAgRny52JCEddZH5Lb9c2AhIeb1G7Adk7G9uqhalmbcQQf2sD8fJFB155bSBsp9GfexK3SHRJrHAk_6EGko4DpRijiF7Ow2yWK6TRJvSM1jfBW6jn8uh2ORgExpb3lLe99HnbYXzJ4rslFIll7ezsn6X0R6pNwE-tijmZ-CoUoA0DL_rPbSBIVc30HRIXnjoUECSFakkWK_6E4muJxIJUqOkG2nfWVAwiHFEZ8UKOwL4ZuZMqZYp-mmUHyoPt3Vjm8VM_Snog&sig=Cg0ArKJSzDkBCM7daSgzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9paGcuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=69&cbvp=1&cstd=67&cisv=r20231130.05022&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

firstevent
ihg.demdex.net/ Frame F1DF
Redirect Chain

https://ihg.demdex.net/event?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917
https://ihg.demdex.net/firstevent?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917

42 B
718 B

34ms
34ms

Image
image/gif

54.154.43.253
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ihg.demdex.net/firstevent?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

54.154.43.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-154-43-253.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-09a33b2f9.edge-irl1.demdex.com 3 ms
pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: GnYdYO+BQRs=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-097c24447.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: SUsicOmdQd0=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://ihg.demdex.net/firstevent?d_event=imp&d_src=17025&d_creative=199411561&d_adgroup=567519347&d_placement=375997312&d_site=3439440&d_campaign=30519982&d_cb=638392917
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame FEEB 236 KB
63 KB 41ms
15ms Script
text/javascript 2a02:26f0:480:f::213:7ed6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:480:f::213:7ed6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Tue, 05 Dec 2023 05:40:59 GMT

GET
H3 200 728x90-IHG-EN.js Show response
s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/ Frame FEEB 28 KB
5 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.js?1691589111869

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50df0b49a9aa0555312895bd3decc17d1cd1fbfabffbe620a81dfd1122826bac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 23:11:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22480
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5346
x-xss-protection: 0
last-modified: Fri, 22 Sep 2023 14:31:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 23:11:19 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0C15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

43 B
736 B

23ms
23ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COO1YRDml88BGKaltfcBMAE&v=APEucNXvMy_S075LvYd0BMpzQpZg456B-AzK2P1v1hs_MuYuq_-BfXqFTbfahT5npf3IBHiGg8bGsP-ZGxl_QVVoljAQ2YNbdVUqHYytEYvgKIENAWvSRYyEYM3LolcabIYup9Ncbs7NVA3HRJN65xlPsAmjXkl18U5hi-WSLVvQvAz1oPgEpO4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2Fy2VEFPXf%2B%2BmJR%2BccOb0gOnyWmDA8trN8UygG8OZAsTOztcO9Rov5bjBDJKwtMHSIdvHWc1ci9SZcAetrFgT3%2B2sOUq6jFWWpBAHK3k6Tx7UGZf3OA7Jvfolddq6v4le%2FaKVJz5UGEv2g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8309df27ec3118d2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 0C15
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZW60Z0yV1JCpk5iZuOm2XAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1

43 B
736 B

24ms
24ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COO1YRDml88BGKaltfcBMAE&v=APEucNXvMy_S075LvYd0BMpzQpZg456B-AzK2P1v1hs_MuYuq_-BfXqFTbfahT5npf3IBHiGg8bGsP-ZGxl_QVVoljAQ2YNbdVUqHYytEYvgKIENAWvSRYyEYM3LolcabIYup9Ncbs7NVA3HRJN65xlPsAmjXkl18U5hi-WSLVvQvAz1oPgEpO4
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPcYO2SFoQEeC580LSqBxNeXzN%2FkAh3gaIuouQaJmrdhUkHV%2FnjMMG315Do3Evctwg%2Bo3yejMaZRJrSmK3kfIT0b0XdQrS2H7tqLz7duW%2BhmCoJ05oMZ00uNB%2FnzXa3zz5w%2B4fznW%2FiSSg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8309df281c5818d2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEITQiVRg7Ig1vjCn3sw6Ua4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 0C15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1

43 B
842 B

18ms
17ms

Image
image/gif

185.89.210.212
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COO1YRDml88BGKaltfcBMAE&v=APEucNXvMy_S075LvYd0BMpzQpZg456B-AzK2P1v1hs_MuYuq_-BfXqFTbfahT5npf3IBHiGg8bGsP-ZGxl_QVVoljAQ2YNbdVUqHYytEYvgKIENAWvSRYyEYM3LolcabIYup9Ncbs7NVA3HRJN65xlPsAmjXkl18U5hi-WSLVvQvAz1oPgEpO4

Protocol

Server

185.89.210.212 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
an-x-request-uuid: b146d0be-d66e-417d-82a6-9f3cc6945b78
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 80.255.10.203; 80.255.10.203; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMXhP8VNkeLg0StMewLv1sQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0C15
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI1MTEzOTczNDI2MjA2NDI5MA%3D%3D

170 B
188 B

17ms
16ms

Image
image/png

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI1MTEzOTczNDI2MjA2NDI5MA%3D%3D

Requested by

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
an-x-request-uuid: c7c38da2-2192-49c0-8dfc-054bba11878f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI1MTEzOTczNDI2MjA2NDI5MA%3D%3D
x-proxy-origin: 80.255.10.203; 80.255.10.203; 942.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 0BFB 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 21:09:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29767
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 21:09:52 GMT

GET
H3 200 EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js Show response
pagead2.googlesyndication.com/bg/ Frame 5CB6 51 KB
19 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/EVHvBJ0i-F520M18bkMcYIEfy1k1k36JnZivUIMouqs.js

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1151ef049d22f85e76d0cd7c6e431c60811fcb5935937e899d98af508328baab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 13:35:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19864
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 03 Dec 2024 13:35:31 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 198ms
169ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPgo,pingTime:-10,time:338,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTkuMC42MDQ1LjE5OSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1701753959700%7C%7C28e9adf8dea35dcff2e768ec1c71c5fb%7C%7C9d9fcb00733e98b40e93b73c4ea99695%7C%7Cda57c42532a2bff1b683952dbf83e203%7C%7C01405ce023cb1c8d1b51c514d1d25c06%7C%7Cd394f9c08164aad6fe2f536899b4c3d0%7C%7Cdb758a3d6623fba4f72fdacf9677ebb7%7C%7C2e8fcd596a26be86ac42a499b7443058%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9302098306226831&output=html&h=600&slotname=7706214335&adk=354745794&adf=1210279177&pi=t.ma~as.7706214335&w=171&fwrn=4&fwrnh=100&lmt=1676302857&rafmt=1&format=171x600&url=https%3A%2F%2Fwiki.returnofreckoning.com%2FMain_Page&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701753958410&bpp=5&bdt=438&idt=196&shv=r20231130&mjsv=m202311300101&ptt=9&saldr=aa&abxe=1&correlator=4362551188982&frm=20&pv=2&ga_vid=1322392026.1701753959&ga_sid=1701753959&ga_hid=526164428&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=19&ady=433&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079863%2C31079920%2C44807763%2C44808149%2C44808285%2C44809072&oid=2&pvsid=88014727593511&tmod=1553857455&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CaEe%7C&abl=CA&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=204
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
server: nginx
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 42ms
41ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9302098306226831&plah=wiki.returnofreckoning.com
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://wiki.returnofreckoning.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 _728x90stroke.png
s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/images/ Frame FEEB 557 B
588 B 8ms
8ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/images/_728x90stroke.png?1695325270958

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231130/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95b66e437c2349dfb086e55d9a395a85324398bde6c1a6656163626cec59b303

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 21:12:09 GMT
x-content-type-options: nosniff
age: 288830
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 557
x-xss-protection: 0
last-modified: Fri, 22 Sep 2023 14:31:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 30 Nov 2024 21:12:09 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame F1DF 0
0 45ms
45ms Fetch
image/gif 142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssnUnnVHA2_Rou5CKfi2_pLp3EzA3OxWvcL4UGVdIIvSUqUen466P7FqPHjCwbYE1v9dQS0zGIR_z0NvJAE-XFrE_uvHP3RnF1f7xvWxiE13Wq5Qb7p4IkzWatiovLHLLECMVWkN6iLX_ps7R4Lx1f_YyObH1EpR_uK0sHl3Deahwutl5yGlN2xerxvukIBAbKAR-FBtHYBppUjtOvq0bD2844mR4rN9WgwRjAlAhS3_CZlyORlL0Iwq2GqMQr-RkmCCogQNMe7r796LlKf-vkpMu6gPdUzih2XcWvNT6uG8QObtaKTB3HSgbMcWY7VFhUJ9VyRTVrLMQyLu0SU0LY2X_0SdVaLlPP8Wbaj5EiOzjPCeELNn1YB-wIcRiEHJphBMG7u69lZT8hJ-XcYt89Uy7cM8g23vuO1qW_qEBd3m2V8lo_9Gd18j4BqRH2T2gxL115li1gAq9rD9I7p6DKcHIwgdfrxbZdQYRqwyjx3Deq3oQp54LUZ39zQB-eRAmGE3Uy3TY_IukJYQKNkTqFCnjFNQKndwJsn2ZJyRbmmX1hXzeRBGvufVpbdNPoAYhvu39Dh73swXyrD7LS9wgN-ULe38sQReATjD8T4QZtjf0--D_9w2wyyUYa9ANjpHzmkWeCwEmtv4siddPgSCqANKpqj-kMdk-fndnS7HPm6UmIYe-hCLRn7hQPS6mKW9p0G60hA_t9MYOMPrMD2-9N9nGs8k6ym7KTKldGxhjtNS4J2tDa6I08RA291F5rm-wrGEGvxgOKHxPxAQY5U956yjO4x8UOcophUYZORaiuXk9Wn80etXeyUdOhXSNFowuOfUMNhpSjQO_RiBMYd8V5q0r_5EbiS_MOtbU592A1nNjkIMVueIcGO-345pAEU73STcZoFuvOB2RkVTy-fw4EAm7xhJy_GHj2ikGSsIqqaTxvPdU-SECGFzM6UgMxyCqisBSrY3FQEeAX6Uoq4SQvHHQDxhdIgfYfCbc7IBnqw412Bjtu7VHqurwDrmdvLREQwvd0mFiU7eFPZ0Fxyhc0-e6b3ihA17nlgMkbJPHw3j-Bc8aKrXJ8NryNuDOTyoOzMD2QttPcMwbUL9vRSqRvc41Mranqt80YujetyhiUV0jkbutx5bgCVNvKfcLxFF13Fnx2y9qk_lGoUHvyJx_nW6jbQgGYUNJStS9P_K5DWCTR3T0EQcJ22B27nLFcNT9XsFeUI0o9U1CzkON1khA8cCae7Nmo_66M7l1hPLz6ecWLxJQylXHk4WFPokOpsfNjF0c8WcYMd0w8L8bQMOPGDVJaEpEMLGuVuE3nnAAnQLHKjJuYunlgm1iK1t7nZNK6nqvnOinvlGDhvfmPBizmBeTjDz5nO332U2MbZVbd_BtokDMF4Tg&sai=AMfl-YRCggGACPdef1URQtApSqnTPqOrSLiBfzdRx5PdlunYajvAD5nQBlcJEejpZqovM_CjMgpxsTk1qXC-NkDuQpA07fMOoXBnB5ctGRoqwWUIU2JaoYDUNUe7E2d_1E6fJXI9pXFdJ7A-E9rGb-3OAHvRx-ar16e2e0spq5DqQCyKMfzf6oxd8d4zqngzJkrXg2h7wvR_p5KqF52GZo2ZIOXYuCJ893HPDsqn2tGaANAy1a8PncDKwsT1QTztPzAgRny52JCEddZH5Lb9c2AhIeb1G7Adk7G9uqhalmbcQQf2sD8fJFB155bSBsp9GfexK3SHRJrHAk_6EGko4DpRijiF7Ow2yWK6TRJvSM1jfBW6jn8uh2ORgExpb3lLe99HnbYXzJ4rslFIll7ezsn6X0R6pNwE-tijmZ-CoUoA0DL_rPbSBIVc30HRIXnjoUECSFakkWK_6E4muJxIJUqOkG2nfWVAwiHFEZ8UKOwL4ZuZMqZYp-mmUHyoPt3Vjm8VM_Snog&sig=Cg0ArKJSzDkBCM7daSgzEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9paGcuY29t&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=228&vt=11&dtpt=159&dett=3&cstd=67&cisv=r20231130.05022&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: wiki.returnofreckoning.com
URL: https://wiki.returnofreckoning.com/Main_Page

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 hilogohorz.png
s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/images/ Frame FEEB 6 KB
6 KB 8ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/images/hilogohorz.png?1695325270958

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7876955f796a610bbb1c5d9cce338b6dd2df0156c14fd44e3115d52724559a88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8342201720650072064/728x90-HI-DE-refreshed/728x90-IHG-EN.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 15:55:14 GMT
x-content-type-options: nosniff
age: 48645
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6394
x-xss-protection: 0
last-modified: Fri, 22 Sep 2023 14:31:20 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 03 Dec 2024 15:55:14 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0BFB 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BTxnVZrRuZd_4J6uBwuIPkaqwkAEAAAAAOAHgBAI&bg=!q6ilqOfNAAY3kmNgF5I7ADQBe5WfOBmECv23wx6lDGXQc-Fm62zGYuGjxjFEi2p7bwfT2lLPgMfYF3Om0VN53LiUgHEZAgAAAGNSAAAAAmgBB5kC5EuUqkELIbYzicNYLi2qwuHKJvIsQq1E_r9qfW_0WGmjB6tY5q3pqx7WkLx34jsBQVNEzdJNrmBT-qgMX6OXKw_ILNhrhbXx3pXZ1DZve9MJGfnDOOUrGW19clWZYqNFjduQTyShsdrB4c_59uJOoTNRJLPdea3cWaHJICsj0QXrbdKob_kILq76t810GkhVFFUZqR-1Nna9MLqFCUgfrsmAZvww5bzm5FNLnrKe9pccj2EnAC19aS1RhwLwWRkw42rsSru_04Wy_p4b5hYBq2-1f-CJuJg_9sqnf8aSMgKhdMiVfMvD4JhNZl4xSCCTrxGgf-bdE2QPMNBHrumO7pz9yI1EJOBHSdZAId6ymHFC0GvmzKcD-P29ZOQQLujtKGGnLiXprdDhTPyeHzk27fpddksEJuhHEY4P7w29a9P5wTfJxDbSVgUx3_CZsXAf_7M4ggo-cGTwbb4UAU7mFUJ9vBIT0xFuyrH-yvYCrEp4-4HaqGsx3BFOKzsqR8f7g0cctB3liuIRAArgL7OOJ2Cl6OVPW1wcau-JpUQpAQU0m3JQPYSKTl3I2iiaxt8oyH8LhfjwUg4IarpeUSibG7_8PqRJZsMj8szzNm4og1MZyeQpVar6us7TmQqDQS2YyDRRxuWOZHF91jE5o1_Te1BVLQCCUl4z0k4lDstjKY7tKQktBMbgZlD2cmkDO_HFNx25mGvF-xSMi2DS7JXRDNSYP_tqxexRiSbG098kvTzJhrUvwOeZkwtP-Y4Wbz5Q0KfP1XEGW-3a98a4gPmEUoyGJly2V0QyyyLUoyy32Y45Xe_nG48cYm7SeZWWDrHLN5AWvsut5ipfVdHsCkpPfBMZ2nwv9dSd5YxQMIT-24qODc2G3F6Zc9SpjpPGa3L6D4FR7RKlTeOaftlk8aC7fxY_Vlx8GfTtiilMUFXc9s_FOCX1J7ZyPQ_mG68W7FnEcVE9vOStX1nta-1IuB97rf1qqZcR

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:25:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 166ms
165ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPmF,time:727,type:e,im:%7Bpci:%7Btdr:694%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:727,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B722~0%5D,as:%5B722~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:672,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:12,sis:93%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:00 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 81E9 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1eqWmKdviZgTCcRh6XX9eDxq7dCq2AJUrLAmvcfvuXLQHSxlzTjTkFPQgP2wYDS8ErURM2vlXEQGtIHsz6fjTtmh34LBF9Ve451h-ItlrCGE8I8sOctVCrizDafMtnwpNQAsIQCB7l6UZ&sai=AMfl-YQZOa_QkieEoqD4UhD0tIB2fUrllmhp0aum-qi8QJ79lKK9wBhWGU-aLTljndqHaiFxu8FIVRXzQeRLukRBkpCuNas9TMWPY7hBtVzy5hde_rmVeCtQvggdbCxyhGmCRrRWl4Mq19rRiBfuWrZySxfOUvBTeFAOnY2w&sig=Cg0ArKJSzPy3ehkPhQKwEAE&cid=CAQSTwDICaaNAfH1XrcXtWQCkOP8yKy6szM7BdAC7HweKYZUuVDYrtGnx2IEXN3ebXk9ocHS5LyB_mhG2RKT8OnbTUpM2ZvDbOyzik0dx3DhJjUYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231204&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=354745794&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701753959020&rpt=282&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 166ms
166ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPrD,pingTime:0,time:1035,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D,%7Bpiv:100,vs:i,r:,t:1035%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:0,o:1035,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1030~0,0~100%5D,as:%5B1030~160.600%5D%7D%7D,%7Bsl:i,t:1035,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1030~0,0~100%5D,as:%5B1030~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:183,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:12,sis:93%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:00 GMT
server: nginx
x-server-name: dt22.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F1DF 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu_6KrvgIHojLZdsGO3rDqv5kdGwpFd4lp8_pIPRdb7ch-YbJsotMSUgEn_44C-EMOIn-yRLHtjC4GvvU_l4CQXRk4nLDv-gS7Q2q4Z0y4tHfzINPQyAnElADdPRZzGVTz5fiEBVSZoXz0L&sai=AMfl-YTryowPfCCGu-abVgCu77RtkT-TV2ZvXMQrRbcCzHhAUw8Tgowx0rOimFvHyPZ-xtPNXBJK1G0XTw9ptf7L5twySMkNuBRnVNe-QI3s6hHHnz9N9uGA-lzUpxOTyAJTtV-LWCOcOVKQt5gig10DSy4xaHb2vhatz3E&sig=Cg0ArKJSzJt0vJ5ZTUbLEAE&cid=CAQSTgDICaaNEVkhHmYOt2f10QOhYApZ8efL5SVTRl_e9L2mYCeXntnLc3K3pp39c2xh89_MikejsowJguzNKue1hppDej1SLQB-2SM0PKP_zxgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=317,817,1000,1051,1178&tos=317,500,183,51,127&v=20231204&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701753959480&rpt=152&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 81E9 0
24 B 89ms
89ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8145119924468&version=m202309260101&ct=76&x=1&cor=2140901434836385000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:01 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 166ms
166ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPHM,pingTime:1,time:2036,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D,%7Bpiv:100,vs:i,r:,t:1035%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1001,o:1035,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1030~0,1~100%5D,as:%5B1031~160.600%5D%7D%7D,%7Bsl:i,t:1035,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:169,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:12,sis:93%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:01 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 81E9 43 B
215 B 167ms
167ms Image
image/gif 2600:1f13:800:7781:b300:4e0a:a2f0:cc36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=987057&asId=e7fe35cb-8738-e147-8204-88f8bd4328b3&tv=%7Bc:vTUPHM,pingTime:1,time:2036,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:160,h:600,t:11%7D,%7Bpiv:100,vs:i,r:,t:1035%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:1,slTimes:%7Bi:1001,o:1035,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:11,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1030~0,1~100%5D,as:%5B1031~160.600%5D%7D%7D,%7Bsl:i,t:1035,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:sp,cc:0.0.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:169,fm:tXxwbDQ+11%7C121*.987057-61527764%7C1211%7C1212%7C1213%7C13%7C14,idMap:121*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:12,sis:93,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:b300:4e0a:a2f0:cc36 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 05:26:01 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 02:04:09	Name: IDE Value: AHWqTUnen24N-2_snsStzEY2MeKuHK2cTTsrs2UDqLIKLOvSXefS_0OEkohxuuja
.doubleclick.net/	1970-01-20 21:01:45	Name: APC Value: AfxxVi4IAbEog4Gu_e8NpDpqXafKesN-Lf0iP4h-q2O7iXWKF_vJng
.casalemedia.com/	1970-01-21 01:28:09	Name: CMID Value: ZW60Z0yV1JCpk5iZuOm2XAAA
.casalemedia.com/	1970-01-20 18:52:09	Name: CMPS Value: 5224
.casalemedia.com/	1970-01-20 18:52:09	Name: CMPRO Value: 5224
.returnofreckoning.com/	1970-01-21 02:04:09	Name: __gads Value: ID=e153725f3c97b3f9:T=1701753958:RT=1701753958:S=ALNI_MZuYqverWdRbqVul2JsSF1Plj9NVA
.returnofreckoning.com/	1970-01-21 02:04:09	Name: __gpi Value: UID=00000d0af774a17c:T=1701753958:RT=1701753958:S=ALNI_MZ8vevCsRJ6dM-MztFQM0N77Ubxaw
.adnxs.com/	1970-01-20 18:52:09	Name: uuid2 Value: 5251139734262064290
.adnxs.com/	1970-01-20 18:52:09	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?kns'x1!]tbPl1M>e)ZlrFUfJ+tGXxo]9v5avUx^%>>Z(n5Q2V1B>VT]5X^Y1<b5q:33If)y3KL9D3I?-)2k5'z
.doubleclick.net/	1970-01-20 16:42:37	Name: DSID Value: NO_DATA
.demdex.net/	1970-01-20 21:01:45	Name: demdex Value: 26375613840164313490408281347743074287
.ihg.demdex.net/	1970-01-20 21:01:45	Name: ihg Value: 26375613840164313490408281347743074287

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
cm.g.doubleclick.net
code.createjs.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ihg.demdex.net
pagead2.googlesyndication.com
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
wiki.returnofreckoning.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.returnofreckoning.com
104.18.36.155
142.250.185.166
142.250.186.66
142.250.186.98
185.89.210.212
2600:1f13:800:7781:b300:4e0a:a2f0:cc36
2600:9000:243d:3200:8:48e:53c0:93a1
2606:4700:20::ac43:4416
2a00:1450:4001:810::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:830::2006
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a02:26f0:480:f::213:7ed6
34.247.14.54
54.154.43.253
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
05033dca3f70cfb136413f0b9c8fdc66c940a595411a0ab6adc3eb3817752f0b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d83b0c995f47d465d9c2e9ba76c14eb6e8f501f9b855b3a5974e67c55c1e5ef
0e84b494346c7a19da3fffe6e54955239cdffbb7c09a2fa1f07aa5297dd73cd7
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
1151ef049d22f85e76d0cd7c6e431c60811fcb5935937e899d98af508328baab
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
240ed2cf95df9fa682cc2a820a6681e8faa474dcd678ffbe844351ccbda9bb6e
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2a3d02c31b83a7477833108ffe85d26d012fcc3385c3db4a1d8c55dfe45dead8
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e9ded868de28c6279e355c24e549bbc5076dd5a3c07436dfb697b634f85088e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
41b6df75a259d0930bc341f3a09b8009c5665573e4a5a69fb8089a267da491fd
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
42dc9ee1c4ce49acea179f6c8c858fde08ed43ae24028dd33278b1d3eed00559
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
479033ae51a8aed3b896d7d61943b87bc92d61c324bfac469c7254ca39b6b20b
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4dce4158779dce6da3ede11337029f817a03f45c9559b1f91d8a7c5ac130f38c
4e7de0800efbf4e7c5d6802a84e7f68b5906cc0e46b68b97076dc688bc7def16
502ceab2e9727d9c113a18f5e48a938865ef4c52884e6720fe57aed20aa24823
50a7b1c8d19c1d74836d2aaaaaf1fb2bde2a42708f6d4bb4c9168d7609503fbc
50df0b49a9aa0555312895bd3decc17d1cd1fbfabffbe620a81dfd1122826bac
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59b036fb5e133a03feca939ab701a5eae28842f15573265dc8da1bfd5d100e6b
5c24f3d8f3dfcb28322f4d411d2f0d48c7313dd91817bff0886e6e6164299421
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5da279c9b6d0f1d8cc0ce5840350f404ad161a82d772d51eb09c762851901973
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6ae81817c90052995774cacf096b367d746225338fcbbdf50031aec87f6165ac
6b9b2b33d50320446996a318fbd7129b3b365e760c44e8acc28031438bb3f8d3
6e3e3fc8cdf8924500e7972820c834a71917633559f5deb528ea3091959130ed
6f479a635c244cf12054c66b1eb160e5a61bca9c6651785d67ad4ed09507ca91
70c859431ed8e242967e93868b7496e153e7f9237513c9e0fb6184328127b263
7876955f796a610bbb1c5d9cce338b6dd2df0156c14fd44e3115d52724559a88
7e263e007442c865f82623cf2a5528838f601145efd94e6559e1c005003723b8
82df0096488e87333aaa0b7cad6ec583baee19c0d1cf7638e48fb609ed060a79
854a1cb3bf2ef67e6a303c0ca22cbf1616a6683a1415997646bb2129047a7e1d
89c1b1f5c741dfa102098707129994f4903286d1350d17c1c6f705cd572e1fe9
89f34b3bc1c9a0181dffc795420e5e13874189f4f65c42f1523c882db1516c87
8f41f21b2aa71d59971a9127af5e708081a8cd838e0b9402c52c13504a048957
949b3cde1a46caf4f55bb496f58a44af641a4b9fed64f95057bb5eeff142170b
95b66e437c2349dfb086e55d9a395a85324398bde6c1a6656163626cec59b303
95cb310b793f324e82e1b24449a1d56e116e207a8b8491990afe5d59f315cee2
9646faa910bf46eb34358bfb94ca36d267cfb8129d182caeedb7720d28ec8ceb
9a4b102038a72a3bce751aa8dfbcdc084d69f7703101e33ca6cbf9d7308c363f
9f392288477b416424d96ef0c5a08f2d24d9936dea70eb29b2cad0ef250e353f
9f6e245ec73203f99ecb888db309a2bdaf91f8696c1cebaa94e477a953fab30a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a6df8215439f8c1a4f31e4407a93cdb72cfc12b525cc378678ad717f8451325d
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b0ac1f9971d9399e3e626ba42089bffccb2969f050bce5f3505d6233b0658894
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b896fdbec9c14bfc6ea900ab9ceeaf8d5d3bd8772c8fee94c262fb80e573893c
c3c65e8c0bf0810f493253701a2cef5c578d962c55e7e6307d69128f6e13c27d
c4b813f7aa04eca20be469b259cca2779799f58e280d73488bd7386940d2d146
c527305b71aee5a8d7d7f5191ce033859c13dd381e51e723a7e37d5835e02857
ca9c83b6409291c196656bf5bb3ac28b1de99cdb035c9b1cfcfed25a40c2ee40
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cdd05deac929021f9fb85923a579e57472e883e491dc4460150e6af677d803d5
d0156c43305d5ae1916c924e55d216039bff61f04a793c7054c12e7587b3d3eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e4b6aedefec8a8c951593dde14beeb12c18bcbb2681d1d92906c34a6aedae1f8
e57911cd8bc28f9819a0d3bfe5fd4b05aaf4d1330ca55a78c427ae3a242fad82
ea40f4f405204f6403c97a6ad2b2f06ba2bfe2fe42e85ac28a9d59ded147721f
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ec24c22b9203d16dbd13f6f6898ec8b39c5b2fb7f6ef5571b9f2481bbdb862f8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f84f4f65c00630a8dd0f354e652293a2cf51e95722f447fb2ea869bbbe664446
ff22ab6094533b3d20eb158046fa8b587f0ae249af11c8df7ae60d29231bb4a1

wiki.returnofreckoning.com Open in urlscan Pro 2606:4700:20::ac43:4416 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

125 Requests

92 %HTTPS

61 %IPv6

13 Domains

20 Subdomains

19 IPs

4 Countries

1490 kBTransfer

4264 kBSize

12 Cookies

6 Outgoing links

Page URL History

Redirected requests

125 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

wiki.returnofreckoning.com Open in urlscan Pro
2606:4700:20::ac43:4416 Public Scan

Screenshot
Live screenshot

Full Image

125
Requests

92 %
HTTPS

61 %
IPv6

13
Domains

20
Subdomains

19
IPs

4
Countries

1490 kB
Transfer

4264 kB
Size

12
Cookies

125 HTTP transactions
2 data transactions