packages.incpak.com Open in urlscan Pro
2606:4700:3035::6815:bb8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.packages.incpak.com/
Effective URL:
https://packages.incpak.com/
Submission: On April 23 via automatic, source certstream-suspicious (April 23rd 2021, 4:30:33 am UTC)

Summary HTTP 98 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 14 domains to perform 98 HTTP transactions. The main IP is 2606:4700:3035::6815:bb8, located in United States and belongs to CLOUDFLARENET, US. The main domain is packages.incpak.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 12th 2020. Valid for: a year.

This is the only time packages.incpak.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	51.79.177.145 51.79.177.145	16276 (OVH) (OVH)
33	2606:4700:303... 2606:4700:3035::6815:bb8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1 1	85.14.248.72 85.14.248.72	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	18.197.28.148 18.197.28.148	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
98	21

1 51.79.177.145 (Singapore, Singapore) 1 redirects

ASN16276 (OVH, FR)
PTR: sgprm60.fastcpanelserver.com

www.packages.incpak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2606:4700:3035::6815:bb8 (United States)

ASN13335 (CLOUDFLARENET, US)

packages.incpak.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.14.248.72 (Krefeld, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.28.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-28-148.eu-central-1.compute.amazonaws.com

vfd2dyn.vodafone.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	338 KB
34	incpak.com 1 redirects www.packages.incpak.com packages.incpak.com	299 KB
10	doubleclick.net googleads.g.doubleclick.net	88 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	105 KB
4	googletagservices.com www.googletagservices.com	133 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	google.com 1 redirects adservice.google.com www.google.com	255 B
1	vodafone.de vfd2dyn.vodafone.de
1	exactag.com 1 redirects m.exactag.com	1 KB
1	google.de adservice.google.de	165 B
1	googleadservices.com partner.googleadservices.com	638 B
1	onesignal.com cdn.onesignal.com	3 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
98	14

	Domain	Requested by
33	packages.incpak.com	packages.incpak.com
25	tpc.googlesyndication.com	googleads.g.doubleclick.net packages.incpak.com tpc.googlesyndication.com pagead2.googlesyndication.com
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net packages.incpak.com
10	pagead2.googlesyndication.com	packages.incpak.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	www.google.com	1 redirects
1	vfd2dyn.vodafone.de	packages.incpak.com
1	m.exactag.com	1 redirects
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	cdn.onesignal.com	packages.incpak.com
1	www.googletagmanager.com	packages.incpak.com
1	www.packages.incpak.com	1 redirects
98	18

This site contains links to these domains. Also see Links.

Domain
www.incpak.com
facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-12` - `2021-07-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.googleusercontent.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
dyn.vodafone.de DigiCert SHA2 Secure Server CA	`2020-07-15` - `2021-07-20`	a year	crt.sh

This page contains 12 frames:

Primary Page: https://packages.incpak.com/
Frame ID: 93D43FB351115AB63446B171AF86E04D
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210420/r20190131/zrt_lookup.html
Frame ID: 7596CD244D871B341E4821356811821C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3318166806&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215520&bpp=6&bdt=891&idt=182&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=4603255182861&frm=20&pv=2&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uFev0UOa63&p=https%3A//packages.incpak.com&dtd=205
Frame ID: 9C95ADBC32B696D22ED29E2838DA07B3
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130
Frame ID: 41C9026D8D5969E3183DD33E39E35DCA
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108
Frame ID: AD8F935F97712C9C2EAAC1966DBF8882
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&adk=1812271804&adf=3025194257&lmt=1619152215&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpackages.incpak.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215681&bpp=1&bdt=1051&idt=92&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&dtd=98
Frame ID: BDAC0FE79AA2C7E68BF3DEF511B52F5B
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
Frame ID: 6A3AD9D86853572CF07AD71FE8F89463
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html
Frame ID: E6AAD3F2DDC9CB7B805BA0286E76A81D
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CDmNcV02CYNXlL7fG7_UPt9-QSJmlto5iv6nH6_sM7MO1q64BEAEgnNfIMWCVAqAB5rC9vwPIAQmpAg5Mg9KHKrQ-qAMByANIqgTNAU_QFiSPnir9xN2IIOOr2DQdmjivIluN7f4QOAnjaPx-xp20m2kv5mDEQ3d0j9s8R9MAkd3xhZIcNnaodsRg-Ek7N3SzxOZ-ZyjaNd-6cOsTLp_y4bcC8Z2g4f1J552HF5uOgc6-8hLZIDC7H8zgPIdodRQLpbQYMYc_sajuG5TDPa7DJUrm6fwgwKfowBVe_qnScJyKiuah7wt4VxmFGpS5ZYXu3obeoVXM3_vstnOLmmiM-e6IkNwRFQxOuI2zvgSspxUsB5EJ7Oj1Mh3ABKner8TBA5IFBAgEGAGSBQQIBRgEoAYugAeCz8JAqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEENS8dNIICQiA4YAQEAEYH4AKAcgLAdgTDbIXGgoYCAASFHB1Yi04NjgwNDMzOTg3OTQ3NTIy&sigh=4dkzQFJ39NU&template_id=419
Frame ID: 50AC0A298E90CA9C3842FB71A7A4DEC0
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js
Frame ID: 015351ACE5F08E7092CE02992F712191
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 0C1959AD869319C2CBC10C2F56193050
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: F695358A2082970AC475465CA5B1A2BF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.packages.incpak.com/ HTTP 301
https://packages.incpak.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

98
Requests

100 %
HTTPS

83 %
IPv6

14
Domains

18
Subdomains

21
IPs

3
Countries

1022 kB
Transfer

2656 kB
Size

7
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.incpak.com/
Title: News

Search URL Search Domain Scan URL

URL: https://facebook.com/incpak
Title: 3K

Search URL Search Domain Scan URL

URL: https://twitter.com/incpak
Title: 1K

Search URL Search Domain Scan URL

URL: https://www.instagram.com/incpak
Title: 4K

Search URL Search Domain Scan URL

URL: https://www.incpak.com/about/
Title: About

Search URL Search Domain Scan URL

URL: https://www.incpak.com/team/
Title: Team

Search URL Search Domain Scan URL

URL: https://www.incpak.com/advertise/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.incpak.com/terms/
Title: Terms

Search URL Search Domain Scan URL

URL: https://www.incpak.com/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.incpak.com/disclaimer/
Title: Disclaimer

Search URL Search Domain Scan URL

URL: https://www.incpak.com/contact/
Title: Contact

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.packages.incpak.com/ HTTP 301
https://packages.incpak.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

https://m.exactag.com/ai.aspx?extProvId=330&extPu=75118-gaw&extPm=118814837486&extLi=118814837486&c_id=display_cic_224:fq0_F_kip_1gb_pre_sdc&xt=2447947004&url=https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1823&r_id=htlp&xt=2447947004 HTTP 302
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1823&r_id=htlp&xt=2447947004

Request Chain 88

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

98 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
packages.incpak.com/
Redirect Chain

https://www.packages.incpak.com/
https://packages.incpak.com/

80 KB
15 KB

393ms
369ms

Document
text/html

2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7aa15be5918606b2a7b1257f3ebd731f6489c33041d292d19f78ff521c342a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:method: GET
:authority: packages.incpak.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:14 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214; expires=Sun, 23-May-21 04:30:14 GMT; path=/; domain=.incpak.com; HttpOnly; SameSite=Lax; Secure
cf-ray: 64445afb1fe04e68-FRA
link: <https://packages.incpak.com/wp-json/>; rel="https://api.w.org/", </wp-content/litespeed/cssjs/1bd24.css?bdd81>; rel=preload; as=style,</wp-includes/js/jquery/jquery.js>; rel=preload; as=script,</wp-content/litespeed/cssjs/da60c.js?bb407>; rel=preload; as=script,</wp-content/litespeed/cssjs/8150a.js?32c02>; rel=preload; as=script,</wp-content/litespeed/cssjs/08165.js?ab055>; rel=preload; as=script,</wp-content/litespeed/cssjs/6b1a6.js?e5283>; rel=preload; as=script,</wp-content/litespeed/cssjs/7c1a2.js?6c0de>; rel=preload; as=script,</wp-content/litespeed/cssjs/b5e1b.js?4e6c0>; rel=preload; as=script,</wp-content/litespeed/cssjs/1fbbe.js?46bbf>; rel=preload; as=script,</wp-content/litespeed/cssjs/804ad.js?b85ae>; rel=preload; as=script,</wp-content/litespeed/cssjs/a5201.js?81e70>; rel=preload; as=script,</wp-content/litespeed/cssjs/148cb.js?d5b22>; rel=preload; as=script,</wp-content/litespeed/cssjs/a6812.js?2ad46>; rel=preload; as=script,</wp-content/litespeed/cssjs/3ca75.js?f9774>; rel=preload; as=script
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: BYPASS
cf-apo-via: origin,host
cf-request-id: 099e9730f300004e6866364000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-content-type-options: nosniff
x-frame-options: sameorigin
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=r7mDksZ8hyx0bnOZuRdFX62iQxp7RT2FU4k%2BmPuCLQCz81p2rHKfGmbMona%2BzIOUGzk5Iv35TgucHFtz11%2FbO5r9mPyL%2BLLe2dA3NMOo33JYb1NgoID7%2FZ%2FfYEmCSenK"}],"group":"cf-nel"}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-h2-pushed: </wp-content/litespeed/cssjs/1bd24.css?bdd81>,</wp-includes/js/jquery/jquery.js>,</wp-content/litespeed/cssjs/da60c.js?bb407>,</wp-content/litespeed/cssjs/8150a.js?32c02>,</wp-content/litespeed/cssjs/08165.js?ab055>,</wp-content/litespeed/cssjs/6b1a6.js?e5283>,</wp-content/litespeed/cssjs/7c1a2.js?6c0de>,</wp-content/litespeed/cssjs/b5e1b.js?4e6c0>,</wp-content/litespeed/cssjs/1fbbe.js?46bbf>,</wp-content/litespeed/cssjs/804ad.js?b85ae>,</wp-content/litespeed/cssjs/a5201.js?81e70>,</wp-content/litespeed/cssjs/148cb.js?d5b22>,</wp-content/litespeed/cssjs/a6812.js?2ad46>,</wp-content/litespeed/cssjs/3ca75.js?f9774>

Redirect headers

content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://packages.incpak.com/
x-litespeed-cache: hit
content-length: 0
date: Fri, 23 Apr 2021 04:30:14 GMT
server: LiteSpeed
x-frame-options: sameorigin
alt-svc: h3-34=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

GET
H3-29 200 1bd24.css
packages.incpak.com/wp-content/litespeed/cssjs/ 531 KB
86 KB 38ms
28ms Stylesheet
text/css 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/1bd24.css?bdd81

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cd4e0f84df9fb419cfbbb62b1844cf8a5d333345ebebaa616a902bc15d10200

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 34715
cf-polished: origSize=544157
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327800004a85f9346000000001
last-modified: Thu, 15 Apr 2021 19:09:43 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ynr2Xr2nT%2BIIWSOKUnE%2BzmHD8UGVDI%2Bzw7Yh8HSpu1ziXJ0i6eQC00eFaUMGZZiLTNiWyGjkLWl6UTOwNN0VjXoejJ%2Fkgbql%2F%2FpyDveRsuYDcU7vgcRvyhWm82%2FgHTaM"}],"max_age":604800}
content-type: text/css
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a354a85-FRA
expires: Thu, 29 Apr 2021 18:51:39 GMT

GET
H3-29 200 jquery.js Show response
packages.incpak.com/wp-includes/js/jquery/ 95 KB
33 KB 736ms
726ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-includes/js/jquery/jquery.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-includes/js/jquery/jquery.js
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327900004a8515bd4000000001
last-modified: Fri, 17 May 2019 02:08:52 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tRFXAncFF4oRuFnA4JX9erHDYzkaKgZQPqBSFc3JjQ3Sv%2FC0snQl6jUOh3c1OzooQHdRcH6F2G7YNVwjiJbNyViDqn1AvjQOFRgBtJfnrCER5Bd%2FU6XINu6wimZXoIkB"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a374a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 da60c.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 7 KB
4 KB 574ms
564ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/da60c.js?bb407

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf38ded6fb484705bd57edb0c92b96a9309eeb05bf47ca2100b8e7ff0bb106f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/da60c.js?bb407
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327900004a851f254000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=y3gtOSPm%2BLju9%2BBlruliYLtm1NYQrQ1dejf10nGehcpT1gLvVWIm%2BrmFKPyzD3eMgsB37NZo1bdzdtwmgt2obfhcnATBKfD9FRs6tilVPfU6HBREL5Mdnl0WWIeMuUXq"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a394a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 8150a.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 1 KB
994 B 572ms
562ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/8150a.js?32c02

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00116473418639f0c71b64c1c4ab54e2422a0ea8381bb047fb0ad281946d5510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/8150a.js?32c02
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327a00004a85d4a2e000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v2%2BRAGWpnyebu8dGQbSu1f0tinv6fQ4QzqZIyQdpzxx0IZH0IKvj1RjF6iWaMEzgQ0XSq3%2FYnJkU7j913x7q3I1njbW6ut6qcYXWNyQqGR2GfAYkNzanvxFpmUDw1hEU"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a3b4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 08165.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 940 B
924 B 596ms
587ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/08165.js?ab055

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c512eedd14ff9360fdf4fc65ab879f5fa6e0445a52fde7e2e7f033ec9d3e066c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/08165.js?ab055
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327900004a851703b000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qVkrM8mLS6CZwi8O7Ugc88JjUhu%2BCDbLD9r5lHci40nis8FYi0ZJ6mzCvQltIs4D56GLJNssvypBJYpvIzLg3fQ6FdRb5Q5uySTqX5mS6SEmn%2B7IS2iJzeAdUsWnFZTc"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a364a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 6b1a6.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 5 KB
2 KB 581ms
571ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/6b1a6.js?e5283

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb21c1c0185f5761df2b87a0fd02d4a50fe120aa01f5c9f3c7fd1211ac7ae77a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/6b1a6.js?e5283
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
cf-polished: origSize=5631
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327b00004a85ca133000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mBrE2GsJSzQ4Zw36hgxpU3B1mUzB4oiC1Rok82LTipUDS8LCNvi0lG6eByoiLD7OvliMSL1VBmx2d8iP5AmCt0mnC6a2BTEVkQwuOJ9FbJc1M0IXYbCsTz58voOB82yE"}],"max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a404a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 7c1a2.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 20 KB
7 KB 573ms
563ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/7c1a2.js?6c0de

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6562c065727f5ecbbca42e74d7fa8ee4e42158c0a534ac8939312e9b816f02d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/7c1a2.js?6c0de
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327c00004a85e335b000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ynunaJeKbowOoYTwULfnLtC92lFlaFMIu5%2FPVUJnHoIeJ4gdCfYqxr1SK1%2B1w4%2BVRjKaStPJPrkvp3IHet0HAjsmJ4Zs3GOmtlXUfNUCPaXHXxGhE0TlU9R53KliNAkd"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a434a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 b5e1b.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 3 KB
2 KB 607ms
598ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/b5e1b.js?4e6c0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eba47e627d4bb5e81996f1429642b1665ba23a59aea8f0b14af3725b73e0d826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/b5e1b.js?4e6c0
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
cf-polished: origSize=3028
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327c00004a85e2bd8000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rgQbbufnVGBsmcfji8JjZQBoq3cYuKKIFGWQ%2Bpp9ujFxrGn5zxsScnYzfNufNjKAa74I1licpQIM7umxI5w7DkUDW%2F%2BF%2B52gOWzVBGHsj%2BcHB5MA1YszKqXbxk%2F%2Fsgha"}],"max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a444a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 1fbbe.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 363 B
814 B 572ms
563ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/1fbbe.js?46bbf

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ada54c82755d1fc5006b621b9bd1f7d0eee92513fdb14bcf57a7736effb55aaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/1fbbe.js?46bbf
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327d00004a85242c6000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2zGXgw5PJxi1O07m1ld0702kM3NYalaUgZFDUo0Ys%2B3uhobbi0r%2BOdnL8890CuwIm0eITTI7vWv6CjHo2EXqSXySsYTAd53WnZec%2BdDXF%2FVgU9%2FKFM7eqBNfmjla6juv"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a474a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 804ad.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 2 KB
1 KB 804ms
795ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/804ad.js?b85ae

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16a559dab8dfdaf6a5a3e2677d944de36a0537255975720600ff36150bbfc863

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/804ad.js?b85ae
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327d00004a8505068000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Zl5cM%2BZUSJDl%2FEL5zQ6ADC%2B9TWnaFyj%2Btch2A3Xjolox7I47wdjCIX89HQZeb1nPG%2BhypwyXGzfwFuk0TD%2B65t6Hpyie52azQTsqOxKdo98K2CGpfYU95GnqXMEpqs%2FO"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a494a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 a5201.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 6 KB
2 KB 606ms
597ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/a5201.js?81e70

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c7ec1f63b293381f71e21ed716d68dc4eaa18da4d43791411fdb5478c9c4e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/a5201.js?81e70
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97328100004a85fe80b000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dn3tzHycrPBaCIDcbYq6LglB6PQxoKwst7d9W8d72UucFuBcCSwIgMWrkhCmR2x3NvksyaL6JRghm3Xv0wrcr8tSc97p5gObzPtG6GWq7hyd2pEvbn7jMFMsKWR31vN8"}],"max_age":604800}
content-type: application/javascript
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a4a4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 148cb.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 3 KB
2 KB 583ms
574ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/148cb.js?d5b22

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93cdb9f201ec66ce01d51d5a451cd8e715f03f9e898812639e78d71b60d920df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/148cb.js?d5b22
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
cf-polished: origSize=3292
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327f00004a85d5aff000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qVXse9PJuvdBDC49tjC3146U6LSaaEXr9aP1URXfq6Kpqpi2QlAKkFl5FuUcVZs63zfHqygAVaEFEBRwobPtOB6wPKWU9S8Y%2BadVDo9xqJUBOSMAyVrZNA3Kt42sGtM6"}],"max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a4e4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 a6812.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 17 KB
5 KB 34ms
26ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/a6812.js?2ad46

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38048251c98b6b42e48dcb5b3676b569eaefba316d5b8f2b7fde0b098919530d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/a6812.js?2ad46
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:14 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 21636
cf-polished: origSize=16970
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97328000004a85fd3f5000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7%2BjeB0co3siGQq3nVkh0DHAolGBuc1V1Dr5lgMeQ9BdPzHJ9iBxPQSJbBes3r5OV6sSFuRrKjPfepMjBvCc4FRS9G%2FIqh5NULhaXaqse8TYh98XjcF3P%2BLNBO9zleFan"}],"max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a4f4a85-FRA
expires: Thu, 29 Apr 2021 22:29:38 GMT

GET
H3-29 200 3ca75.js Show response
packages.incpak.com/wp-content/litespeed/cssjs/ 1 KB
1 KB 594ms
586ms Script
application/javascript 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/litespeed/cssjs/3ca75.js?f9774

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dae60c1ae93830b79a4a973b55a51e457d539eb298da9fca643b3ed0042d569

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/litespeed/cssjs/3ca75.js?f9774
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 0
cf-polished: origSize=1428
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97327600004a85ea8e6000000001
last-modified: Thu, 22 Apr 2021 19:18:03 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=babg1tIUuN6YX4ib%2BlwTX6xPvgjxVeku4js4B4XeAISA7WBfrfIBGAcyGb2w0pyhBgDcPpq6oqwfxNMj3gopg11UlUASkkwHmNExIUxefH92rpSAVdFKIWQTBPyJfLM4"}],"max_age":604800}
content-type: application/javascript
cf-bgj: minify
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 64445afd8a2e4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 powerkit-icons.woff
packages.incpak.com/wp-content/plugins/powerkit/assets/fonts/ 25 KB
26 KB 719ms
712ms Font
font/woff 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/plugins/powerkit/assets/fonts/powerkit-icons.woff

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05a1dbfe780fd6bdd0718ae8819a959125caa7507c0f65ebc2175b4d8c752bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

sec-fetch-mode: cors
origin: https://packages.incpak.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
:path: /wp-content/plugins/powerkit/assets/fonts/powerkit-icons.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://packages.incpak.com
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25768
cf-request-id: 099e97327800004a85032ca000000001
last-modified: Mon, 14 Sep 2020 23:35:00 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IlImxkfm2ktpTGf6NySQgHF8E1otB2LgrzoKOKN19lpFhksIUuJ58i1I5a62B3WZh9fO78XH%2FU%2FbeMQ3w5H7eM01MPCHKSxu2NAe37gFegnxTjrGUrAxgqEKqeC4AtzW"}],"max_age":604800}
content-type: font/woff
vary: Accept-Encoding
cache-control: max-age=18000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445afd8a334a85-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 133 KB
47 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38f0f74db67af9abd2c3c30c578a2695e2ea703afc05a3a00b23666304d65661

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48219
x-xss-protection: 0
server: cafe
etag: 5862893250907176502
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 23 Apr 2021 04:30:14 GMT

GET
H3-29 200 incpak-logo-text2.png
packages.incpak.com/wp-content/uploads/2019/09/ 863 B
1 KB 352ms
352ms Image
image/png 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/09/incpak-logo-text2.png

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbae53da8fd0200cafa000747e3557ede5c35e0c5863406e3b6ecd71beb15c72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/09/incpak-logo-text2.png
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 863
cf-request-id: 099e97356400004a85e2806000000001
last-modified: Tue, 24 Sep 2019 09:03:13 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7ll6%2B0%2BoZGWX9J6%2BSJo7ww2RujBk7tHc6DxiA0jveGO%2B%2FIM9N0CMvTcVeQ3OzQ%2Bq9F%2FoJUgMbSMygK3ailTxhSp8vAhPU5HOBDhHS2ullCSIfaFEF4v1uMDjAsVeTk1b"}],"max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b0239b54a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 31ms
30ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-33184277-5

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

413bfeedb45cacdc1867fef145dcc1da25a61ef5194a8eccb1c64af35aead310

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35789
x-xss-protection: 0
last-modified: Fri, 23 Apr 2021 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 23 Apr 2021 04:30:15 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 32ms
17ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: packages.incpak.com
URL: https://packages.incpak.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb603ea16e1b6fa84e78a18ca96bc753323f0c1e28f1690be7d96a89958cdbdc

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 2971
etag: W/"edca9adaaa77b1e70f406381fd662135"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 64445b022ca32be9-FRA
cf-request-id: 099e97355b00002be939229000000001
expires: Mon, 26 Apr 2021 04:30:15 GMT

GET
H3-29 200 icons.ttf
packages.incpak.com/wp-content/themes/spotlight/css/fonts/ 10 KB
5 KB 344ms
344ms Font
font/ttf 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-content/themes/spotlight/css/fonts/icons.ttf

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/wp-content/litespeed/cssjs/1bd24.css?bdd81

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

311f713103c82f91d45defa0462bfcc377a07ef971e4e69b41a432c7125c1c28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

sec-fetch-mode: cors
origin: https://packages.incpak.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
:path: /wp-content/themes/spotlight/css/fonts/icons.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: packages.incpak.com
referer: https://packages.incpak.com/wp-content/litespeed/cssjs/1bd24.css?bdd81
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://packages.incpak.com
Referer: https://packages.incpak.com/wp-content/litespeed/cssjs/1bd24.css?bdd81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 099e97356f00004a85f9376000000001
last-modified: Sat, 26 Oct 2019 08:36:42 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wXqEhH3%2Fqr8wV9n2aCuBhigkZ4ujk5ui7d4Wd3eoT6%2Fje%2F9oPvM7LEqdIZZGNluufWIR1yWstzlxcqRcKhq6%2FUXmdcB3WknVVxUaxyE8MZIFlpsG3TG5123AoLez423t"}],"max_age":604800}
content-type: font/ttf
vary: Accept-Encoding
cache-control: max-age=18000
x-turbo-charged-by: LiteSpeed
cf-ray: 64445b0249d94a85-FRA

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210420/r20190131/ 222 KB
83 KB 35ms
33ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210420/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8680433987947522&plah=packages.incpak.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfde43aa08cb022928e3a8ef34ac51b983e6e8e3cb0852c0707034d04edaa723

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84671
x-xss-protection: 0
server: cafe
etag: 17020415162214586688
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 23 Apr 2021 04:30:15 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210420/r20190131/ Frame 7596 10 KB
5 KB 5ms
5ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210420/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210420/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 22 Apr 2021 17:20:37 GMT
expires: Thu, 06 May 2021 17:20:37 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 40178
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 zzzzz-560x300.png.webp
packages.incpak.com/wp-content/uploads/2019/11/ 16 KB
16 KB 498ms
497ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/11/zzzzz-560x300.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68af17883738c76f20e331738e7f13cd75ba6c33980c43f08c3aaf1433546766

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/11/zzzzz-560x300.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16132
cf-request-id: 099e97364200004a85c10cf000000001
last-modified: Tue, 05 Nov 2019 18:14:44 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zQOznT5IyUxMgSUIQXduHzkI7EiHdvdAXJMj3gtsYWYYs9cCUHHecBNeOvIYcHMYfdJCYloPD8FBGHVkSwRN1UtTRkQWsCTQf9Z1MpEe%2Fu1XNdnpaTrrJF4cuN%2B2Aewg"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b039c244a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 aaaaaaaaaaaa-260x140.png.webp
packages.incpak.com/wp-content/uploads/2019/11/ 7 KB
7 KB 324ms
323ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/11/aaaaaaaaaaaa-260x140.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede434dbe8087075be5794b13429c8cdd4786f86ae9b6edea31e02327f6dae4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/11/aaaaaaaaaaaa-260x140.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6734
cf-request-id: 099e97364200004a85ab85a000000001
last-modified: Tue, 05 Nov 2019 09:59:43 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1EpBCm7OuDia%2FA1puHQ%2F2E9tPJXerFZn9zmRedSH60wNS%2FgyCsOfbXP8cK84jUQco%2BSbkL5GNd1Nt3mjdXIq2Kr69SSXVdrhL7doavkFGK2Jh%2Fz5A9AgW8YRRhATDkuC"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b039c254a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 zong4gd-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/11/ 4 KB
5 KB 328ms
327ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/11/zong4gd-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5d3ad8f228954bd9869268786d407e32b7893d2ade5f8e63db503f15a2f1c27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/11/zong4gd-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3968
cf-request-id: 099e97364200004a85ee24c000000001
last-modified: Mon, 04 Nov 2019 14:41:42 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RJFJ%2BvErgHd2vbsV0GilMvVstdbpu5f2AB9tok%2Bmq28PqAGNBeLNXJyz49EqG%2FXGMezmMqGecbHs9cOVnu6mlddoDsoyso3Ej0eaNHDFqu70BnaxY6Z3XD9mtDZOUTZ0"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b039c264a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 215251-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/11/ 11 KB
12 KB 347ms
346ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/11/215251-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e4732f0083d06609fddefa21958b716f6e4c57e6dbd52c165bf29f0fd3831db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/11/215251-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11646
cf-request-id: 099e97364200004a8527a49000000001
last-modified: Thu, 31 Oct 2019 19:22:57 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=APbfeUQoXIG6PzXBpIFCD2LVApV35qHww0A2zFQFlG6WF0QymiZ%2FfOrFgz3XiIw7kjI%2Bl2Gqaqe6OOkIBZA6uaSzc2zfr7DifA6qk3KWJwObRvS99gfpq78pzA3VENkb"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b039c284a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 jazz-1-260x140.png.webp
packages.incpak.com/wp-content/uploads/2019/10/ 6 KB
6 KB 358ms
356ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/jazz-1-260x140.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d215711d7643ee6734af2f6e7723809ee96ded5ed526e3a2867928deb4a588c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/jazz-1-260x140.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5708
cf-request-id: 099e97366a00004a85ae178000000001
last-modified: Tue, 29 Oct 2019 12:06:49 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OJqdVyiuIqCqKVeyuJHyCgrNvPkD%2F3hboqRZsUhX7YJx0V9HliGUyFyMxJf5UC5QiWIPMtDXfPmnIyzPGgldoGXfP7VTyvSTs8vM279Jo62%2FZLqpsF0ahSrPH7IsbUbK"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dc9b4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 maxresdefault-1-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 8 KB
9 KB 416ms
414ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/maxresdefault-1-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede6bd564430badd1f5cdc538f2bec1bfb3b42444d50437d2e30c94358849a4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/maxresdefault-1-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8480
cf-request-id: 099e97366b00004a851f29c000000001
last-modified: Tue, 29 Oct 2019 05:34:42 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YiQDBMY%2Flyx0y51ENYwaZU%2BUcwNGZdf9sads0pQ3PxYupWq8iJFj2OkZ92bEiRkoczTlCDaYAXYe0qZ5zYFnZfIVNtn1u%2FD1KfiC7sSnbdfmT8sQP5T3J1iZ6M3OPx20"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dc9e4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 happinesswoman-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 9 KB
9 KB 422ms
420ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/happinesswoman-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1158b5359f7a130f6717e4e4f5a339a88da383f5bd755320bad562e9b172e3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/happinesswoman-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8906
cf-request-id: 099e97366b00004a850c859000000001
last-modified: Mon, 28 Oct 2019 16:10:21 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0X6uZsWHLUyZHJZ%2BGzAZA%2Fn0bHyIs3CiQ71vdMIWh3CpGD5ZtDjrxNeZ961JWkWMbvAVHHzU3REWcfXJ4ITv3ogZNmlarkYmmoLHE%2F2b8MzEh2MDHHCe%2BCSq%2Fihxtn41"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dc9f4a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 Untitled-1-260x140.png.webp
packages.incpak.com/wp-content/uploads/2019/10/ 2 KB
3 KB 419ms
417ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/Untitled-1-260x140.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fae4a21da89f69f9c5fb2cee818175c929d2855dcaee6ed03ca3307ee330a651

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/Untitled-1-260x140.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2422
cf-request-id: 099e97366b00004a85c1b9d000000001
last-modified: Mon, 28 Oct 2019 09:38:37 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2Ww28zREGj%2BJAyISo2U0PB2WyWfGxrL0x%2BhTHJQepFmgdn5PYCA5%2FCM8RzFLDdcL7xvr%2FS7lCDPO4QwJexcu%2FhKK0CLIRTxGbvGJU9fnfRSzM7okG%2Br%2BgYYFE9uXSAr5"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca04a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 Untitled-260x140.png.webp
packages.incpak.com/wp-content/uploads/2019/10/ 2 KB
2 KB 324ms
321ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/Untitled-260x140.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcd5ab860af98b00bddc5d1c618d071ebae1f87d29d45bfa080f2ff3b4264f2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/Untitled-260x140.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1850
cf-request-id: 099e97366b00004a85e7bd8000000001
last-modified: Sat, 26 Oct 2019 09:10:47 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=no3q7p1G9DPP1%2F%2BVJrxtBCIUV6KJbOfmY3t%2BmPkr4ND7UYzEvk094lkbc59iyLlXfuCGwYU9YnqRkhfWrATz3VPu138o8I23wQxn6iD%2Fmmd3i%2FvPhRD0YH%2FA0EpPpnUY"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca14a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 ufone-blace-check-code-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 9 KB
9 KB 325ms
323ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/ufone-blace-check-code-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f38cd1c06261372ef306fb5db1fa49ebc17926a7788d4f468dc7bb5926f7af3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/ufone-blace-check-code-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8734
cf-request-id: 099e97366b00004a85cd07e000000001
last-modified: Sat, 26 Oct 2019 09:15:53 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ye3chQJsb%2B%2B3WFg2BM7X72y7jzKBc3pO%2FGVokNBgMat44oSZPGMzDnJSi80P9gzhWdH6dirphuUWDEfa14MgjAMlkaz3jJQzpyhidpVskKfvMd%2Bk08KDGYRVKkmDoaaN"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca24a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 sbalance-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 3 KB
4 KB 417ms
415ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/sbalance-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9ff8a15f1521bce686cef382ad1ac19ad0558fb8ce473516b3915d027c20c32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/sbalance-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2930
cf-request-id: 099e97366b00004a85db2c5000000001
last-modified: Sat, 26 Oct 2019 09:15:54 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y4RqSiIuxCLm%2FY4fYJL%2Bep8jV5QAQIxgKGTejAEBbtZT2IV6HMDkeu%2FR8xdsbIwpdRQBS2GpVxQt2A0ogYDGXLBMBQ7Qow6Sktjc79iSDLcc4zE550z6rt6lZVG277oX"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca34a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 Untitlej-260x140.png.webp
packages.incpak.com/wp-content/uploads/2019/10/ 5 KB
6 KB 421ms
419ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/Untitlej-260x140.png.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36520dea76805ad9ed9b3d06b098ab34e04748fbe547b9d185eb1f0f5922f6d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/Untitlej-260x140.png.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5606
cf-request-id: 099e97366b00004a85fe84c000000001
last-modified: Sat, 26 Oct 2019 09:23:33 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AGOVmjAwNF4asLXfVy%2BrFzn5NMPEzmmRdo5G6WIwn1fOydjTv7oH6ts2SCACaQaa7aITdaaYpYV2ASGCkT5xLVUwbPA7Fspw%2FlffYqbCXQyKkb67LHUQFvEVZFu%2F8fcg"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca44a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 blqaa-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 8 KB
8 KB 322ms
320ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/blqaa-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27bc56a04550d7dedae79824e893c5f66a81189d92a571ea6bbb9edd68f51a21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/blqaa-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 7804
cf-request-id: 099e97366c00004a85bca40000000001
last-modified: Sat, 26 Oct 2019 09:28:31 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vjZFUULkwDR0smp3jodamm7KT%2Fk%2BIlHI5oTJkgpxD1euZBMEUqQUcO8e7fwmb6p0nKLdAVnz%2BPI0P2yKt%2B2G7ewRDxd1e3%2BdIFh3t0zWY7NOwNcqpwfoJLtt9sGVaGws"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca54a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H3-29 200 maxresdefault-260x140.jpg.webp
packages.incpak.com/wp-content/uploads/2019/10/ 6 KB
6 KB 421ms
420ms Image
image/webp 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://packages.incpak.com/wp-content/uploads/2019/10/maxresdefault-260x140.jpg.webp

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f05dfe6971ce3e78425e46d289ace161f2db8cf408a0f2b05a222f141ea5a8f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

:path: /wp-content/uploads/2019/10/maxresdefault-260x140.jpg.webp
pragma: no-cache
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5770
cf-request-id: 099e97366c00004a85db89c000000001
last-modified: Sat, 26 Oct 2019 09:28:32 GMT
server: cloudflare
x-frame-options: sameorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dEE2y0gk31GBnpF9YJgnvQlCG3MIbk7TyPzAzigP66YuqO6FGlkmyqnt%2FH91DSHcdk27054fq%2BlJE1fBLwy1jiLygAI5QGu1%2BQUtNmm41H4vLCLt2tnB%2B%2FvMv%2BGfIX27"}],"max_age":604800}
content-type: image/webp
vary: Accept-Encoding
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 64445b03dca64a85-FRA
expires: Fri, 30 Apr 2021 04:30:15 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 200 B
638 B 84ms
31ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=packages.incpak.com&callback=_gfp_s_&client=ca-pub-8680433987947522

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210420/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8680433987947522&plah=packages.incpak.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

891c82d7bae9e64f72a035d4cabf33b2e4400d0fded7cffda0fbe80242569d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 190
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=packages.incpak.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=packages.incpak.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9C95 72 KB
24 KB 572ms
571ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3318166806&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215520&bpp=6&bdt=891&idt=182&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=4603255182861&frm=20&pv=2&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uFev0UOa63&p=https%3A//packages.incpak.com&dtd=205

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0b0899f7a6364bda5b048384d6f7e0221e27086cd777e44277a1955692e343a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3318166806&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215520&bpp=6&bdt=891&idt=182&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=4603255182861&frm=20&pv=2&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uFev0UOa63&p=https%3A//packages.incpak.com&dtd=205
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 23 Apr 2021 04:30:16 GMT
server: cafe
content-length: 24146
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 23-Apr-2021 04:45:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 23 Apr 2021 04:30:16 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4956137c69656045c048a157aaa84859657bbc7744019d26cce6b5bded84cc49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619017352525402"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28270
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:15 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-33184277-5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4052
date: Fri, 23 Apr 2021 03:22:43 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 23 Apr 2021 05:22:43 GMT

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 41C9 70 KB
23 KB 678ms
677ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd4a43958f5c95ed71f444fb00bfab107be9aaee6869e2ec7b6280fba727571e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 23 Apr 2021 04:30:16 GMT
server: cafe
content-length: 23898
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 23-Apr-2021 04:45:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 23 Apr 2021 04:30:16 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AD8F 113 KB
36 KB 685ms
685ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

608e241d04f86ecab2725abcb5588c6adc3981b466f2f1752746e49ae22cb2e6

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJXtooXEk_ACFTfjuwgdty8ECQ&gqi=V02CYJC0L5Xc7_UPtbC80AQ&layout=/sadbundle/%24csp%253Der3%24/15114128110379568047/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJXtooXEk_ACFTfjuwgdty8ECQ&gqi=V02CYJC0L5Xc7_UPtbC80AQ&layout=/sadbundle/%24csp%253Der3%24/15114128110379568047/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 23 Apr 2021 04:30:16 GMT
server: cafe
content-length: 36678
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 23-Apr-2021 04:45:15 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 23 Apr 2021 04:30:16 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BDAC 0
19 B 16ms
16ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&adk=1812271804&adf=3025194257&lmt=1619152215&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpackages.incpak.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215681&bpp=1&bdt=1051&idt=92&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&dtd=98

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-8680433987947522&output=html&adk=1812271804&adf=3025194257&lmt=1619152215&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fpackages.incpak.com%2F&ea=0&flash=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215681&bpp=1&bdt=1051&idt=92&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&dtd=98
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 23 Apr 2021 04:30:15 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 23-Apr-2021 04:45:15 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 23 Apr 2021 04:30:15 GMT
cache-control: private

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=247368808&t=pageview&_s=1&dl=https%3A%2F%2Fpackages.incpak.com%2F&ul=en-us&de=UTF-8&dt=INCPAK%20Packages%20-%20Mobile%20Call%20SMS%203G%204G%20Daily%20Weekly%20Monthly%20Packages&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAhAAUABAAAAAC~&jid=1428504593&gjid=494550727&cid=1223897751.1619152216&tid=UA-33184277-5&_gid=669295625.1619152216&_r=1&gtm=2ou4e1&z=2053561061

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 23 Apr 2021 04:30:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://packages.incpak.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 9C95 3 KB
674 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3318166806&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215520&bpp=6&bdt=891&idt=182&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=4603255182861&frm=20&pv=2&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uFev0UOa63&p=https%3A//packages.incpak.com&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Apr 2021 03:10:14 GMT
server: ESF
date: Fri, 23 Apr 2021 04:30:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 9C95 1 KB
947 B 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:24:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:24:44 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/ Frame 9C95 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e61fbc1b28f6df7a78610c40c0166aae6cc5f7b97f797af1400755a28beb313c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7118
x-xss-protection: 0
server: cafe
etag: 10067803527878659939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 9C95 2 KB
1 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:44 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9C95 116 KB
35 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619017370605640"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36032
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 9C95 13 KB
6 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5606
x-xss-protection: 0
server: cafe
etag: 18162876464550245940
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:21:08 GMT

GET
H2 200 b42b11247d0ebeb7b44892ca7e629453.js Show response
www.gstatic.com/mysidia/ Frame 9C95 25 KB
10 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b42b11247d0ebeb7b44892ca7e629453.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d34b0d95e73a7ae965ab9eef15d273c1b4ab22aa7d5648e120a2763434ce84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 03:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Apr 2021 07:12:01 GMT
server: sffe
age: 2415
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10497
x-xss-protection: 0
expires: Thu, 22 Jul 2021 03:50:01 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/18099515163591010930/ Frame 9C95 59 KB
59 KB 15ms
14ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18099515163591010930/downsize_200k_v1?w=600&h=314

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79f8dba00fe3813585b06ff2442faf8c11209033b0026474b1f197fa91f68917

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 10:49:58 GMT
x-content-type-options: nosniff
age: 63618
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60180
x-xss-protection: 0
last-modified: Wed, 07 Apr 2021 09:10:21 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Apr 2022 10:49:58 GMT

GET
DATA 200
OK truncated
/ Frame 9C95 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2

200

csp.php
vfd2dyn.vodafone.de/csp/ Frame 9C95
Redirect Chain

https://m.exactag.com/ai.aspx?extProvId=330&extPu=75118-gaw&extPm=118814837486&extLi=118814837486&c_id=display_cic_224:fq0_F_kip_1gb_pre_sdc&xt=2447947004&url=https://vfd2dyn.vodafone.de/csp/csp.ph...
https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1823&r_id=htlp&xt=2447947004

0
0

92ms
28ms

Fetch
text/html

18.197.28.148
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1823&r_id=htlp&xt=2447947004
Requested by: Host: packages.incpak.com
URL: https://packages.incpak.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.28.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-28-148.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=utf-8
server: Apache
p3p: CP="CAO PSA OUR"
content-length: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
Access-Control-Allow-Origin: https://googleads.g.doubleclick.net
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
Content-Length: 0
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Fr, 23 Apr 2021 04:30:16 GMT
Server: Microsoft-IIS/8.5
Date: Fri, 23 Apr 2021 04:30:15 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: text/html; charset=iso-8859-1
Location: https://vfd2dyn.vodafone.de/csp/csp.php?b_id=1823&r_id=htlp&xt=2447947004
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1756
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9C95 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDSO7V02CYNzlLbHG7_UPoJGk8AKZism2Yr2ErYm9Db6gzPCMDhABIJzXyDFglQKgAbyaqe4DyAEJqQLVPpdsqyi0PqgDAcgDywSqBMIBT9AEvUfPKIPK0AU_csKJUE3C-zWDBVEvAjys0i72ry9EMQwPO-1cogZvI_zHhOF9phZsas-oLfTIvzK-K_iNuaiKC27PP68s16DMGYelByTlMSo0EcEt6VC_5iaS7D5FjATPsk1lqGUZIHxW1cIvVj28w13dSY7tYvuzt4DWfGSAYjaGprTvOfNnjdWV-5m1ZS9yoyjVaDT0nWVBSTuF_sYtzILdNMFAJPZFB6dwhXTRA2m8xZPFJOP2jlfriAsPgrXABO6Vqs-6A5IFBAgEGAGSBQQIBRgEoAYugAeSjNE9qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEM7eeNIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEw2yFxoKGAgAEhRwdWItODY4MDQzMzk4Nzk0NzUyMg&sigh=rn62nJQwlH8&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3318166806&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215520&bpp=6&bdt=891&idt=182&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=4603255182861&frm=20&pv=2&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=60&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uFev0UOa63&p=https%3A//packages.incpak.com&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 23 Apr 2021 04:30:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
DATA 200
OK truncated
/ Frame 9C95 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ecb3ce2ff4fa7852db55e775c4bf177dac08a4cd2253f37c60a7d84a4b13802

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 9C95 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 97094
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 22 Apr 2022 01:32:02 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 9C95 21 KB
21 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 21:23:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 198380
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Wed, 20 Apr 2022 21:23:56 GMT

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame 6A3A 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 02:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 6678
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 23 Apr 2022 02:38:58 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 41C9 3 KB
578 B 23ms
23ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 23 Apr 2021 03:15:13 GMT
server: ESF
date: Fri, 23 Apr 2021 04:30:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 41C9 1 KB
909 B 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:24:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:24:44 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/ Frame 41C9 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e61fbc1b28f6df7a78610c40c0166aae6cc5f7b97f797af1400755a28beb313c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7118
x-xss-protection: 0
server: cafe
etag: 10067803527878659939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 41C9 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:44 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 41C9 116 KB
35 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619017370605640"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36032
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 41C9 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5606
x-xss-protection: 0
server: cafe
etag: 18162876464550245940
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:21:08 GMT

GET
H3-29 200 b42b11247d0ebeb7b44892ca7e629453.js Show response
www.gstatic.com/mysidia/ Frame 41C9 25 KB
10 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b42b11247d0ebeb7b44892ca7e629453.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0d34b0d95e73a7ae965ab9eef15d273c1b4ab22aa7d5648e120a2763434ce84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 01:01:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 15 Apr 2021 10:35:46 GMT
server: sffe
age: 271720
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10497
x-xss-protection: 0
expires: Mon, 19 Jul 2021 01:01:36 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/17461133479128576584/ Frame 41C9 23 KB
23 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17461133479128576584/downsize_200k_v1?w=600&h=314

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4edcd1dfa3b27ac12e91e990908e934fd9ff73cb621a69ade54a2e2a5d823422

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 16:04:14 GMT
x-content-type-options: nosniff
age: 44762
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23556
x-xss-protection: 0
last-modified: Thu, 18 Mar 2021 14:11:22 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Apr 2022 16:04:14 GMT

GET
DATA 200
OK truncated
/ Frame 41C9 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 41C9 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C98XaV02CYL3iLsOU7_UP_vOQ0A7MtIuwYe39gfWcDcuX55CSDhABIJzXyDFglQKgAbzNxKMCyAEJqQIOTIPShyq0PqgDAcgDywSqBMYBT9DUwtAIqv86exdy4IgGSY7EW0-so7ZYnGkmGL1hS841KOoKsy_DR4aD5bmcuXW2WRooN3OnWHeQ0f9XM1tMdlsi7s5-KVDGWUCe7OYxD9lgxiQeTQdEpga-e5qqW7xmmN33ETWc2eOTowpOuKORaboWa6kZYz18Vdgk-O70OELGIC5hcZ4GBcS5GEDnZTREjAwb1_calwh0FTD33UVT4RP12A9wYAZYNeLb-QJ-5h4YX8qbrFs6g5cd6mribLw2zI7PKd1gwAS2kYrkqwOSBQQIBBgBkgUECAUYBKAGLoAHrLK73AGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ8fkr0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDYgUCtAVAYAXAbIXGgoYCAASFHB1Yi04NjgwNDMzOTg3OTQ3NTIy&sigh=DTmlisRgg-s&template_id=5000

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 23 Apr 2021 04:30:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame AD8F 67 B
91 B 6ms
6ms Image
image/png 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 22 Apr 2021 22:41:50 GMT
x-content-type-options: nosniff
server: cafe
age: 20906
etag: 2462972746714251406
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Fri, 23 Apr 2021 22:41:50 GMT

GET
DATA 200
OK truncated
/ Frame 41C9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a3b121410d809c1ca9aab99fcd0b30b991137b4f0ce004cc820e771f4119155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 41C9 21 KB
21 KB 14ms
14ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 01:32:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 97094
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Fri, 22 Apr 2022 01:32:02 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 41C9 21 KB
21 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 20 Apr 2021 21:23:56 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 198380
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Wed, 20 Apr 2022 21:23:56 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 79 KB
18 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89a979f9f9c8408f52c9390b1533ef41ca0e8f2541b02abdb56bf7386475a4a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/15114128110379568047/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 21 Apr 2021 11:06:03 GMT
expires: Thu, 21 Apr 2022 11:06:03 GMT
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 18019
age: 149053
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 50AC 0
0 16ms
16ms Fetch
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDmNcV02CYNXlL7fG7_UPt9-QSJmlto5iv6nH6_sM7MO1q64BEAEgnNfIMWCVAqAB5rC9vwPIAQmpAg5Mg9KHKrQ-qAMByANIqgTNAU_QFiSPnir9xN2IIOOr2DQdmjivIluN7f4QOAnjaPx-xp20m2kv5mDEQ3d0j9s8R9MAkd3xhZIcNnaodsRg-Ek7N3SzxOZ-ZyjaNd-6cOsTLp_y4bcC8Z2g4f1J552HF5uOgc6-8hLZIDC7H8zgPIdodRQLpbQYMYc_sajuG5TDPa7DJUrm6fwgwKfowBVe_qnScJyKiuah7wt4VxmFGpS5ZYXu3obeoVXM3_vstnOLmmiM-e6IkNwRFQxOuI2zvgSspxUsB5EJ7Oj1Mh3ABKner8TBA5IFBAgEGAGSBQQIBRgEoAYugAeCz8JAqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEENS8dNIICQiA4YAQEAEYH4AKAcgLAdgTDbIXGgoYCAASFHB1Yi04NjgwNDMzOTg3OTQ3NTIy&sigh=4dkzQFJ39NU&template_id=419

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Fri, 23 Apr 2021 04:30:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/ Frame 50AC 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e61fbc1b28f6df7a78610c40c0166aae6cc5f7b97f797af1400755a28beb313c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7118
x-xss-protection: 0
server: cafe
etag: 10067803527878659939
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:39 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 50AC 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:16:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 812
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:16:44 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 50AC 116 KB
35 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1619017370605640"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36032
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/ Frame 50AC 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210420/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 548
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5606
x-xss-protection: 0
server: cafe
etag: 18162876464550245940
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 07 May 2021 04:21:08 GMT

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame 0153 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=1051473204&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215621&bpp=5&bdt=991&idt=118&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=1056&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=H6AndCD4En&p=https%3A//packages.incpak.com&dtd=130

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 02:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 6678
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 23 Apr 2022 02:38:58 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0C19 143 B
163 B 6ms
6ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSIWOud3IY5ACPGVx7aizd-9jjMii_F7Hefta5SuoPfacbr5LL2UrohAz-RcE; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 23 Apr 2021 03:56:55 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2001
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E6AA 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 03:56:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2003
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 24 Apr 2021 03:56:53 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E6AA 22 KB
9 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 22 Apr 2021 18:54:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 23 Apr 2021 18:54:37 GMT

GET
DATA 200
OK truncated
/ Frame 50AC 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3ff3152ac1eb832cf010d2dd21e8b5be39bb011865453de09ebc0825244da5fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 get-counts Show response
packages.incpak.com/wp-json/social-counts/v1/ 364 B
1023 B 498ms
497ms XHR
application/json 2606:4700:3035::6815:bb8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://packages.incpak.com/wp-json/social-counts/v1/get-counts?ids=facebook%2Ctwitter%2Cinstagram%2Cfacebook%2Ctwitter

Requested by

Host: packages.incpak.com
URL: https://packages.incpak.com/wp-includes/js/jquery/jquery.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:bb8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6850f85886f39564361554ce9c9fc6e7948d143b6feeab026fda42fae1958650

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __cfduid=daa468a01eaef535448a32b9062c595501619152214; _ga=GA1.2.1223897751.1619152216; _gid=GA1.2.669295625.1619152216; _gat_gtag_UA_33184277_5=1; __gads=ID=e3c9191a515eceb1-22d1a295a0a7006a:T=1619152215:RT=1619152215:S=ALNI_MaEx3_b9yUER4sWhFCZSMMH763Hmg
:path: /wp-json/social-counts/v1/get-counts?ids=facebook%2Ctwitter%2Cinstagram%2Cfacebook%2Ctwitter
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: packages.incpak.com
referer: https://packages.incpak.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://packages.incpak.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","max_age":604800}
x-litespeed-cache: hit
cf-ray: 64445b0aa8294a85-FRA
vary: Origin, Accept-Encoding
cf-request-id: 099e973aa400004a85e7821000000001
cf-apo-via: origin,host
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
allow: GET
server: cloudflare
x-frame-options: sameorigin
etag: W/"58-1618890572;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=77GFZlsde6DnhoGUm1t7QrAD0ePK1mGcsg8zlTtVROHgK3XDn91hS%2Fh5Qysf24j%2B%2Bi8eIbvY66znkloWrQsGbyrH0EgYImd3AwxukjHWV06GvVovjnohZmaAKj4Otvzt"}],"max_age":604800}
content-type: application/json; charset=UTF-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
x-turbo-charged-by: LiteSpeed
x-robots-tag: noindex
link: <https://packages.incpak.com/wp-json/>; rel="https://api.w.org/"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 9 KB
7 KB 32ms
30ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210420&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

343c5166a66f8c612ba08e5736474375366fd90253fdb0169341eaa545f3cc14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 23 Apr 2021 04:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7088
x-xss-protection: 0

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0C19
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8680433987947522&output=html&h=280&slotname=1383197843&adk=4113659609&adf=3706563373&pi=t.ma~as.1383197843&w=1200&fwrn=4&fwrnh=100&lmt=1619152215&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fpackages.incpak.com%2F&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1619152215659&bpp=2&bdt=1029&idt=102&shv=r20210420&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=4603255182861&frm=20&pv=1&ga_vid=1223897751.1619152216&ga_sid=1619152216&ga_hid=247368808&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=3222&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42530671&oid=3&pvsid=4262444988053010&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=VUJzbiUAbG&p=https%3A//packages.incpak.com&dtd=108

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkSIWOud3IY5ACPGVx7aizd-9jjMii_F7Hefta5SuoPfacbr5LL2UrohAz-RcE; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 23 Apr 2021 04:30:16 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Fri, 23-Apr-2021 05:30:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 23 Apr 2021 04:30:16 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 23 Apr 2021 04:30:16 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame E6AA 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 02:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 6678
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 23 Apr 2022 02:38:58 GMT

GET
H3-29 200 Element_24.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 13 KB
4 KB 12ms
10ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_24.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6961a4d4296ec402fe593fad1dc613d2a4afe369e19b245a1139e8addeef035

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 103476
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4012
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Wed, 21 Apr 2021 23:45:40 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Apr 2022 23:45:40 GMT

GET
H3-29 200 Element_18.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 3 KB
1 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_18.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bea8ca18fc59dd9efc69075b87febbe8dfd2a4819e600cd6fd9b5da0df604e44

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 95123
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1235
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Thu, 22 Apr 2021 02:04:53 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 22 Apr 2022 02:04:53 GMT

GET
H3-29 200 Element_16.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 246 B
225 B 10ms
8ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_16.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d82367742a789f0618bd00083354a3df851fc894683e6a94e41123268ee99254

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 440734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 195
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 18 Apr 2021 02:04:42 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Apr 2022 02:04:42 GMT

GET
H3-29 200 Element_15.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 5 KB
2 KB 8ms
7ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_15.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbe53fbdf228359ca0cbce287c93bd5d381dc271605ae88635204eec016aa98

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 248348
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1760
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Tue, 20 Apr 2021 07:31:08 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Apr 2022 07:31:08 GMT

GET
H3-29 200 Element_19.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 473 B
301 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_19.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a3fa995039579e0ecb5ee278f9bad4dca2b2f4fa34ddefd7c12e17e14fa018e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 249758
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 269
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Tue, 20 Apr 2021 07:07:38 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Apr 2022 07:07:38 GMT

GET
H3-29 200 Element_13.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/ Frame E6AA 10 KB
2 KB 11ms
10ms Image
image/svg+xml 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/15114128110379568047/Element_13.svg

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e3a2c67fa809ff28e25a52dfa078a0b3bb3f7431a564c64d88f3dd1ee5ca62

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 440734
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2515
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 11:48:38 GMT
server: sffe
date: Sun, 18 Apr 2021 02:04:42 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Apr 2022 02:04:42 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 04:30:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 23 Apr 2021 04:30:16 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame F695 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://packages.incpak.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://packages.incpak.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 23 Apr 2021 02:38:57 GMT
expires: Sat, 23 Apr 2022 02:38:57 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 6679
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js Show response
pagead2.googlesyndication.com/bg/ Frame F695 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wkpRfPPcRT5gRuVOwfaUS9di2m_GhEf8-oTDdHI7uwk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 23 Apr 2021 02:38:58 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Thu, 08 Apr 2021 09:18:00 GMT
server: sffe
age: 6678
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5710
x-xss-protection: 0
expires: Sat, 23 Apr 2022 02:38:58 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 14ms
14ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210420&jk=4262444988053010&bg=!y8ilyIzNAAZUuIlwVLg7ACkAdvg8Wmz_qQywQMV-t79_f2oyt1Z5ymnDTtI9uAyVIz07_rYkhX6ydgIAAABbUgAAAA1oAQcKAOlxScQAoUB6yPZoDkvVIUKEHGhM4IpfElb3GEoFXKi6NLmm-rN85RiJNCnIZLmqKuJbUVpon1M-lW-FYLOJhUlhBoFAbDcNz4m0C9knwlA-vFp4gxgZiqTFVB_wxWhoQPG4wFeU9z8TLePa4FT2nztxZ_4px9tdPcu0c4s_H0A1GwdXduVyOqpX7C7yvMxnLqH7eikJn_m-O8RT6NnCWZ1rKBGc8YPmj0mRijCn_jCmhIraYyInyFfR1E6oSrmbNDUuHPIBRMssLibpmI5bjhWGFy0syvJaRliRswnzC5BBTrkQiEo5w6FpJJkCMS0N4YjWshch_NjVtIXRmRWeuPB_N0w0kij7AheUMrWzNfI-qxhfo7knpl8CVx6xyIZ755BfQ3mT18OXBq6KZeiefu-tO2wHQc8EtgY5W_zpbZUyX1nGHHCJDVUzKBA-XdhRGC2c9zRzdAWpov3oaA8Q-wWAmb0rlUkaZj9UWwgKWXQqQ1Z5w7OHx2a70FhM_V0d-FwXPUQhImOlSnqo58TS0pVF2CPRjkbJbm-jd70Y__Ssil2nxNGNbrYwq-xDLjKu_iRnVGuaJQCSOrc-vFQVtbCJmuVl8JOaIyUdSjgagY0Ijp2LuKy7o6ok-TmRt5lWFSApjdoSnBY3RyeaGT8Ac43M4csZLpTxL0G1YBvbgQGz7LN4W8biR08JyLvpoMW2Y5xrOSZ_z_Vl-nTtadNm_hRi7GId6m-HNYZ1A8MFY0aDcZ5F_giEnGSYDgnz44nhlNEoWLtT3KoWrsuqUmGXSBHHcqa60WFL6kYDMZjaANC78UZAmAEqpYzmAZ0fsHW0YvULILsYUcWl2eCYumnMN-E8_Tw_aqQnUsRe1Ef16BRu1OijjkYqPp-BgTl0tzaFf5LzOQKRMr4uf3HDHv7B7len0hYdBPiMFilRuT53d_GX31dS6cUaBXyRcR64l2OaFNy9pM7E913Ekg-EBQIHXa0EY8KVTjNEOYfTP8mO50Xsf9rDMUDtAlDJBis2Cwf5yhxyAQWTkQdBYYXu611IM8Mr5z8aqxNo_N7l9XJyEA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://packages.incpak.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Apr 2021 04:30:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9C95 42 B
64 B 16ms
16ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuZQWtJjmzyZvcHBPi3cI-K_7xZwJVdfr9zCp8CvhRVfETTzaqfxN_HeAPWfaw-tmiA-ADLc9zwUV8UkLwHcciS9WDt667m8CD9Qrb6n_k2XuKRE2ulHviH4-8ruw&sai=AMfl-YRJUKBnUBUqoi4lhmi9ReWbbb5IDLChHhZqaWgEBCG-LViDwcYEun4Op6YLQ3cmTkZwYG9uhIk09XZV&sig=Cg0ArKJSzGOyY1wiLblyEAE&id=lidar2&mcvt=1001&p=60,200,340,1400&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20210421&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=4113659609&rs=2&met=mue&la=1&cr=0&osd=1&vs=4&rst=1619152215726&dlt=573&rpt=702&msd=0&r=v&fum=1&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Apr 2021 04:30:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 41C9 42 B
64 B 16ms
15ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuavT9xgSxgoCaXi64scJpv7Y5nMvyCoNyjr1zegpREyENzFAidiBwsoZzBa4om4VJYOiNC1J15_6TU7B6rLm2SiScCZHaF6j3F5ANxiYIG9BFt2e6RWMvBVc69Yw&sai=AMfl-YQW6c8ToMKGbQpPYoHc8YRU6YR-nVn6G6va76Vs1PNBn4VBHlayOnTSaQK-8XMZs_bNTCtZjz98o4Cr&sig=Cg0ArKJSzGQfNZ9KZS3FEAE&id=lidar2&mcvt=1000&p=1056,200,1336,1400&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&v=20210421&bin=7&avms=nio&bs=0,0&mc=0.51&if=1&app=0&itpl=22&adk=4113659609&rs=2&met=mue&la=1&cr=0&osd=1&vs=4&rst=1619152215752&dlt=0&rpt=64&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Apr 2021 04:30:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

85 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 17:45:53	Name: test_cookie Value: CheckForPermission
.incpak.com/	1970-01-20 03:07:28	Name: __gads Value: ID=e3c9191a515eceb1-22d1a295a0a7006a:T=1619152215:RT=1619152215:S=ALNI_MaEx3_b9yUER4sWhFCZSMMH763Hmg
.doubleclick.net/	1970-01-20 03:07:28	Name: IDE Value: AHWqTUkSIWOud3IY5ACPGVx7aizd-9jjMii_F7Hefta5SuoPfacbr5LL2UrohAz-RcE
.incpak.com/	1970-01-19 17:45:52	Name: _gat_gtag_UA_33184277_5 Value: 1
.incpak.com/	1970-01-19 17:47:18	Name: _gid Value: GA1.2.669295625.1619152216
.incpak.com/	1970-01-20 11:17:04	Name: _ga Value: GA1.2.1223897751.1619152216
.incpak.com/	1970-01-19 18:29:04	Name: __cfduid Value: daa468a01eaef535448a32b9062c595501619152214

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.onesignal.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
m.exactag.com
packages.incpak.com
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
vfd2dyn.vodafone.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.packages.incpak.com
18.197.28.148
216.58.212.130
2606:4700:3035::6815:bb8
2606:4700::6812:e234
2a00:1450:4001:801::2002
2a00:1450:4001:801::2003
2a00:1450:4001:803::2002
2a00:1450:4001:803::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2008
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:812::200a
2a00:1450:4001:813::2002
2a00:1450:4001:813::200a
2a00:1450:4001:827::2003
2a00:1450:4001:827::200e
2a00:1450:4001:82b::2004
51.79.177.145
85.14.248.72
00116473418639f0c71b64c1c4ab54e2422a0ea8381bb047fb0ad281946d5510
05a1dbfe780fd6bdd0718ae8819a959125caa7507c0f65ebc2175b4d8c752bab
0d215711d7643ee6734af2f6e7723809ee96ded5ed526e3a2867928deb4a588c
1158b5359f7a130f6717e4e4f5a339a88da383f5bd755320bad562e9b172e3df
16a559dab8dfdaf6a5a3e2677d944de36a0537255975720600ff36150bbfc863
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
27bc56a04550d7dedae79824e893c5f66a81189d92a571ea6bbb9edd68f51a21
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2cd4e0f84df9fb419cfbbb62b1844cf8a5d333345ebebaa616a902bc15d10200
2dae60c1ae93830b79a4a973b55a51e457d539eb298da9fca643b3ed0042d569
311f713103c82f91d45defa0462bfcc377a07ef971e4e69b41a432c7125c1c28
343c5166a66f8c612ba08e5736474375366fd90253fdb0169341eaa545f3cc14
36520dea76805ad9ed9b3d06b098ab34e04748fbe547b9d185eb1f0f5922f6d0
38048251c98b6b42e48dcb5b3676b569eaefba316d5b8f2b7fde0b098919530d
38f0f74db67af9abd2c3c30c578a2695e2ea703afc05a3a00b23666304d65661
3ff3152ac1eb832cf010d2dd21e8b5be39bb011865453de09ebc0825244da5fb
413bfeedb45cacdc1867fef145dcc1da25a61ef5194a8eccb1c64af35aead310
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
4956137c69656045c048a157aaa84859657bbc7744019d26cce6b5bded84cc49
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4a3fa995039579e0ecb5ee278f9bad4dca2b2f4fa34ddefd7c12e17e14fa018e
4ecb3ce2ff4fa7852db55e775c4bf177dac08a4cd2253f37c60a7d84a4b13802
4edcd1dfa3b27ac12e91e990908e934fd9ff73cb621a69ade54a2e2a5d823422
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5e4732f0083d06609fddefa21958b716f6e4c57e6dbd52c165bf29f0fd3831db
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
608e241d04f86ecab2725abcb5588c6adc3981b466f2f1752746e49ae22cb2e6
6562c065727f5ecbbca42e74d7fa8ee4e42158c0a534ac8939312e9b816f02d3
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6850f85886f39564361554ce9c9fc6e7948d143b6feeab026fda42fae1958650
68af17883738c76f20e331738e7f13cd75ba6c33980c43f08c3aaf1433546766
6a3b121410d809c1ca9aab99fcd0b30b991137b4f0ce004cc820e771f4119155
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
77b1239f60afc374166c593a8591105b705fe4fbe70d95fe2149160b84e7ff9e
79f8dba00fe3813585b06ff2442faf8c11209033b0026474b1f197fa91f68917
891c82d7bae9e64f72a035d4cabf33b2e4400d0fded7cffda0fbe80242569d81
89a979f9f9c8408f52c9390b1533ef41ca0e8f2541b02abdb56bf7386475a4a0
93cdb9f201ec66ce01d51d5a451cd8e715f03f9e898812639e78d71b60d920df
9c7ec1f63b293381f71e21ed716d68dc4eaa18da4d43791411fdb5478c9c4e27
9f38cd1c06261372ef306fb5db1fa49ebc17926a7788d4f468dc7bb5926f7af3
a0d34b0d95e73a7ae965ab9eef15d273c1b4ab22aa7d5648e120a2763434ce84
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a7aa15be5918606b2a7b1257f3ebd731f6489c33041d292d19f78ff521c342a1
ada54c82755d1fc5006b621b9bd1f7d0eee92513fdb14bcf57a7736effb55aaf
b0b0899f7a6364bda5b048384d6f7e0221e27086cd777e44277a1955692e343a
b9ff8a15f1521bce686cef382ad1ac19ad0558fb8ce473516b3915d027c20c32
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bea8ca18fc59dd9efc69075b87febbe8dfd2a4819e600cd6fd9b5da0df604e44
bf38ded6fb484705bd57edb0c92b96a9309eeb05bf47ca2100b8e7ff0bb106f6
bfde43aa08cb022928e3a8ef34ac51b983e6e8e3cb0852c0707034d04edaa723
c24a517cf3dc453e6046e54ec1f6944bd762da6fc68447fcfa84c374723bbb09
c512eedd14ff9360fdf4fc65ab879f5fa6e0445a52fde7e2e7f033ec9d3e066c
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6961a4d4296ec402fe593fad1dc613d2a4afe369e19b245a1139e8addeef035
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d82367742a789f0618bd00083354a3df851fc894683e6a94e41123268ee99254
dbae53da8fd0200cafa000747e3557ede5c35e0c5863406e3b6ecd71beb15c72
dc015126841eaa9b1b79ee123e13d7d07ad7fe77f22366b05c480eff59a7a25e
dd4a43958f5c95ed71f444fb00bfab107be9aaee6869e2ec7b6280fba727571e
ddbe53fbdf228359ca0cbce287c93bd5d381dc271605ae88635204eec016aa98
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61fbc1b28f6df7a78610c40c0166aae6cc5f7b97f797af1400755a28beb313c
eb21c1c0185f5761df2b87a0fd02d4a50fe120aa01f5c9f3c7fd1211ac7ae77a
eba47e627d4bb5e81996f1429642b1665ba23a59aea8f0b14af3725b73e0d826
ede434dbe8087075be5794b13429c8cdd4786f86ae9b6edea31e02327f6dae4b
ede6bd564430badd1f5cdc538f2bec1bfb3b42444d50437d2e30c94358849a4e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05dfe6971ce3e78425e46d289ace161f2db8cf408a0f2b05a222f141ea5a8f1
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f5d3ad8f228954bd9869268786d407e32b7893d2ade5f8e63db503f15a2f1c27
f5e3a2c67fa809ff28e25a52dfa078a0b3bb3f7431a564c64d88f3dd1ee5ca62
fae4a21da89f69f9c5fb2cee818175c929d2855dcaee6ed03ca3307ee330a651
fb603ea16e1b6fa84e78a18ca96bc753323f0c1e28f1690be7d96a89958cdbdc
fcd5ab860af98b00bddc5d1c618d071ebae1f87d29d45bfa080f2ff3b4264f2a

packages.incpak.com Open in urlscan Pro 2606:4700:3035::6815:bb8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

98 Requests

100 %HTTPS

83 %IPv6

14 Domains

18 Subdomains

21 IPs

3 Countries

1022 kBTransfer

2656 kBSize

7 Cookies

11 Outgoing links

Page URL History

Redirected requests

98 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

packages.incpak.com Open in urlscan Pro
2606:4700:3035::6815:bb8 Public Scan

Screenshot
Live screenshot

Full Image

98
Requests

100 %
HTTPS

83 %
IPv6

14
Domains

18
Subdomains

21
IPs

3
Countries

1022 kB
Transfer

2656 kB
Size

7
Cookies

98 HTTP transactions
5 data transactions