sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On June 07 via api (June 7th 2021, 6:47:47 pm UTC) from NL

Summary HTTP 144 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 40 IPs in 5 countries across 29 domains to perform 144 HTTP transactions. The main IP is 2606:4700:3033::6815:35c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3033::6815:35c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::6815:9e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 9	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
6	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:80a::2001	15169 (GOOGLE) (GOOGLE)
4	37.200.67.211 37.200.67.211	49505 (SELECTEL) (SELECTEL)
1 2	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	50340 (SELECTEL-MSK) (SELECTEL-MSK)
18	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	185.15.175.147 185.15.175.147	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::2	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2606:4700:303... 2606:4700:3035::ac43:c8d3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
14	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba1a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
7 9	185.15.175.148 185.15.175.148	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2 2	185.15.175.137 185.15.175.137	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2	87.240.137.158 87.240.137.158	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
1 4	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
2 3	108.128.9.52 108.128.9.52	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:205... 2600:9000:2050:800:1a:7c92:efc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
144	40

2 2606:4700:3033::6815:35c2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::6815:9e6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.181.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)

9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.200.67.211 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.147 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::2 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 (^_^)/, GB)

p1.ntvk1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:c8d3 (United States)

ASN13335 (CLOUDFLARENET, US)

optinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut9.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.172.37 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.219.174 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh4.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.15.175.148 (Russian Federation) 7 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.137 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

fnc.rt.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.240.137.158 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv158-137-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.164 (Lingenfeld, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.9.52 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

ti.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2050:800:1a:7c92:efc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zenaps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	googlesyndication.com 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	126 KB
24	doubleclick.net 6 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	199 KB
21	sci-hub.shop img.sci-hub.shop	576 KB
14	2mdn.net s0.2mdn.net	218 KB
12	digitaltarget.ru 7 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	26 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net hal90006.redintelligence.net	57 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
6	adnxs.com 4 redirects ib.adnxs.com	6 KB
6	google.com 1 redirects adservice.google.com www.google.com	944 B
5	tradetracker.net 2 redirects ti.tradetracker.net static.tradetracker.net	113 KB
5	ampproject.org cdn.ampproject.org	101 KB
4	gstatic.com fonts.gstatic.com	62 KB
4	pluso.ru share.pluso.ru	27 KB
3	googleapis.com fonts.googleapis.com	2 KB
3	googletagservices.com www.googletagservices.com	102 KB
3	kitbit.net kitbit.net	2 KB
2	vk.com vk.com	891 B
2	rt.ru 2 redirects fnc.rt.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	mksa.top 1 redirects sci-hub.mksa.top	7 KB
1	zenaps.com www.zenaps.com	704 B
1	awin1.com 1 redirects www.awin1.com	722 B
1	googleusercontent.com lh4.googleusercontent.com	187 KB
1	createjs.com code.createjs.com	48 KB
1	rktch.com ut9.rktch.com	88 B
1	optinder.com optinder.com	557 B
1	ntvk1.ru 1 redirects p1.ntvk1.ru	381 B
1	googletagmanager.com www.googletagmanager.com	35 KB
144	29

	Domain	Requested by
21	img.sci-hub.shop	sci-hub.mksa.top
14	s0.2mdn.net	sci-hub.mksa.top s0.2mdn.net 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
14	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com googleads.g.doubleclick.net sci-hub.mksa.top www.googletagservices.com
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com sci-hub.mksa.top googleads.g.doubleclick.net
9	dmg.digitaltarget.ru	7 redirects
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
7	securepubads.g.doubleclick.net	sci-hub.mksa.top securepubads.g.doubleclick.net
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	googleads.g.doubleclick.net	9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com sci-hub.mksa.top
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.google.com	1 redirects tpc.googlesyndication.com 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com sci-hub.mksa.top
4	hal90006.redintelligence.net	1 redirects 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com hal90006.redintelligence.net
4	fonts.gstatic.com	fonts.googleapis.com
4	hal9000.redintelligence.net	9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com hal90006.redintelligence.net
4	share.pluso.ru	img.sci-hub.shop sci-hub.mksa.top
3	ti.tradetracker.net	2 redirects sci-hub.mksa.top
3	fonts.googleapis.com	securepubads.g.doubleclick.net hal90006.redintelligence.net
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	www.googletagservices.com	securepubads.g.doubleclick.net 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com sci-hub.mksa.top
3	kitbit.net	img.sci-hub.shop kitbit.net
3	9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	static.tradetracker.net	hal90006.redintelligence.net 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
2	vk.com
2	fnc.rt.ru	2 redirects
2	googleads4.g.doubleclick.net	sci-hub.mksa.top
2	counter.yadro.ru	1 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sci-hub.mksa.top	1 redirects
1	ade.googlesyndication.com
1	www.zenaps.com	9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
1	www.awin1.com	1 redirects
1	lh4.googleusercontent.com	sci-hub.mksa.top
1	code.createjs.com	s0.2mdn.net
1	ut9.rktch.com
1	optinder.com
1	p1.ntvk1.ru	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	sci-hub.mksa.top
144	40

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.kitbit.net Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
ut9.rktch.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
*.tradetracker.net Amazon	`2021-01-21` - `2022-02-18`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 7A49B617BCCAE106C843771C10360D30
Requests: 57 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 0D29701ABFD3C84C0DFC56976349B6C5
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DB69BD1100AF8D744E4006B3550DA04D
Requests: 1 HTTP requests in this frame

Frame: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BB69A34054D4E4F094814F176B8850F6
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI
Frame ID: FBD2B80E7D0D242B206AF4F2E37B43BE
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 2145A5BFA11736F15E49D8A787D77074
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Frame ID: 4FADC329393D4AADA2C67B00BCE16426
Requests: 13 HTTP requests in this frame

Frame: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B6E41C791A2056320D6945CA256CB34D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc
Frame ID: 95A6C5337F52533967136F59BEC7FDC6
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUTqKH4bNIERUwwVr6xzU7FwwfTRDnvCdw9wBSD-2KJ2dSqTR7qOBR6hvc-KEcd7QtfnrQHqGRKUTb_flORYLWE0a8Ojq_c-csYVKO4oRYiqj3Jl7tFnLwgOwpphGxtvxHPrOw2kcAOs1T9lE8PcNRRoaR7Q&cry=1&dbm_d=AKAmf-C3nnKsuAigWB0SZ66uOOCZNTaBJRn-z7bfFvHAXER2aN6s3Bu5w_btiujAPa45rO3AAAXFajBh18dbHruq_ZUeqvMdMqIpmaXpq_8o03lv2ExcH_OWQvTHrxaQjp1htL3hZ44Y3pKm2ZD5vImbAP6qssa8Sg6k9kOnmLPBEdrAC-VaAT5gEJov2-Mi5MHafZ4m3MEotjjB9qtdm0HohAGWDjw9OhFvTHghreAvNnk8i7lK606VLC8RsAxsTQ0ROCSgdD0BLFSU19lMQ2v4rFYlmJyCHX_qTT9l6uBkYzDBy5Ltoj3FXuKc8vzdm0lbdDwGeGeijn_ROIXvnsJBFgjcUeii7kEG2uXPuBrY1A3UxnKg6RnHYBzi_seJqtIeBs13NXL_5-4ypEaMxMkWc2DO9zh6t1y8FVfzjbl8rz4QX0KXxN0Uleb84qpHBLB43ZM0TC2dkoDCayvyEysgnPxrhpQBclXroQSVLPzFdOkugcgf8TTYXGU6ojop9kd0LAIKLVeVy_eZ_EDhPnvr8AkSGN8ptThKxSzPqXAFhmwW6t7TBUjdV8-GZMsLXoxuIedjW8whud_ezO0ULnPkzQXZfjIYiKiiNdZ4EKYzYtjpBVgoOZpK6hCYp-ke2i9OMLi-y--7qciu0a3WWwSP7LCvCGU2gQwI8i5xTwFfwSAP8owb3Y_i37FEEV5cKMwi98Pmvn693RmwPG9zLYpzF3sZfG2AG1H6GfvxPyqBCR4FXEwBFuBXt6wHtxyxlj3wLrHA0k-j242e_ue5bNX3qB6zelDAiWBPubwXZg6-97fLm95v8J1La7812jUDJ7kWPlZF8Z1br63eeT3lBK8TDVZEUJFagYsjc-J82uptWfBPBW1Zjg5ZYRnMga4lNdoWnAm7n-Aq2t5-UX8pj9BNVXztSDsskhXe8T4Iq6YUcY8NmKTB9zCHiGm-ZoyCAH4986CqnFRkMVrlZvWYmPhbm3uoZPYKqd5uixNIlbCb_e8XWiHiO2gbj8vq_hAi26svFPlwOn-jEVgBEfg_wX1NbgazD_LPFeOxwe7MaNPhC5R6KeM5qc7viljpdnqIbHBvKjuOa8gQQ8NpjdM540QURXclMyggm23r0iiaPgsEHCKfHp7bUJopQLjNTqyZ74eqAcm_HJV1z-4ZtnuuGmtI4TiqageCLAeyK0EYYzYR0lvcOzF_eozq59jCtf02dVQX5F55ASarrHndubgrVyI5fPYah9Ifcy3ByLxD-XRLqE3MAs1X2IW1EREC1e0KsIq59o2D2dBboMJelZSPFVv5rsxItWGNImkHz85ZRS6h_GGiyr3KAw8EBz9cRJr57zxtFMx-vUV1wxGOhXPj2-wa48mCEuWXnIpTcVzj2iB43KLNv4-fPaXAVIwslmVurQudgw4LvMgDqtQfVhYItm1BCWJCRHLvh7Sp5zmce2IgZedeEw4JaSOAD7dMu7BX9Lt09xYmF0Z-MO6SOKfO75ErDr776ygaYTVWo097GXlbbclMLSBWcNkpIgIj-uIo8QNvgQ_h1kbtiffXWLud4UYEFzVmSPbMtR6sm8fSmct-fXbEFc-QuMBSl5yw23ElvcRjuXYg8I26C4snK14p4LxxWcIueoIRK7ZgxzUFNhqloaage59Wib0MfbMyI3jEtEOjdSdx4DdSX66TUKSfNlnvvIybrc4b_VS_hn-hKXVcloineSx-qaQPZr-IvXsPW6ySuqBF-3m24Hk7YE6GKSGPCm-DquydG_1ns6rs-XyaWtcygbVOmrwqlNe6lm8LmSskuDx1-K6Etjn-6VFnBAXLHGCdo7D0VkGKBJIXHVbnzVzPyLDLxdd75rArq5K6Q4W3u_Xqw-PFORKTd9gxCAKhpnit9ql4LsclScyQpjHmW8SQLQKonQhprdoImcSrUrrqPkyi9nNhutk_aLB0VGAG_afq4EKiJI7pJwGlVGJlLikaQR_3UktljzUyBkZB4oqBxoKyIrDH-Hm6v4o7JuLrCbtJqvp4T_0WTJtIUnS6bsJDBTSNY3YWvBKIyOcZ5jW0TQ4poW9hqucngC2ZOzVMswyPBHhNEIwxyYEvwnFypZyCGGeAIRpg9GlEONfxCCbXIp6hgOZpikoprlPcQHJxpKDj-jidtcEwDv9v6SByvI5sn9rb3ME6zVZSjzuh_ZhvWvHH_EBt6kY9zwuoHWG8G1_BIjnVL1uu9UkqlQn2d7g5zzS8RDXtIjz9k9jPoDeIQgEcLUFyB5WiaqPI3a63IkgITVI6QsCzTzQlyYeGDfrQbV1Q8IYc1qgYPDPP8v_tU38KZsuZOkNiZO8zC_SCOKuqUplnUbrZkQaPY2IriHeiioYNuqpKJUvmSUhFLJY2Ny30Ej0r8XkGm2KxeiJ7kgZUhpBK6wxWVYL1yjbYd4MVgNJlwqO54o4DQ0wM6ctnyN6DCJsW_DjOhYFOvTT3uUnz58Fc36UJkXFL2ntA8G9Z3ptHGpcpwu1-f_Ssp6y-IYtUJ1Dty0yyqVBbo7bOJpAx4msCpx_M7KMw09UgFX4VNmP8NFccy9FAKuhd0lGyMrDsjqQuP1rFKDx9D85YnPANNvPPV2qX2Imd_-XjlhFUSM8y9DV3kKfuyFLtyKChxwyGDGxgNp2mmYZk_jIFL6XFVuJ_Cibo0mz6HyCa1BBCzgjnl68ZHpIXGrgNU0HELvg8hc5lfaDSXTqG8Kif-I9jmqG1_yTKuHHy1wH4AotpeGxu5J_6lP87xSScEGH91VOoWTLIRbrq5NnrV7qMfP1ovl9YCGrbUkvky3HMtst65-ZaDrN0dIWWbZ-AdWcYqkBWWDvjcRN3_-PwOtujGZDQ7x8Y8CFWGlodpTlUYWnRJrmalrSVxoVSajGguYh8CMZb3_go6yybnIaycsaV_yi3X_kCk0gTnasrUirRQbd9ZGT_apmVS40hvavm5PkDk_p_jBDP05UUJOxwKPo_OU6X9pANHoM0Sxcq8AlFd5zgNl9VBsWhs2F4AIEnWi4iipla5l9YW7YXs_6DCv5Epuc1uaWVN_oTbpPzb8ulaqE-h5Qkp7WCkkW6QyMBfL86IRZvUJyynljGkXykbPRnxpsJB-4WX6LdvEy7G23Hxuo2OT645esZSAQfJV4hpYxw3-0WgtRRq7GCctzYgDS-0fun4YqRY3ezvaWB5PEVOtaq--r4fttCJ-t1P52ABsjCKX2nr9bpylFw2aJpVMgKuKdWzKfX8DxYpw_GR-rB0ufhBxKhhIM&cid=CAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240
Frame ID: F9B8437C9B94407952F82AAE882AF7A3
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 354729E78CE50C06540E12BE426476FF
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: E5F9F3FA750A6C401D756BDD4BAE80B3
Requests: 18 HTTP requests in this frame

Frame: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Frame ID: 0CE15D98FEA70A3141F52410601D8763
Requests: 1 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Frame ID: EC712F4CB6D57B63B70EB1C8443630CF
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

144
Requests

97 %
HTTPS

56 %
IPv6

29
Domains

40
Subdomains

40
IPs

5
Countries

1908 kB
Transfer

3556 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Request Chain 51

https://p1.ntvk1.ru/nps HTTP 302
https://optinder.com/cro

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1&C=1

Request Chain 61

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5pwS3w6Se-vEBDs2ubRAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJa-F75zuep-T0raK0bdH_Q&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJa-F75zuep-T0raK0bdH_Q%26google_cver%3D1

Request Chain 63

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2NDQ4NzgxNjcyODU2NDY4Mg%3D%3D

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

Request Chain 94

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5pwS3w6Se-vEBDs2ubRwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOhijYanNydTW-97kq5do1c&google_cver=1

Request Chain 96

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDExMjUwMDk4OTIxMDIyNDAzOA%3D%3D

Request Chain 124

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 125

https://dmg.digitaltarget.ru/1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc HTTP 302
https://dmg.digitaltarget.ru/1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc&q=scc

Request Chain 126

https://dmg.digitaltarget.ru/1/6534/i/i?i=63477510670384.829178408551381&c=tg:adcm_pc HTTP 307
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=63477510670384.829178408551381&c=tg:adcm_pc HTTP 307
https://fnc.rt.ru/1/6532/i/i?i=ws9ITexXluQEvIx7cJoI&c=tg:rds_6534 HTTP 302
https://fnc.rt.ru/1/6532/i/i?i=ws9ITexXluQEvIx7cJoI&c=tg:rds_6534&q=scc HTTP 302
https://dmg.digitaltarget.ru/1/6533/i/i?i=346157001586998176822000000018433398&a=774&e=4GrBE6moi55F5555K8up

Request Chain 127

https://dmg.digitaltarget.ru/1/1086/i/i?i=63477510670384.498316421312570&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xps:xpshW3UnjX0UMMiXmdELi_ucn.xga:GA1_2_1775865527_1623091648.xgid:GA1_2_355166031_1623091648.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=63477510670384.498316421312570&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xps:xpshW3UnjX0UMMiXmdELi_ucn.xga:GA1_2_1775865527_1623091648.xgid:GA1_2_355166031_1623091648.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

Request Chain 128

https://dmg.digitaltarget.ru/1/1086/i/i?i=63477510670384.65843821119107&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xps:xpshW3UnjX0UMMiXmdELi_ucn.xga:GA1_2_1775865527_1623091648.xgid:GA1_2_355166031_1623091648.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=63477510670384.65843821119107&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xps:xpshW3UnjX0UMMiXmdELi_ucn.xga:GA1_2_1775865527_1623091648.xgid:GA1_2_355166031_1623091648.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

Request Chain 129

https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 131

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=84571500244718400510390011618006&t=html HTTP 302
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

Request Chain 134

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=84571500244718400510390011618006&pv=1 HTTP 302
https://www.zenaps.com/cshow.php?pvr=d04a9891-c7c0-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=84571500244718400510390011618006&pv=1

Request Chain 144

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=84571500244718400510390011618006&t=html HTTP 302
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

144 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

29 KB
6 KB

550ms
532ms

Document
text/html

2606:4700:3033::6815:35c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:35c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab

Request headers

:method: GET
:authority: sci-hub.mksa.top
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
expires: Tue, 08 Jun 2021 06:47:28 GMT
cache-control: max-age=43200 no-cache
x-cache: MISS MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a89662ca90000d6dd85a23000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=3k4ieuIjhHIkm%2Bx61m6QNVhEfz722CydKpSWw31V4xRAXYTO%2BkM0PU60J%2B5TqM%2BOH1smHRc8WDV4FfCc6lodVoPBrhWhQGtXItlEeHTTy5X0KmgZiWSV4PSYMuNgwTMLJODKWDHg%2BRyglA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65bc0c8dd840d6dd-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date: Mon, 07 Jun 2021 18:47:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 07 Jun 2021 19:47:27 GMT
Location: https://sci-hub.mksa.top/
cf-request-id: 0a89662c3e0000645bb1258000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9qjmQHbmn4Y4Jlp4mbCVo1aqFXsl5zhhRvvpu52I27jCgm%2BhZfPhnkJkxry68kL4Yyso%2BTp6zg6XRjLysS8z8pShNunaOQkV4N7kQkQy6MbbavbAaMewNjJ5B5cyLH7o8Ob0NRk%2FOAF4pA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65bc0c8d2d73645b-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
29 KB 44ms
24ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213212
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a89662ed5000005c4bd163000000001
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
etag: W/"5c00bb7c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=QyApzw22eZ78x0ubWQ2QR0nHHPyyPOjbZgLXju%2Bxl4Vq37Dur1wrM3tlHL473fkQ8s6vi%2FhFIIhdBOEmJP2OWMBHUX66%2BHY7Va0nflHT5ZBiM2ZOkxSOycX7mA58rlNU8NCkIdABjDMKiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc0c915a7d05c4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
63 KB 45ms
26ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213212
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a89662ed6000005c4ac8ab000000001
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
etag: W/"5c13665c-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=8utJBL2IUdpze%2BDwvzsCk3%2BJPD9ncHVJRp6GmuWEkOPt%2FFtbgbX0hCE3q9yKK%2F7Xqo2bk4sxdHV12P1rsjjyU0e9JTZBKmHe54bFyH1C2sXydACE1gEgFRTMt%2FJah%2Fx1IY4lpKRzmVCInw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc0c915a7f05c4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
22 KB 38ms
19ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213212
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a89662ed6000005c4b891b000000001
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
etag: W/"5c00bb8c-1798d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GXZL7py1DJK891TeThvX06s1%2FW767o3OAm8Sr%2BN2brcsIGCCzwdgMSOmoaAEvbPkJaPTV1B69ys4arS%2B7ftltbU7mVNtRGy8zSWHvwcpYShcrhSrWapJyQdUp9%2BNJoSw%2FZY%2FEvoyhb819w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc0c915a8105c4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 27ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213212
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22275
cf-request-id: 0a89662eff00004a5c078c4000000001
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=uWOarmCGPQW0vjJ%2B199wmNK0HtI8T9BvPRF27SSZgBd0ZwE5a4zfr9r1A1UTjZR7vKBZxOtbu4oxLc5pm3xKzJkmngcwhV96xSt6sr%2FIYjVXlWF5D0730Mr67Fz5%2FnjcJegcrZaIYmn4Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c919efc4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 18ms
18ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213212
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8428
cf-request-id: 0a89662f0600004a5ce41a2000000001
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=xLgfhkli8GF13Nhm8Sebt1C1ta6W%2F1AXd6r9c5dScZeDtGlMslnalcWRXebrdhxFN0hwSs8VWgASa2FoRVoJyBQPc%2FpCVCNluN133tHfBhobyt6HdNcCHKype4aZ71ALl%2BG8LM4EYvPkXA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91af2d4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 59ms
59ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

fcd5c5f96228d339caa9724ec264d9580f132483733794c499e2253f5d08b985

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "896 / 399 of 1000 / last-modified: 1623064336"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21400
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a543779a9171b1861eca85108fc01a5bfa5426d5da2d64c9ee4bd2c9638eb5e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35966
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:13:48 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 18:47:28 GMT

GET
H3-29 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 17ms
16ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 188646
cf-request-id: 0a89662f1900004a5c12193000000001
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=kcKPM7gMFN4dX%2BEVVWIkZ%2F1Oc96thxm6soRqDIzq4hvb87oKiubewz0rxU33d1WdOzlZikUYX6GMpYp0LM04MN5B7Ml5hWhENktxVYaP9g39Vgerz6YGvSvRuX9HlJiHOKHw74M6X8EF7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91bfac4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 31ms
30ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 14556
cf-request-id: 0a89662f2000004a5c2286a000000001
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ahuaYvnrYngUqqCqLa1zSeobcKreSJSSPpEHUd7SbpNIIAjwhyHydJqkjPbxs3ExXJXWNLY3pFgiYvIjGTTWIMY9rIwrX7YK3Al51s%2BFvZAo6ADMLiJNT%2FLeB5HR%2Fhe%2BtFKuXqyAixsaYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91cfd44a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 31ms
30ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 60144
cf-request-id: 0a89662f2100004a5cec9eb000000001
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=m282DOcSUR2cgLK4FeJ8ZeUR6PjJ089tLGySrIsf5YGo188AqN8GiqnUvvENWtPQ9IRW0sdeQ6mwG2BDLBis%2BYvBbUBVRqPGKksr0tDygh%2FJcNePsHHnOSi8mOWwKb1miDzV7OgAElflQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91cfdc4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 42ms
41ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 55605
cf-request-id: 0a89662f2100004a5c369f6000000001
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=meFSeAzKG9zh4jenxFbaseofx2QtMDll3zXuzrV2HQ%2FS0oR3XLGBtBAXARaq17A%2BV8e1XyD25o2Bgua0E6qRsIGoIza4cDEW2ty62nvElXuGpKN6VrWDuj%2Bxu1hpfk0B3GWik6BbehVL7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91cfdf4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 53ms
52ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3361
cf-request-id: 0a89662f2200004a5cf09ce000000001
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eD4dYQqeZp7e4PmxA6JLnnVBZIzfbq0FJCjyEyFqr9C5J%2F8VWrbgNuY9AtPhrAEAewIQ17UTh7E05VlfY1w3k8Dm0hiKt7%2Fd6apnCN9Bdbi11w51q3dvnDV%2BfrpomGL9bhi30MPnIt3k1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c91cfe44a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3-29 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 32ms
31ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1068
cf-request-id: 0a89662f4400004a5ce232c000000001
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gTb3BpFmHxRd2yxHfyqrq4sDOHPTVRq5FqTn%2BZitRQ%2BHn%2FixUYnHcigehkF3bB2aAUzySMHE4%2BA%2B6VcoYYZ8Jf0AEIF2MGbg10M%2BgFlErBKQgNymRIuCBUM48Rr2yVzWRre2g8BmXe4BtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208834a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 19ms
18ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1087
cf-request-id: 0a89662f4300004a5c3c0cb000000001
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=dwcfwciu79%2BI5wpbjOayl%2Fbah83VSC7NwKXtgPzInNQkrKRaBLdek3Zk1FxucfFhTvT1doDlKw1e7%2Bad7A5es4Zr%2FHwuvf4C%2Fwf17NtsO8g%2Bv%2BVTuqF%2B3pCtS%2Fd2AX1c%2BmyKHg9QaDwd9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208864a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 20ms
18ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1637
cf-request-id: 0a89662f4400004a5c2b029000000001
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=F0XZG050Mu%2Bqf0lgC1A0uKW3i97fv2eO%2BdHfCORKnSbF8vUlZda1kejnJ2OpaIKmnIPiz7m39Lvn5jddMXazo%2FYpM%2FUQSfGcBKc9DcnW%2FO9salANJ%2BptdAjU6lrBzNNO82JdsbnaTuKRTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208884a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3907
cf-request-id: 0a89662f4400004a5c1a3fb000000001
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Egw17rC3hRYSj84P23sAaFL1cyHGNUDxFYj90qLFfQn8xlUen%2BGvhbBPYLjN6eST579HE7PVx0jELhKRheiJAS9z0FQD4MSCM9c69FB4ab7HwJ7A%2BzIQiGnfemWHTs31kpr0ily1R8Iz6A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c92088c4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 23ms
21ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4278
cf-request-id: 0a89662f4400004a5cf5a42000000001
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KwikhxshJjrvZKIqrEgLCkprA2kdWt%2F95FPtd6%2FW%2FVyTMYEtflD%2B6UrsfspMk4xxZ%2FLMPtNhyRhMlJ%2FPbJMdXGxDgtFh3HwAL5uOm4YfulwkvhbNnEWOt6H9oLTRH%2B%2FNh7LIaUuaxxaQQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c92088d4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 24ms
22ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51212
cf-request-id: 0a89662f4500004a5cdf39e000000001
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=koiDyzOTRirH2zRYzXvZbt19X9bk%2BD%2Bw3bu716cxAEDfZmwauyUQx4c3VysqSSzvlSMsarE4gYuUAZaWCTtA%2Frp8rbmcf4WZ0XPLlTkSt1w%2Fgg7ZOijrImqq5dxirbkDUjdE4TxaB%2FYBuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208934a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 35ms
34ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6197
cf-request-id: 0a89662f4500004a5c252b5000000001
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FanAIjSlL%2Bj9n7ymoLHcBBi61THRL5fFyH6aTmE2JWrsrub9ZampZs4lAoaajeHCZUMbQb4EbBCzE2BofOtZW5KoMgbvnBEtRWkDSh8AYfflSDmP0pmXFpsfbFigklRZup%2Bf%2F0Cooa9sJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208954a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 19ms
17ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17834
cf-request-id: 0a89662f4500004a5c03a56000000001
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wmg%2B%2BPlCjsiDqlfXy2OpEiPYb3YDA9gtyD8oFH1M0SN81Rul8JOLj2foIs4%2BSrFZfNA3n9wwIZ%2Bwc6ryoh8p9u%2FTrnuMpBSBT%2FntKHVr3F9X895dyYM%2B97OirN11OjoKxWb9WuyjQE2FaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208984a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 21ms
19ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5751
cf-request-id: 0a89662f4800004a5c0483c000000001
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U2P5yiFScgwEOHdZjlE9JEZ8ANYLzppwhJXIjfz1Gd80uLVpvOiv5TX7bbfs8y%2F7lmMXlaeb1Cw3B1i%2B1vIj6sU3cl1pg6RVawI1We8jaNrFJ%2BsnhJFeVfIduS2yCZ%2FiW57bbGu%2FLgw2wg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c92089a4a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 30ms
29ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4152
cf-request-id: 0a89662f4900004a5c259e3000000001
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=akxYnTcs03CASVg%2B39M4tZiRbOlK6OQYVWRZJIrbfi9jrH6QPmtqm4Q6ooftcPZwSS2Mw7TFFD16Q8XgXNPHZ5jkj1j1q6KEJkgglVHvxCSWqawcg9i8Ui4k4nC5qJ3QuNP6gsqxSquB%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc0c9208a94a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
12 KB 19ms
18ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213211
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a89662f6200004a5cea03c000000001
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
etag: W/"5c00bef8-a5cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=p5uHoJ1z5tcoGBeWF0QfDwDc17CeXor%2F9vBWj1%2FrTL6C4fMUyj5r3G%2FLzsKBseay8atoiRopCBIngxCSQN1T2jbimxBMVpqL%2F7hOTEfdjKnC7KyUi7UZiGDFiCn6U2so2p%2FLnWWDZm8bNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc0c9239144a5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5765
date: Mon, 07 Jun 2021 17:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 07 Jun 2021 19:11:23 GMT

GET
H3-29 200 pubads_impl_2021060301.js Show response
securepubads.g.doubleclick.net/gpt/ 312 KB
109 KB 68ms
65ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Jun 2021 08:37:25 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112073
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:28 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1927696411&t=pageview&_s=1&dl=https%3A%2F%2Fsci-hub.mksa.top%2F&ul=en-us&de=UTF-8&dt=Sci-Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1727621401&gjid=1128032942&cid=1775865527.1623091648&tid=UA-193456449-1&_gid=355166031.1623091648&_r=1&gtm=2ou621&z=2043838315

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:28 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
85 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-193456449-1&cid=1775865527.1623091648&jid=1727621401&gjid=1128032942&_gid=355166031.1623091648&_u=YEBAAUAAAAAAAC~&z=830194473

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 18:47:28 GMT
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 681ms
681ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3152983715620911&correlator=4363942592937485&output=ldjh&impl=fifs&eid=31060439%2C31061340%2C31061371%2C21068110&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C970X90-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1623091648&dt=1623091648656&dlt=1623091648190&idt=437&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=900&adks=1836978441&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=970x-1&ga_vid=1775865527.1623091648&ga_sid=1623091649&ga_hid=1927696411&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

7a6696836d24e49b953eac6fcc02aaf3187a75a30ed6a11dee8e053c54200386

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7574
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 161ms
51ms Other
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 1061ms
1061ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3152983715620911&correlator=4363942592937485&output=ldjh&impl=fifs&eid=31060439%2C31061340%2C31061371%2C21068110&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C336X280-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280&cookie_enabled=1&bc=31&abxe=1&lmt=1623091648&dt=1623091648664&dlt=1623091648190&idt=437&frm=20&biw=1600&bih=1200&oid=3&adxs=632&adys=1552&adks=2992418410&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=528x334&msz=336x-1&ga_vid=1775865527.1623091648&ga_sid=1623091649&ga_hid=1927696411&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

3287bfc1cf898266141a34b341c6d9530d16bb3cb635d79b7a9958dcced73c4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9212
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 479 B
291 B 192ms
191ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3152983715620911&correlator=4363942592937485&output=ldjh&impl=fifs&eid=31060439%2C31061340%2C31061371%2C21068110&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623091648&dt=1623091648666&dlt=1623091648190&idt=437&frm=20&biw=1600&bih=1200&oid=3&adxs=426&adys=2192&adks=1528813087&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1775865527.1623091648&ga_sid=1623091649&ga_hid=1927696411&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a6ed0a3a8121db259b58801ca8940e19e16449ce982277a66f40dadad396c5ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 261
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
14 KB 1279ms
1278ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3152983715620911&correlator=4363942592937485&output=ldjh&impl=fifs&eid=31060439%2C31061340%2C31061371%2C21068110&vrg=2021060301&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-youtu01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623091648&dt=1623091648669&dlt=1623091648190&idt=437&frm=20&biw=1600&bih=1200&oid=3&adxs=430&adys=2192&adks=3809152490&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1775865527.1623091648&ga_sid=1623091649&ga_hid=1927696411&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

20114d3ca9c2bc9b1f6d86f7fc195fb112ee03b69745477cb34a07b9e58b25ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14111
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
466 B 399ms
72ms Script
application/javascript 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=10TpxC2wJLOUX8Zt&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:49:14 GMT
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 119
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
466 B 409ms
71ms Script
application/javascript 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=kpv3DWbhvrdi7mCB

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:49:14 GMT
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 119
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
496 B

100ms
97ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 06 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:28 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 06 Jun 2020 21:00:00 GMT

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 439ms
99ms Image
image/png 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:49:14 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 420ms
69ms Image
image/png 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:49:14 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kb.js Show response
kitbit.net/ 1 KB
2 KB 666ms
70ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/kb.js

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

79dab61d69cc249b4e00d000dad4bf62c6f2abf72f8ff2c0b3405b6601ac56e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:45:55 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+aWOEggssTKbFAg==
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=21600, private
Connection: keep-alive
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 00:45:55 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 42ms
19ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5be0e304429cdb17099bd1062871bb23a3e2771d6a369d835f739670d4514e50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8204
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 46ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:28 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 0D29 12 KB
5 KB 16ms
11ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 07 Jun 2021 18:40:16 GMT
expires: Tue, 07 Jun 2022 18:40:16 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 432
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DB69 783 B
761 B 20ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4f0d3c0dc38073f9d61f23e085f07c4d0aafb51a8f1402c7c0d1ffcb40217225

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mGVuBrsW2dTvZ+FoRbQOjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

expires: Mon, 07 Jun 2021 18:47:28 GMT
date: Mon, 07 Jun 2021 18:47:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-mGVuBrsW2dTvZ+FoRbQOjw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 0D29 14 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021060301&jk=3152983715620911&bg=!LyylLGjNAAY6sG-_OrA7ACkAdvg8WvneWqn-HtW89U93ozQKk13tZ0RG-H5OUer4x5HwX6Xxm_fvagIAAAByUgAAABBoAQcKAKLNUV9tGH6j1gKyHS1MtI3OkXf7gvFufaZAba5lE6JKgO40oft2hBXZl3YWANOvuhmf3HgmUgTLTTu2-ra9XYQqbhF2YhNRxvBTvqGg6DWb0-HXf693ArwrfVd3R2V8HntVgzy8m-jDHoDC-SLdq2EwSkhXH5Q5bkq-jU_95atk10a99sNitzgAuGmGh65B2HErfEjAokoGQzHeA4SKAf6Rpo-ZAkMX8fjqCd0vnYrlhERscsNLuAjP_kN8WRoAS7fVYwdpbIt6UW1yl1ch2MeAOANTIj5cstA6_A1nzUlBGaI3_wc4IAERjPBtZXTUHAWdYWqCZOm-TxxqH1sQIVe1pTACP2Jz7begBQ0qZCltg-5w8_w7JsY-uj1oqxLMVWj53mmz7-gzLZE1WqYTdtCmveBuquDBNSDcpLrhLEdOQzeMnEbYMY2bHyxIyqEID_Lo71A9lw0C49qdpQWt65V4rwRhSxD6vkcWCm7ebSopsw_lsD7__ZGLEjAepdYX6KDt6of6dmN6RWFqRjtuMlQXbuTMszrv2_5FbtDvHDhmevdt-CITXr8JPhuhBGTSf4H7P4dDSkGgjefAMGyh58cw8nlbs8RM5Inw-KxNlQAF0K7v0h8tm7lThGeRfIEBcqW7FSTgsaQcTIL2S4txF4bsQydOHHOFweCEia4f1A8-LnWqntJfTSDfg1swl6Gaw4Xo-RvqecrRnZAEsE0ZUb3mZxIftwTij4YUyjIxvcQ-IJcLMtPE0n7_Kur7FPYiqD86NmXmFcKx1-H6bEiffDdC_6RKJ4mm76V7nmJF4sBtJnWg8g8LW-Q_mW0u3sESq4mw9KDLAgbk8DM3lCJCqJoVx9bnccxjpGwxitRWNsNr1jkiTC0H4hcRMtDZQWNnJWlX3LJFlIplaT9F4e0C_SErck2_WNB_EZpUCA1bOGosX7j4YXhCIRDDkYl8WW3hv61ZC4DdqN4K-nCiO8yHw_mAHyFstZTfnhQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BB69 6 KB
3 KB 63ms
20ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 18:47:28 GMT
expires: Tue, 07 Jun 2022 18:47:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ 3 KB
3 KB 308ms
103ms Script
application/javascript 185.15.175.147
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: kitbit.net
URL: https://kitbit.net/kb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.147 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:29 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H/1.1 200
OK s.js Show response
kitbit.net/ 1 B
303 B 72ms
71ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/s.js?u=https%3A%2F%2Fsci-hub.mksa.top%2F

Requested by

Host: kitbit.net
URL: https://kitbit.net/kb.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:45:56 GMT
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 18:45:55 GMT

GET
H/1.1 200
OK h.gif
kitbit.net/ 43 B
537 B 143ms
70ms Image
image/gif 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kitbit.net/h.gif?r=&s=1600*1200*24&u=https%3A//sci-hub.mksa.top/&h=Sci-Hub%26kbuid%3D5EFC831F6369BE602C0B828402C5A64C

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:45:56 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+aWSEggssTKbJAg==
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 18:45:56 GMT

GET
H2

200

cro
optinder.com/
Redirect Chain

https://p1.ntvk1.ru/nps
https://optinder.com/cro

0
557 B

56ms
35ms

Image
application/octet-stream

2606:4700:3035::ac43:c8d3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optinder.com/cro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c8d3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WCoaIYbwnTsUaLwpvrZzyiiFedNUapgd1izHXIV2ijGTV%2BjhX9k0vR0ZJiWrnoRuPIIAj9SC6W5hZapGPxQ%2B0AjTABee6LrHI7bhNnCrPs%2BnwQZ7M2oTgzdM8VI0cvoCikvnrN2x"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cf-ray: 65bc0c998c3ac2ef-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
cf-request-id: 0a896633f10000c2ef508d1000000001

Redirect headers

x-77-nzt: AcO1ry/h3/qB
date: Mon, 07 Jun 2021 18:47:29 GMT
last-modified: Mon, 07 Jun 2021 18:47:28 GMT
server: CDN77-Turbo
x-77-nzt-ray: O+DL1hvXHZc=
x-77-cache: MISS
content-type: text/html; charset=UTF-8
location: //optinder.com/cro
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
x-cache: MISS
x-77-pop: frankfurtDE
content-length: 0
x-request-id: 1231257821-1-1623091649.469
expires: Mon, 07 Jun 2021 18:47:28 GMT

GET
H/1.1 200
OK sud
ut9.rktch.com/ 88 B
88 B 172ms
64ms Image
image/png 89.108.97.2
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ut9.rktch.com/sud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 89.108.97.2 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d50603.reg.regrucolo.ru
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:29 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 88
Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FBD2 624 B
567 B 19ms
17ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 18:47:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUk1Dsic9iE4vaeWAqGHcqBIgwgOn1mbApct3cUm1gsSpG1UEjxWsh_7svMV; expires=Sat, 02-Jul-2022 18:47:29 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BB69 57 KB
24 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-COv9wypXoAgFq4gwJUJWXkGou7t0lw39i7_7G3QhqNz6gm-gJuKznCbq9i8be47wGJgvGShgIR6HvwhqSHzb4_3_TvZINYgiHg3UloTWnMMmHeb6brZVAv1V2TAdqoIaJLD1Tc0Tkq7ZXflwrZNIHCOYhRbw&dbm_d=AKAmf-BbQUSrjzEFM-qomtNEF_KxUANiSquR0dMfNF8v9wPYrCo_7HiO6L5yQmVjznsSeWNdr3wppdIdZIns_aEX30v4iSYBZnp-2fdDkFxfcZeeKM_Aply9UgOkAlckbLOruOi7bER1vS-1Ynf8JA9b_E9iiQkVnyipgi_WcVp_0kjvF6ycrwyETXbPEXXgHCCClB9C4ctuijre_mIiOPspPCyMMGDchq9X_u4fh4DCcCoHsAbHu_mmCpB8rUuTAvIPiv11ua1AOH35c3UHxV_5ltSw-aACPWIDuFGg6K0iqWnkmQxln_ewwYTPw3svm-YQNAvUTRuHzVxJVjeJzZril9kDBkgnCCqIdmvCWQXThIdeidmVjewZkxztgbTzlE8QDHjxNrjhauc9QujzHqktu8DsmTMK_lBV3Z_9NzBPf7eFy97WibhJcQFtd13WYPsOEQwhUNms2t9c_XPgFp42mYKE8iN5qm9ZS1zjCYf3bRpbHlGl4BJWvBU7PRqZMXngd_h_Rl3Dd36dNKmyowU8CVXimBaeLtj-cOyo_WXrxzUl9-IjuoziGpqd7usD-NO9oV9jD7n_nWWY4UX5dTvGropYDj_GRGb_W9PGqS6uZYLfRiPL9GTrRhCLP62AHyCWvEHVo6Sm7tLzS-5HXTsJagrdFNV2sOn0XQG2G9I1-Q42jYRJdvyJUE0c214679TVII8JSm2ry3ZHK9PNg5tvYTOpPxtH24VTHVcRe5oxN0Q9omXii15jrUtajlzYez3klUBhd_1j7GE8REnZ9sYerpNCeovZATepyQFGyAT5bOTqZInrQYgHEshaiS0kk_os7FwoVjWcLf2-P6eUDv0SFfjdvHOmRDRdD-5PVD4Hs7_ohLEiyZCgsRAveVCzjJPwLabYN837eQN1oX2VV1f4sIKUYSX195FBziQw9d_Ti90FYHbu4tpnT_9Cf88hiMaYe52UMXEfX88150R9s9UMA_6F7HQaQrq8DUWcRieIz-77iX7dN4sAxP255OViBwDCt0l7ctZJM5Nhe-rQGhjSYE_kPsead8OoJ9YKQk1_fYnbm_HVzfyhITGq8YebnkjZ6C5pBomAnj2m09iM5BmlHCcPSCaAnUsFU7VulDA-HGrjBE_NwcFHteRLr4CG_gcSdkq-9PMyJmWzR8D6IaXvxdVmXhH2lpVyiC5OgYuI5Z8G0zhKfbN2KcKjcEHBMKg3i2_395_fMcuJJDX5V0kh7WvxPLzL__SxXyg1jlFBo3Nd5BH7Rv59rNcDMqN5gvwH98koO5Hgt6qjEMOvTJly1H1oYcHp7Si1QDzXoFErfUqYdLHKbrP5M2673EVUywOA8pW7tuzRIevY9tirylgX1n5D5o7pyQ07FF9M_uOPTRbZABLWWpHSk9qZ6xQqMyRlFC1rKY_lQDxkEWX-1J9It2No6Tm2HY6HikPbwpAL7FYxRgKIyFYSX1rjqG19YLjNUsLZKZ-Ogcsf7JupN42l3KQn0GbXGA3fBwKbIFt8OGFz5FvuUlMNqWsyQOHblWI07OIS3pkC5SLPxpBSDSSnjfIhMWthLviPC3ib0qJSac9GzmImZZYD9tMKAvMD81otANVkLXZOVNBBhoWFP_YQA1wm4BWgGBIHXgq-vmXLNjezMcrSVyMyBa94oWDtPVpsoA7D2MpVFAUhqJPvWCLR4DUXpdkHijzN1nHUY-a4XrrVPa4tFYON58xREB-yo_sz8GgC0vLlSKM8KysdwuUjDH66zVn6fewEr9Ycbj5b0k7vwRw44074ihppcGfGYzhDippFdAOedw37MkbqQNJ583W5QfMx7JGvL3I5Y0ocwWgbHvV616yS6aDDopqSDcDoDgvl_giA4ObOBBNC_Kcazn6dqlPRxu-WjbHGrGG2w35ypGpvJfHb1d0fPicGQ-vkf2QTXojoYL08MxpDMbMgDEZIBIID6sVNSi3ZZmJDIRfZpIvC58PTjLFag7fHBNt1DYC2Qfp6yhegFG6S1uFyCUj60yT4Wu2IvM4hVZVHbYx1B3t1dFsS79Teh9FfeDXUlKzFsbLh0BrxH4yi5r1Hu3pQe4qq3UBXCNHdg3ChSSeuBNUmJae94JF9_SuWOIotGwyYwIWTvAtoj_8CS-hks22WVdQdsvtGjIs74rbz3zyC_7p82F-iTWckxqxYUb2RuOpy0ewvyCc2Mgb6CjfO0NjSM-jFY1L2IMkZ0eScSJACsDF_fDEynCtDMWgzUdDLIggTfTNF7yK4Wkj9_-roTj1Okb7ukCNNCX96hK8jyNc1ZDOeJBuheO6vt81wuZcMkC8Qm1cvfVpGs6pvJunoloVwkJE1M3i9bmS_SieTb0h5BbBfOc5u3j10tKMI9UBakTs5EG3wg34l8NWSnC2dWEFItwzrWT388l_kk2iO7YtzkF7-cn20m2jLQRZWdRi4ZMEtbsk5xiGuIpWuksEKuuLr4nNtzFChWliYJQUXzBhAoNCy3e9ztNjWhyfvln2APb1pKJ9rvEiwneUBfyBbqofBTyZEthN5PBXBU7XZ9TAv_xNl4FpOk-e5RaHa9Q9mX_5agmbBsSfoK7x6ZM2x23yxWwJfdEnROQO56kw8dJ26vdf95Fd83jmW-UPSrn32F0mklm27JGQbF79f7DCfZP22UnJGqA9IBr3Ed4xuJtXnZaZMPNLN_aDwcPvJARRdJCHfOKa0c_e-Vl1oCGJ6EADc2AUXSyeojKGbRFhxPfrdcF5V0FplITckkjedBWl9eQ1Jpa04dq2z5QJoDESpbE_5sDiA2M8QXKSm1OkZlvZAuB9Bcw3QouQXz8oeeM-NnP4vZX5XGifenMSVWiTQQgt63BC6pdWmnRwCVB1bimUr4G36XIDou8UYjHvUx4TnWJRrrYe8221rH9_63FCdnbbO07wu1ZF3KPinF7bTgxczn2yx8wei30dZ_WbxCTcGhQaQ3YrFXxmJRqIT2y-zCrJxHzCca0XmH-tq2FDFDA2zBicyB7_uWKQ_2HAhmLoXaRYzPipl&cid=CAASPeRotQDoj7PmLoik_MoM8qh7jPXt-j-sRrgxK8RVgNFPUDe852hUqdMHvQTjNZB2agdj_qjkui7q4R0UB7s&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ee37f2eb2e2e7747c0c5272ce10cfad317aadcd93ec489f7db09fcf89e5795b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23797
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB69 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Co95cvSJKiv5iZd3HwaSg42cy-J-skeDNt_1TrSWllpt0_akG26h_CVRGvykpTRCqtbT1eE92kZO7GYndXtZLY5xVbjPzOwL969gyTYUJshg_r_o4

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame BB69 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:43:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:43:17 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB69 122 KB
37 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame BB69 13 KB
6 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:43:33 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame BB69 0
0 16ms
15ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxUpN7PMKqMtcP2h0VGl2EkRpWGfMK8WKn2r3L68CGACRmgP2E69NCvlW0mhQpPD55GFrh
Requested by: Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FBD2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1&C=1

43 B
1013 B

71ms
70ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:47:29 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFSM8EcJXoHzLklLU2jIuw0&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame FBD2
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5pwS3w6Se-vEBDs2ubRAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

43 B
893 B

218ms
217ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:47:30 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame FBD2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJa-F75zuep-T0raK0bdH_Q&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJa-F75zuep-T0raK0bdH_Q%26google_cver%3D1

43 B
1 KB

64ms
56ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJa-F75zuep-T0raK0bdH_Q%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNUDWMLF5Z0_2ducJDascR321CkZwi0ISrG5rkYmQa_TCCKhs-YWzYvNN03W8mdFeAWAkFKQ7HGhQTdw5WTD5D1dU77gf4vy-A2Rqw0TJTQSgaExIzUAdrai1gw_UsAWuF2YqlrK4PMgID_5GNBulE8Htt4sFrHotvarihsEDJW93SMQRiI

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.241:80
AN-X-Request-Uuid: ecc51da6-e1d4-45d3-9002-7dc6077758af
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.48:80
AN-X-Request-Uuid: 083940dd-0fd3-41eb-8505-29402f9bb4e0
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJa-F75zuep-T0raK0bdH_Q%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame FBD2
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2NDQ4NzgxNjcyODU2NDY4Mg%3D%3D

170 B
188 B

70ms
68ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2NDQ4NzgxNjcyODU2NDY4Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.173.10:80
AN-X-Request-Uuid: 39509046-c676-4a7a-94ba-e9d22037776d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTU2NDQ4NzgxNjcyODU2NDY4Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame BB69 111 KB
39 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85344
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 07 Jun 2021 19:05:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame BB69 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-COv9wypXoAgFq4gwJUJWXkGou7t0lw39i7_7G3QhqNz6gm-gJuKznCbq9i8be47wGJgvGShgIR6HvwhqSHzb4_3_TvZINYgiHg3UloTWnMMmHeb6brZVAv1V2TAdqoIaJLD1Tc0Tkq7ZXflwrZNIHCOYhRbw&dbm_d=AKAmf-BbQUSrjzEFM-qomtNEF_KxUANiSquR0dMfNF8v9wPYrCo_7HiO6L5yQmVjznsSeWNdr3wppdIdZIns_aEX30v4iSYBZnp-2fdDkFxfcZeeKM_Aply9UgOkAlckbLOruOi7bER1vS-1Ynf8JA9b_E9iiQkVnyipgi_WcVp_0kjvF6ycrwyETXbPEXXgHCCClB9C4ctuijre_mIiOPspPCyMMGDchq9X_u4fh4DCcCoHsAbHu_mmCpB8rUuTAvIPiv11ua1AOH35c3UHxV_5ltSw-aACPWIDuFGg6K0iqWnkmQxln_ewwYTPw3svm-YQNAvUTRuHzVxJVjeJzZril9kDBkgnCCqIdmvCWQXThIdeidmVjewZkxztgbTzlE8QDHjxNrjhauc9QujzHqktu8DsmTMK_lBV3Z_9NzBPf7eFy97WibhJcQFtd13WYPsOEQwhUNms2t9c_XPgFp42mYKE8iN5qm9ZS1zjCYf3bRpbHlGl4BJWvBU7PRqZMXngd_h_Rl3Dd36dNKmyowU8CVXimBaeLtj-cOyo_WXrxzUl9-IjuoziGpqd7usD-NO9oV9jD7n_nWWY4UX5dTvGropYDj_GRGb_W9PGqS6uZYLfRiPL9GTrRhCLP62AHyCWvEHVo6Sm7tLzS-5HXTsJagrdFNV2sOn0XQG2G9I1-Q42jYRJdvyJUE0c214679TVII8JSm2ry3ZHK9PNg5tvYTOpPxtH24VTHVcRe5oxN0Q9omXii15jrUtajlzYez3klUBhd_1j7GE8REnZ9sYerpNCeovZATepyQFGyAT5bOTqZInrQYgHEshaiS0kk_os7FwoVjWcLf2-P6eUDv0SFfjdvHOmRDRdD-5PVD4Hs7_ohLEiyZCgsRAveVCzjJPwLabYN837eQN1oX2VV1f4sIKUYSX195FBziQw9d_Ti90FYHbu4tpnT_9Cf88hiMaYe52UMXEfX88150R9s9UMA_6F7HQaQrq8DUWcRieIz-77iX7dN4sAxP255OViBwDCt0l7ctZJM5Nhe-rQGhjSYE_kPsead8OoJ9YKQk1_fYnbm_HVzfyhITGq8YebnkjZ6C5pBomAnj2m09iM5BmlHCcPSCaAnUsFU7VulDA-HGrjBE_NwcFHteRLr4CG_gcSdkq-9PMyJmWzR8D6IaXvxdVmXhH2lpVyiC5OgYuI5Z8G0zhKfbN2KcKjcEHBMKg3i2_395_fMcuJJDX5V0kh7WvxPLzL__SxXyg1jlFBo3Nd5BH7Rv59rNcDMqN5gvwH98koO5Hgt6qjEMOvTJly1H1oYcHp7Si1QDzXoFErfUqYdLHKbrP5M2673EVUywOA8pW7tuzRIevY9tirylgX1n5D5o7pyQ07FF9M_uOPTRbZABLWWpHSk9qZ6xQqMyRlFC1rKY_lQDxkEWX-1J9It2No6Tm2HY6HikPbwpAL7FYxRgKIyFYSX1rjqG19YLjNUsLZKZ-Ogcsf7JupN42l3KQn0GbXGA3fBwKbIFt8OGFz5FvuUlMNqWsyQOHblWI07OIS3pkC5SLPxpBSDSSnjfIhMWthLviPC3ib0qJSac9GzmImZZYD9tMKAvMD81otANVkLXZOVNBBhoWFP_YQA1wm4BWgGBIHXgq-vmXLNjezMcrSVyMyBa94oWDtPVpsoA7D2MpVFAUhqJPvWCLR4DUXpdkHijzN1nHUY-a4XrrVPa4tFYON58xREB-yo_sz8GgC0vLlSKM8KysdwuUjDH66zVn6fewEr9Ycbj5b0k7vwRw44074ihppcGfGYzhDippFdAOedw37MkbqQNJ583W5QfMx7JGvL3I5Y0ocwWgbHvV616yS6aDDopqSDcDoDgvl_giA4ObOBBNC_Kcazn6dqlPRxu-WjbHGrGG2w35ypGpvJfHb1d0fPicGQ-vkf2QTXojoYL08MxpDMbMgDEZIBIID6sVNSi3ZZmJDIRfZpIvC58PTjLFag7fHBNt1DYC2Qfp6yhegFG6S1uFyCUj60yT4Wu2IvM4hVZVHbYx1B3t1dFsS79Teh9FfeDXUlKzFsbLh0BrxH4yi5r1Hu3pQe4qq3UBXCNHdg3ChSSeuBNUmJae94JF9_SuWOIotGwyYwIWTvAtoj_8CS-hks22WVdQdsvtGjIs74rbz3zyC_7p82F-iTWckxqxYUb2RuOpy0ewvyCc2Mgb6CjfO0NjSM-jFY1L2IMkZ0eScSJACsDF_fDEynCtDMWgzUdDLIggTfTNF7yK4Wkj9_-roTj1Okb7ukCNNCX96hK8jyNc1ZDOeJBuheO6vt81wuZcMkC8Qm1cvfVpGs6pvJunoloVwkJE1M3i9bmS_SieTb0h5BbBfOc5u3j10tKMI9UBakTs5EG3wg34l8NWSnC2dWEFItwzrWT388l_kk2iO7YtzkF7-cn20m2jLQRZWdRi4ZMEtbsk5xiGuIpWuksEKuuLr4nNtzFChWliYJQUXzBhAoNCy3e9ztNjWhyfvln2APb1pKJ9rvEiwneUBfyBbqofBTyZEthN5PBXBU7XZ9TAv_xNl4FpOk-e5RaHa9Q9mX_5agmbBsSfoK7x6ZM2x23yxWwJfdEnROQO56kw8dJ26vdf95Fd83jmW-UPSrn32F0mklm27JGQbF79f7DCfZP22UnJGqA9IBr3Ed4xuJtXnZaZMPNLN_aDwcPvJARRdJCHfOKa0c_e-Vl1oCGJ6EADc2AUXSyeojKGbRFhxPfrdcF5V0FplITckkjedBWl9eQ1Jpa04dq2z5QJoDESpbE_5sDiA2M8QXKSm1OkZlvZAuB9Bcw3QouQXz8oeeM-NnP4vZX5XGifenMSVWiTQQgt63BC6pdWmnRwCVB1bimUr4G36XIDou8UYjHvUx4TnWJRrrYe8221rH9_63FCdnbbO07wu1ZF3KPinF7bTgxczn2yx8wei30dZ_WbxCTcGhQaQ3YrFXxmJRqIT2y-zCrJxHzCca0XmH-tq2FDFDA2zBicyB7_uWKQ_2HAhmLoXaRYzPipl&cid=CAASPeRotQDoj7PmLoik_MoM8qh7jPXt-j-sRrgxK8RVgNFPUDe852hUqdMHvQTjNZB2agdj_qjkui7q4R0UB7s&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:46:50 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame BB69 22 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:39:42 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BB69 41 KB
15 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99513
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
DATA 200
OK truncated
/ Frame BB69 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8d6471084afda8dd4417cd7c06ec72310feabc31ba3cd52d978dc0bfbfbce59

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 2145 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 93913
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 4FAD 6 KB
2 KB 22ms
6ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8956534/1621239267390/728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2292
date: Mon, 07 Jun 2021 12:50:25 GMT
expires: Tue, 08 Jun 2021 12:50:25 GMT
last-modified: Mon, 17 May 2021 08:14:27 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 21424
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BB69 0
107 B 209ms
94ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvLiD3dZFUc6WCe-FI1u-ODRoCoyVdAft9l18ZhP_04qNABD13DBdHOQu-eaI4nxyoM6C9ZgLlaronBxgRoJU0Sed109S7LCvPPgKzesf44pxY5p6iwd5D2yS6bUVFTBdfqZXJxMC-5eK_UE0ES_g4Lksm4yoV2qbDzM7TO2T7cjOFsx8FLVuFGuBwjROnOjZB0jkjv20xuF6e5KVvSS15I1NoZBXCHieytV_KfYVz3P8g_om3wFqAe7ck3ORrx9D6xB99FDrPbdffyjMAnULqSQYhGfBvQKh_DWR9ZN6m0D9FsjmCu2RoJ0ZZY1U79CCJXu6jIsH5smRIB384JPyNQhd_FtKBwvrfPY6GFT6XFuaHlJzjCrRErnT19qGZDw-O63W30TdOJczAOOH02zGevpWXWFTkNfsx4VUDVQXAcdhEZ_qbS4zwc2u_1thXcxnLqaOLolMU8DLIUPBGUNQrVWqg53hFiFkjXdzXxSG0oKmHwb58ZMxSzMGMKLg_fXpZ8BlAOFx9cHFc9FsW32mHxVUPlCsHBxPXIqA-jLlMUgDtUOR9RMEbBwfgVWK17wKwt-dXqEvY197o4Xv1WwP_FUhG6jBOpaVqOCndHNSscvNNUmFN_LUHa0BkVG0OUKRP0nuRZLC8PeOmGSjUEM27Vra9r_wAwN-HuGUTZi1Ba6PBIMRSVm7TqhE1DPOu4Hs0m-8fwexp2xU9wYIPAvE7s0HFykvEjxoibFM9GNvSKP4irtrF8tPCmKBTtSTYsiXxkZpx59ndKbytKSCeY6lkWx981YKqMgsShMmz-zJ18cjvaSWSkEaqKOizcneF9frnalmRq2LuPDMRyC3-gqV1JyRFZqE-XtEkEigCyhdIeR_UO8cVZPEv1YpnpuKEC5RpogodEiU5fnCniP9CQhfDllAXlWhiVgy7bTWrXB4JhQ6tGZW6LaM8kB6kGJJkuPyPmTJaKezl4zeWodKdXvF_Jy9t4qalBPCc5_XtCttyFkdXiSBI_NczNHS2qEPXb6FDjTICTstAwAgR0RgXJ7Xozsm1PUZfL2hvNm-Yq4yP6Mu6Kx0ZqGFXn3eV6hEolH7TyND0T7ghUvlzGYQg7B1z6E_UOdrXJE64gg0KrlAjrQnZjTkvy7tBDSY_FhYPRSfdqFZIBwsU3opngigFlB_SQodxJR63KBFnKNcMxi4MxeQ&sai=AMfl-YSCPKtTC1z7BuZjZj66ERcNXS5JR3ppQP118pmNl39sjSb3I682NWBnHBu4RC-L6YW_tuJ87yyxZtVafFxi-jsIOw5WDVnA2hkp_cFZTv3jzbRlCZqsZvoaQySXA7BiFA9o6T-FGV9_mVNXhS3L5fw7jzG47wc3TZjbyDktWVDRNHVx0kLAsMCx42QCKfCyBJGs5_mr5ghpx9GjchGbLOBfJjCnfia50k0BxjO_rw&sig=Cg0ArKJSzKKRgKfw3Xy2EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=116&cbvp=1&cstd=112&cisv=r20210601.18841&adurl=

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 07 Jun 2021 18:47:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 2145 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H2 200 createjs-2015.11.26.min.js Show response
code.createjs.com/ Frame 4FAD 186 KB
48 KB 33ms
16ms Script
text/javascript 2a02:26f0:6c00::210:ba1a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/createjs-2015.11.26.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 07 Jun 2021 19:02:29 GMT

GET
H3-29 200 728x90.js Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 4FAD 16 KB
2 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21424
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2476
x-xss-protection: 0
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 08 Jun 2021 12:50:25 GMT

GET
H3-29 200 bg1.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 19 KB
19 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg1.jpg

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21422
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19268
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame BB69 0
545 B 98ms
89ms Ping
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 bg2.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 10 KB
10 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg2.jpg

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21422
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10700
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ 15 KB
16 KB 156ms
155ms Script
application/javascript 185.15.175.147
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=896214588737200
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.147 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:29 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H3-29 200 container.html Show response
9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B6E4 6 KB
3 KB 27ms
27ms Document
text/html 2a00:1450:400d:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 18:47:28 GMT
expires: Tue, 07 Jun 2022 18:47:28 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 bg3.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 22 KB
22 KB 21ms
7ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg3.jpg

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21421
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22696
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 bg4.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 786 B
808 B 7ms
6ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg4.jpg

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21421
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 786
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 95A6 624 B
299 B 19ms
17ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkiFAc8Pyf6fOSdCivNdzU_IkzQnu5VTlcE1dWqAe3vrE5QI1x3Ebj7NPgEjq0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 18:47:29 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F9B8 24 KB
12 KB 38ms
36ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUTqKH4bNIERUwwVr6xzU7FwwfTRDnvCdw9wBSD-2KJ2dSqTR7qOBR6hvc-KEcd7QtfnrQHqGRKUTb_flORYLWE0a8Ojq_c-csYVKO4oRYiqj3Jl7tFnLwgOwpphGxtvxHPrOw2kcAOs1T9lE8PcNRRoaR7Q&cry=1&dbm_d=AKAmf-C3nnKsuAigWB0SZ66uOOCZNTaBJRn-z7bfFvHAXER2aN6s3Bu5w_btiujAPa45rO3AAAXFajBh18dbHruq_ZUeqvMdMqIpmaXpq_8o03lv2ExcH_OWQvTHrxaQjp1htL3hZ44Y3pKm2ZD5vImbAP6qssa8Sg6k9kOnmLPBEdrAC-VaAT5gEJov2-Mi5MHafZ4m3MEotjjB9qtdm0HohAGWDjw9OhFvTHghreAvNnk8i7lK606VLC8RsAxsTQ0ROCSgdD0BLFSU19lMQ2v4rFYlmJyCHX_qTT9l6uBkYzDBy5Ltoj3FXuKc8vzdm0lbdDwGeGeijn_ROIXvnsJBFgjcUeii7kEG2uXPuBrY1A3UxnKg6RnHYBzi_seJqtIeBs13NXL_5-4ypEaMxMkWc2DO9zh6t1y8FVfzjbl8rz4QX0KXxN0Uleb84qpHBLB43ZM0TC2dkoDCayvyEysgnPxrhpQBclXroQSVLPzFdOkugcgf8TTYXGU6ojop9kd0LAIKLVeVy_eZ_EDhPnvr8AkSGN8ptThKxSzPqXAFhmwW6t7TBUjdV8-GZMsLXoxuIedjW8whud_ezO0ULnPkzQXZfjIYiKiiNdZ4EKYzYtjpBVgoOZpK6hCYp-ke2i9OMLi-y--7qciu0a3WWwSP7LCvCGU2gQwI8i5xTwFfwSAP8owb3Y_i37FEEV5cKMwi98Pmvn693RmwPG9zLYpzF3sZfG2AG1H6GfvxPyqBCR4FXEwBFuBXt6wHtxyxlj3wLrHA0k-j242e_ue5bNX3qB6zelDAiWBPubwXZg6-97fLm95v8J1La7812jUDJ7kWPlZF8Z1br63eeT3lBK8TDVZEUJFagYsjc-J82uptWfBPBW1Zjg5ZYRnMga4lNdoWnAm7n-Aq2t5-UX8pj9BNVXztSDsskhXe8T4Iq6YUcY8NmKTB9zCHiGm-ZoyCAH4986CqnFRkMVrlZvWYmPhbm3uoZPYKqd5uixNIlbCb_e8XWiHiO2gbj8vq_hAi26svFPlwOn-jEVgBEfg_wX1NbgazD_LPFeOxwe7MaNPhC5R6KeM5qc7viljpdnqIbHBvKjuOa8gQQ8NpjdM540QURXclMyggm23r0iiaPgsEHCKfHp7bUJopQLjNTqyZ74eqAcm_HJV1z-4ZtnuuGmtI4TiqageCLAeyK0EYYzYR0lvcOzF_eozq59jCtf02dVQX5F55ASarrHndubgrVyI5fPYah9Ifcy3ByLxD-XRLqE3MAs1X2IW1EREC1e0KsIq59o2D2dBboMJelZSPFVv5rsxItWGNImkHz85ZRS6h_GGiyr3KAw8EBz9cRJr57zxtFMx-vUV1wxGOhXPj2-wa48mCEuWXnIpTcVzj2iB43KLNv4-fPaXAVIwslmVurQudgw4LvMgDqtQfVhYItm1BCWJCRHLvh7Sp5zmce2IgZedeEw4JaSOAD7dMu7BX9Lt09xYmF0Z-MO6SOKfO75ErDr776ygaYTVWo097GXlbbclMLSBWcNkpIgIj-uIo8QNvgQ_h1kbtiffXWLud4UYEFzVmSPbMtR6sm8fSmct-fXbEFc-QuMBSl5yw23ElvcRjuXYg8I26C4snK14p4LxxWcIueoIRK7ZgxzUFNhqloaage59Wib0MfbMyI3jEtEOjdSdx4DdSX66TUKSfNlnvvIybrc4b_VS_hn-hKXVcloineSx-qaQPZr-IvXsPW6ySuqBF-3m24Hk7YE6GKSGPCm-DquydG_1ns6rs-XyaWtcygbVOmrwqlNe6lm8LmSskuDx1-K6Etjn-6VFnBAXLHGCdo7D0VkGKBJIXHVbnzVzPyLDLxdd75rArq5K6Q4W3u_Xqw-PFORKTd9gxCAKhpnit9ql4LsclScyQpjHmW8SQLQKonQhprdoImcSrUrrqPkyi9nNhutk_aLB0VGAG_afq4EKiJI7pJwGlVGJlLikaQR_3UktljzUyBkZB4oqBxoKyIrDH-Hm6v4o7JuLrCbtJqvp4T_0WTJtIUnS6bsJDBTSNY3YWvBKIyOcZ5jW0TQ4poW9hqucngC2ZOzVMswyPBHhNEIwxyYEvwnFypZyCGGeAIRpg9GlEONfxCCbXIp6hgOZpikoprlPcQHJxpKDj-jidtcEwDv9v6SByvI5sn9rb3ME6zVZSjzuh_ZhvWvHH_EBt6kY9zwuoHWG8G1_BIjnVL1uu9UkqlQn2d7g5zzS8RDXtIjz9k9jPoDeIQgEcLUFyB5WiaqPI3a63IkgITVI6QsCzTzQlyYeGDfrQbV1Q8IYc1qgYPDPP8v_tU38KZsuZOkNiZO8zC_SCOKuqUplnUbrZkQaPY2IriHeiioYNuqpKJUvmSUhFLJY2Ny30Ej0r8XkGm2KxeiJ7kgZUhpBK6wxWVYL1yjbYd4MVgNJlwqO54o4DQ0wM6ctnyN6DCJsW_DjOhYFOvTT3uUnz58Fc36UJkXFL2ntA8G9Z3ptHGpcpwu1-f_Ssp6y-IYtUJ1Dty0yyqVBbo7bOJpAx4msCpx_M7KMw09UgFX4VNmP8NFccy9FAKuhd0lGyMrDsjqQuP1rFKDx9D85YnPANNvPPV2qX2Imd_-XjlhFUSM8y9DV3kKfuyFLtyKChxwyGDGxgNp2mmYZk_jIFL6XFVuJ_Cibo0mz6HyCa1BBCzgjnl68ZHpIXGrgNU0HELvg8hc5lfaDSXTqG8Kif-I9jmqG1_yTKuHHy1wH4AotpeGxu5J_6lP87xSScEGH91VOoWTLIRbrq5NnrV7qMfP1ovl9YCGrbUkvky3HMtst65-ZaDrN0dIWWbZ-AdWcYqkBWWDvjcRN3_-PwOtujGZDQ7x8Y8CFWGlodpTlUYWnRJrmalrSVxoVSajGguYh8CMZb3_go6yybnIaycsaV_yi3X_kCk0gTnasrUirRQbd9ZGT_apmVS40hvavm5PkDk_p_jBDP05UUJOxwKPo_OU6X9pANHoM0Sxcq8AlFd5zgNl9VBsWhs2F4AIEnWi4iipla5l9YW7YXs_6DCv5Epuc1uaWVN_oTbpPzb8ulaqE-h5Qkp7WCkkW6QyMBfL86IRZvUJyynljGkXykbPRnxpsJB-4WX6LdvEy7G23Hxuo2OT645esZSAQfJV4hpYxw3-0WgtRRq7GCctzYgDS-0fun4YqRY3ezvaWB5PEVOtaq--r4fttCJ-t1P52ABsjCKX2nr9bpylFw2aJpVMgKuKdWzKfX8DxYpw_GR-rB0ufhBxKhhIM&cid=CAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a60cc555878ad99db4a8b33e136ab7f3065aae78b17e358d11e6b765b217a97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12143
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame F9B8 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:43:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:43:17 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F9B8 122 KB
37 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame F9B8 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:43:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:43:33 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame F9B8 0
0 18ms
17ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRmPLhR9sHIfGsslhn_0yvipxuBYZTo6zcxZQd5JJFXrRACQCx2wIP-Gs6nndb3HJgikKr6
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F9B8 42 B
63 B 41ms
39ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CuEvuajjcsB0EWFKqQm2H1Oqre44dpyKOLfsBHsp4-JN35EsW7b4YHeqHHI5j2pJ0i6g4pIdURUZGV_YW0obrTligpH_ZRSFPQOZLH6nO1hXsvE5Y

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 bg5.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 17 KB
17 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg5.jpg

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21421
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17109
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 copy1.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 5 KB
5 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy1.png

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21421
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4879
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2145 0
20 B 44ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BbG4lwWm-YKv1G4LT3gPLqYiwDwAAAAA4AeAEAg&bg=!DwylDEjNAAY6sG-_OrA7ACkAdvg8WjXeZ9e8sHbTXpY0uuOUpvFYntacMpLUGVYOyqDr2vRg61o7LAIAAACQUgAAABJoAQcKAJkbogrwa77atgFf-bcQYNQ3Kk7SUEBBH9vyj_EnCmqTHfBqRbw1Hh7H7Bz8eBIeDsIzMiLw6cy11ZfAE5tNGT2lFdxHyRpXGTdNCEkmn0xSPJH8P_dkJSQeMXmOGDXpT0inVbqPrbcH1yutw7yN7VNOpxv6VBflQE8VxoE8DstJz2LbBzeViVWlOYvRLGhS92wbbSECBBMrxl6ZAorzPtCdPRaNgME16IWCMEGn4eX5Al9FEay-TRfsPTqoVergBQYjqW5nXhmNjjqBs8wqEXlng6cwd7ueh2-n8JIvucVrV_PwocqJtRBD8pYo-6NpcTQcAkrNNf0TrkcPlSXFoj0zwGF2BBePni274FTNTF10cga0hJDRbVXtlHcQwxU8bHTryBJXoTVbVFJSKt8LvSLD5bbZ8bJN-4FlTTw-TSUQnBhPb2ZtOjPttuZKpYONjyiLC4nRjg7Uj1aQKiWnQ3AsN8DdOO_XI56W6COzXBCtunDbsIUFrcp3GTeu01yP96miE2IY-NLoBcw6cUDHSj-ti0dRDD4qefKR7Sbxou-8o0OYZpUobj2YNRsMcmWC2EvXzNYRgPQB-HhkgYH7m90-faiaBTJHmd8zv0erQSlt4MUHa1nyr2QY3GQIgNMhYoF8WnLnOnwJhCHj6irfrvS3tKIPhMYzMoCavUQ7sRbThleZjDMDaJvT52Iri1_I8tcKWd6Gce1kdePC3g5H_ZmvP5GmRUk2ZTKgBVo7_6nsH7MINnVn-o3Z2Q47g0_ew-tKSBmwrHB20yP5NA3o40HKv7LlGnoN6RcDzal2-dCCJ8dDO4JqsmBCh6_Pu1GJ8RmMo3QOLYBoDcwj3E5Ycw6WayuVF0TW7Ee9PIC4OT2W5cvG3WM3KV0J3gwEUiCeSGIljOuhibhgljgOvd8kNqFSJM61HJA7R4c1M9dUHV2NXc4z9Q_4HqGULF3-ZkWDLfmLUxFWU1lHurhqTW1sy9F2ZRENm5DDEpGinzfdbhxMyZDnU25QAnn-p5AsZZbt5lERiWOCuluTZAkBB9g2wG1tzRC_ONZjHlEKTrotnWQmXWruzP-suw

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 copy2.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy2.png

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21421
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4267
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 95A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

43 B
893 B

67ms
67ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:47:29 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 95A6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5pwS3w6Se-vEBDs2ubRwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1

43 B
1013 B

77ms
77ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:47:30 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTAu358MHnIBT42tws_1sE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 95A6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOhijYanNydTW-97kq5do1c&google_cver=1

43 B
1021 B

58ms
57ms

Image
image/gif

37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOhijYanNydTW-97kq5do1c&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYzeDPkAEwAQ&v=APEucNXpP9LZKx60r847B1piL-PP7EOU6qBeckKCnp5vz0R2CD-vBeVZG5JUpDDkNpqlp4tUuYa11P-F6Nu4cSN2q0IcCf10_3_u4vF3y5YaeyAL1tR8pqObrhE39rp6twtSdcysLVJdI65QfeSkyNhlP7r6yM_r0z7ElLEKJ_SLkk519srvpRc

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.230:80
AN-X-Request-Uuid: b97c7263-d16d-4339-9f98-fe03045bedf9
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOhijYanNydTW-97kq5do1c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 95A6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDExMjUwMDk4OTIxMDIyNDAzOA%3D%3D

170 B
188 B

62ms
62ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDExMjUwMDk4OTIxMDIyNDAzOA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:29 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.154:80
AN-X-Request-Uuid: 451a8d87-f140-47bf-b2c7-9fc786917a72
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDExMjUwMDk4OTIxMDIyNDAzOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 copy3.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 3 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy3.png

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21420
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3308
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 200 copy4.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy4.png

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21420
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2480
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame F9B8 22 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DUTqKH4bNIERUwwVr6xzU7FwwfTRDnvCdw9wBSD-2KJ2dSqTR7qOBR6hvc-KEcd7QtfnrQHqGRKUTb_flORYLWE0a8Ojq_c-csYVKO4oRYiqj3Jl7tFnLwgOwpphGxtvxHPrOw2kcAOs1T9lE8PcNRRoaR7Q&cry=1&dbm_d=AKAmf-C3nnKsuAigWB0SZ66uOOCZNTaBJRn-z7bfFvHAXER2aN6s3Bu5w_btiujAPa45rO3AAAXFajBh18dbHruq_ZUeqvMdMqIpmaXpq_8o03lv2ExcH_OWQvTHrxaQjp1htL3hZ44Y3pKm2ZD5vImbAP6qssa8Sg6k9kOnmLPBEdrAC-VaAT5gEJov2-Mi5MHafZ4m3MEotjjB9qtdm0HohAGWDjw9OhFvTHghreAvNnk8i7lK606VLC8RsAxsTQ0ROCSgdD0BLFSU19lMQ2v4rFYlmJyCHX_qTT9l6uBkYzDBy5Ltoj3FXuKc8vzdm0lbdDwGeGeijn_ROIXvnsJBFgjcUeii7kEG2uXPuBrY1A3UxnKg6RnHYBzi_seJqtIeBs13NXL_5-4ypEaMxMkWc2DO9zh6t1y8FVfzjbl8rz4QX0KXxN0Uleb84qpHBLB43ZM0TC2dkoDCayvyEysgnPxrhpQBclXroQSVLPzFdOkugcgf8TTYXGU6ojop9kd0LAIKLVeVy_eZ_EDhPnvr8AkSGN8ptThKxSzPqXAFhmwW6t7TBUjdV8-GZMsLXoxuIedjW8whud_ezO0ULnPkzQXZfjIYiKiiNdZ4EKYzYtjpBVgoOZpK6hCYp-ke2i9OMLi-y--7qciu0a3WWwSP7LCvCGU2gQwI8i5xTwFfwSAP8owb3Y_i37FEEV5cKMwi98Pmvn693RmwPG9zLYpzF3sZfG2AG1H6GfvxPyqBCR4FXEwBFuBXt6wHtxyxlj3wLrHA0k-j242e_ue5bNX3qB6zelDAiWBPubwXZg6-97fLm95v8J1La7812jUDJ7kWPlZF8Z1br63eeT3lBK8TDVZEUJFagYsjc-J82uptWfBPBW1Zjg5ZYRnMga4lNdoWnAm7n-Aq2t5-UX8pj9BNVXztSDsskhXe8T4Iq6YUcY8NmKTB9zCHiGm-ZoyCAH4986CqnFRkMVrlZvWYmPhbm3uoZPYKqd5uixNIlbCb_e8XWiHiO2gbj8vq_hAi26svFPlwOn-jEVgBEfg_wX1NbgazD_LPFeOxwe7MaNPhC5R6KeM5qc7viljpdnqIbHBvKjuOa8gQQ8NpjdM540QURXclMyggm23r0iiaPgsEHCKfHp7bUJopQLjNTqyZ74eqAcm_HJV1z-4ZtnuuGmtI4TiqageCLAeyK0EYYzYR0lvcOzF_eozq59jCtf02dVQX5F55ASarrHndubgrVyI5fPYah9Ifcy3ByLxD-XRLqE3MAs1X2IW1EREC1e0KsIq59o2D2dBboMJelZSPFVv5rsxItWGNImkHz85ZRS6h_GGiyr3KAw8EBz9cRJr57zxtFMx-vUV1wxGOhXPj2-wa48mCEuWXnIpTcVzj2iB43KLNv4-fPaXAVIwslmVurQudgw4LvMgDqtQfVhYItm1BCWJCRHLvh7Sp5zmce2IgZedeEw4JaSOAD7dMu7BX9Lt09xYmF0Z-MO6SOKfO75ErDr776ygaYTVWo097GXlbbclMLSBWcNkpIgIj-uIo8QNvgQ_h1kbtiffXWLud4UYEFzVmSPbMtR6sm8fSmct-fXbEFc-QuMBSl5yw23ElvcRjuXYg8I26C4snK14p4LxxWcIueoIRK7ZgxzUFNhqloaage59Wib0MfbMyI3jEtEOjdSdx4DdSX66TUKSfNlnvvIybrc4b_VS_hn-hKXVcloineSx-qaQPZr-IvXsPW6ySuqBF-3m24Hk7YE6GKSGPCm-DquydG_1ns6rs-XyaWtcygbVOmrwqlNe6lm8LmSskuDx1-K6Etjn-6VFnBAXLHGCdo7D0VkGKBJIXHVbnzVzPyLDLxdd75rArq5K6Q4W3u_Xqw-PFORKTd9gxCAKhpnit9ql4LsclScyQpjHmW8SQLQKonQhprdoImcSrUrrqPkyi9nNhutk_aLB0VGAG_afq4EKiJI7pJwGlVGJlLikaQR_3UktljzUyBkZB4oqBxoKyIrDH-Hm6v4o7JuLrCbtJqvp4T_0WTJtIUnS6bsJDBTSNY3YWvBKIyOcZ5jW0TQ4poW9hqucngC2ZOzVMswyPBHhNEIwxyYEvwnFypZyCGGeAIRpg9GlEONfxCCbXIp6hgOZpikoprlPcQHJxpKDj-jidtcEwDv9v6SByvI5sn9rb3ME6zVZSjzuh_ZhvWvHH_EBt6kY9zwuoHWG8G1_BIjnVL1uu9UkqlQn2d7g5zzS8RDXtIjz9k9jPoDeIQgEcLUFyB5WiaqPI3a63IkgITVI6QsCzTzQlyYeGDfrQbV1Q8IYc1qgYPDPP8v_tU38KZsuZOkNiZO8zC_SCOKuqUplnUbrZkQaPY2IriHeiioYNuqpKJUvmSUhFLJY2Ny30Ej0r8XkGm2KxeiJ7kgZUhpBK6wxWVYL1yjbYd4MVgNJlwqO54o4DQ0wM6ctnyN6DCJsW_DjOhYFOvTT3uUnz58Fc36UJkXFL2ntA8G9Z3ptHGpcpwu1-f_Ssp6y-IYtUJ1Dty0yyqVBbo7bOJpAx4msCpx_M7KMw09UgFX4VNmP8NFccy9FAKuhd0lGyMrDsjqQuP1rFKDx9D85YnPANNvPPV2qX2Imd_-XjlhFUSM8y9DV3kKfuyFLtyKChxwyGDGxgNp2mmYZk_jIFL6XFVuJ_Cibo0mz6HyCa1BBCzgjnl68ZHpIXGrgNU0HELvg8hc5lfaDSXTqG8Kif-I9jmqG1_yTKuHHy1wH4AotpeGxu5J_6lP87xSScEGH91VOoWTLIRbrq5NnrV7qMfP1ovl9YCGrbUkvky3HMtst65-ZaDrN0dIWWbZ-AdWcYqkBWWDvjcRN3_-PwOtujGZDQ7x8Y8CFWGlodpTlUYWnRJrmalrSVxoVSajGguYh8CMZb3_go6yybnIaycsaV_yi3X_kCk0gTnasrUirRQbd9ZGT_apmVS40hvavm5PkDk_p_jBDP05UUJOxwKPo_OU6X9pANHoM0Sxcq8AlFd5zgNl9VBsWhs2F4AIEnWi4iipla5l9YW7YXs_6DCv5Epuc1uaWVN_oTbpPzb8ulaqE-h5Qkp7WCkkW6QyMBfL86IRZvUJyynljGkXykbPRnxpsJB-4WX6LdvEy7G23Hxuo2OT645esZSAQfJV4hpYxw3-0WgtRRq7GCctzYgDS-0fun4YqRY3ezvaWB5PEVOtaq--r4fttCJ-t1P52ABsjCKX2nr9bpylFw2aJpVMgKuKdWzKfX8DxYpw_GR-rB0ufhBxKhhIM&cid=CAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 467
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:39:42 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F9B8 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99513
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
H3-29 200 copy5.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 4FAD 35 KB
35 KB 7ms
7ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy5.png

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 21420
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35930
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H/1.1 200
OK i0be04j7xi0r Show response
hal9000.redintelligence.net/zone/ Frame F9B8 11 KB
4 KB 193ms
63ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/i0be04j7xi0r?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D
Requested by: Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: bd9c64f77f73813eaaec9b9c3ea5c41cc717df4dd9abbfe76a8b4a439a81eef6

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3938
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3547 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 93913
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_pgbrk&pvsid=3152983715620911&vrg=2021060301&nw_id=22149012983&nslots=4&eid=31060439%2C31061340%2C31061371%2C21068110%2C676982961&pub_url=https%3A%2F%2Fsci-hub.mksa.top%2F&qid=COS-qsmXhvECFXEViwodznwGWA&iu=%2F22149012983%2Fycykh-ndd%2F970X90-01-sci-hub.mksa-ndd-ycykh&e=61504&ret=970x90&req=970x90&bm=0&efh=0&stk=0&ifi=4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 3547 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2060
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H/1.1 200
OK extension_1086.js Show response
tag.digitaltarget.ru/extensions/ 732 B
976 B 97ms
97ms Script
application/javascript 185.15.175.147
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/extensions/extension_1086.js?i=500541564961281
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.147 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:29 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-2dc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 732

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame E5F9 191 KB
54 KB 31ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 302481
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E5F9 12 KB
5 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 302483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E5F9 87 KB
27 KB 41ms
17ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 302483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E5F9 4 KB
2 KB 43ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 302483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame E5F9 41 KB
13 KB 43ms
19ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 302483
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E5F9 4 KB
703 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:19:06 GMT
server: ESF
date: Mon, 07 Jun 2021 18:47:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E5F9 4 KB
726 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060301.js?31061371

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 17:29:30 GMT
server: ESF
date: Mon, 07 Jun 2021 18:47:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 18:47:29 GMT

GET
DATA 200
OK truncated
/ Frame E5F9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 668c7eb47694674a6c9600e445c4462cf2646210da24724cd8cec0695757d9a1

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 GcpWV4KwFOIz7Vi8jENDi2MQInXDGoqiq0fnMNu2VymJl6XK_Xv_uIpRyr4qxBinJZJcuasIIoQdBMzFqjwSkAYoc6wjtBE=w1200-h1200-rj-pd-pc0x00e9e9e9
lh4.googleusercontent.com/proxy/ Frame E5F9 187 KB
187 KB 38ms
17ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh4.googleusercontent.com/proxy/GcpWV4KwFOIz7Vi8jENDi2MQInXDGoqiq0fnMNu2VymJl6XK_Xv_uIpRyr4qxBinJZJcuasIIoQdBMzFqjwSkAYoc6wjtBE=w1200-h1200-rj-pd-pc0x00e9e9e9

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

229f7b74c1efcd2b5cbe48f985964c1d19e34a741c79d3e66c5802a8ae166fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: fife
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 191029
x-xss-protection: 0
expires: Tue, 08 Jun 2021 18:47:29 GMT

GET
H3-29 200 8387006149870231868
s0.2mdn.net/simgad/ Frame E5F9 56 KB
56 KB 11ms
8ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/8387006149870231868

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d05af03c43c1ce053a75049e363a61af92d11f1854b7d931607c9587ac7e522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 04:09:52 GMT
x-content-type-options: nosniff
age: 484657
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57000
x-xss-protection: 0
last-modified: Mon, 12 Apr 2021 08:10:14 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 04:09:52 GMT

GET
H3-29 200 ad
googleads.g.doubleclick.net/dbm/ Frame E5F9 42 B
63 B 29ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DCYbxA2qrZwppWbv1-lqswyTFSj3X3PEUqxGNcbN18We5wPPnv4Dc5KrlKdt2oEr1lJW7qognylVU2OcAkeY7Qe9N39t34BYa8NBXGYqg1PHH52vN6-j_KFCFFF7vJOvizD60vAyqCsrq76EGFmq2s1KjWFQ&dbm_d=AKAmf-Cyb2PUdCcmOmbb4cIljuU9os-ssZ02W-yBcl2L72aUIjBovereAjapn_1bSGhYCNp8zTvQyNHb7TKrCDyeKe5fwcFdLy6c7j8I6QgrbhUD0Hilhli3SePT6XOXg1XHvdRNI5AIRf3-KAAddH2GVMPmExL1X7NIMWcCeiuoe789sgSDSMnDouIfdFM8l5opMbbmkXLmAJXQI86urDrTWFUDlDGcpAO2iXB9diLQd5EmYwhHEKZzdmTa2n6wR9jkjoBT1UxytXsa9EI2CAI5v1TjpPjYGnEi7wdScLimn9lNAK-kQZzCxFNn-xpwPZ_opGwQzu99RKME9ahwMdioZKN_LGMnV1K1tIYhVsgkBCSYJN3bF9bD3UD1vLdmcbqE0TIGwDG6L3TcCUqmrI7XN_uyk2jyk3qfNb4GjcPQEkK0mB9Ii5_oNlFhyiLjTa5ih0HvqIuerk4QRBZdgsycDbpCzd81BwSKvNQn9xnHzRIFOMXtg8B5r-ajnG7osKGzTf2zz3TQMmd2bYA9t72jGNKRY22mGuJxFy1ZcqlfR4yXBqDItsNzFxAy2mptO6pv1S0b5jcdLhS_qeWiuhZLDK6Ak2MRZecVjBLH4bdmPJzBBNHUQczNtR8M7V_VkqLKcu9SAGhU_FadqscMZpJafG6uO1dak6kCVuMelpnDm-m239L3DFC9JbHSAS7wsWsHUL7yu9oBxOxfeH4yBbgnCLt6hlme7RbzN0BXRgZUqY_bWqTd1AdeS_LmmewmilJfDi8B9X5F_lJdxcOnCEjeOMBM0c7sn3ulCqknRrQBVPYmYXvrttAgZohO7gWIk_eWckBYWjjWow41BL-mmavlODdBGpfBHhYib21yQrbiy33Qz51y3JUsuOVWI8rRzVSS8n_HY0vJJAfNigKJAQXdeta_MfYgER0OxIGhEQOsPrxdaXG1QtDOkDyqiztMUcTTuYTXjmAn8VvCDbGCOt4jMcVqi2lP5HiQ5S36V-O3KyJW9B9TfKS3UKRECnq_KBQG00AnmZZ6c6m5vDJUD3Y-6HOwzTw5-j7u9_NsL-xnbS6esd_wtr4_Vw4Z7A8WbUYBi-yYHQ35tgGTm76HpxdweYt9NnzMibM15oZnmTXRZaWSPZJII3jUP9G1CE3e60sVy_kJfgZYHFcYRc34Wpfm45nPRf27Qj-tNDSun1MkcdTo3AvoisT40B9lAOHW5EDDG9QBUfpyTgVUsEgSBJzCpAneaZY3aEcDiwEebR04AlKM5RpqJWOLB2i24Zy-3oDodo-lHqAoeOBqHlx0j4JSuEONxN0xnjqsrMOUpAtdBTGEy3FeTqYvXm577mBNNMuPaD-MszUyD1sNGjxKIdb9-8BtAW4hHgVOSqn5kA5EgESS23-UJdZ79ZkHnzZq7cJcTl_x-7aOBHcq82ZdbVSe3z8qgB5D1P1Rbn0WXqgNrsc958jl8O1FYiZCHXE1HClUOkyJUwMRTwC_Y31qGDehrtH6N7YeFdJt1PNu_NzyWyhSAh0qJtnnsp-P0zJurGpYaAXQAOolNnHuTnm2XV55j1IGO1cYz7l0_bS4N_i8q1CZXbEEAq5KTxNSrQmCG8QnYhovbeUht_fROMQ8iX1WseSin7obtY5sLu7-2jMVt_qh1iqBhL2ghbzbdTVN1_zIK0InDEVRsia7tlINX6U1H-nepmUqyyXkUWCFRv7wwEHUBCZs7cL57TXD4xrJi4iPGwVF7K6-iwC8gZnckGTrOhSjn0qCvx5PtcABAidGjvzYcjhxSisbmoo9C9Fx5onsvS8w3lxaMp0y38YSti1-NWEXv98osXcZIct5oZma9Lut8_Bdjv0oqdglVKWODYqxe5X-cFduxbjDsL9CPhu3xuvS40INOnQDykCL87WWF1u23WYCOQYELhFYtPEb1vpR8Axydx9aC-fcv3uk2ALh-YFMf-CA7WHRZSEim_uPLGIqWoFh12dAr29O8dON9Tt6gVr3ovYgEBUNXnOsqvssjk0dxrZCIIwgiB0uBq2lZtDYDpwKPZyuvw4cjZQLdkjWhC-eYvSnEs9wLE_gw-DpZV8EoKPFbh7hQT9sR0BqhN8_9dQ--Da-YGub7k5yDKFNDXo7B0Edno9wMTbUpBX3e6I4-1hfsS7lxYDdQURT8CfGgEMURr1NCgki9TNnCebkBoOPwvvsMNIFXY2SqP1fmvblhjMQiuViAPMJyxCe1Dw5VSL-C674xq4nF4zSk7hkfngVBm09BW4LP6IAWPOlCPzfsguTIGRIVjkrHYT-enQIi7FXFtepOjx7Rr6XTNXDoHbfn_Ys1XJLDm1FjxjmscUb3nOvHzQskpVknkGwCA_Z2tqL-MyMTebTcfsCL2GVpkZ8rtImFzHLAgZNAWAdTnHlygu1KOZF-YMcO_orijvQOE79cr73iV1UYXPoOolaVvdq07h1Y4FxO_nuA2F0bnp2N2SZgEizCbDXD3_-1qYHHla9rAdaZFOBVagefPO6jV8QEaU51qaVAQTKeLyrOgJwE4P4ogP6fs6lx2dN-hLCei754LIQQCUd_qMsJlps-6LkYXWfyfNKCALwMcjaB7dWj0MCTbxZdDnTmfNNXh1bkFJuNDRrP8ieUETmXT0GEYx-IGFg1vyojhZtROLfIy0IpxspNLNxP7Oc7gdGLMBX27usil39cKEUWMsAvu-sNDvNTnebMW4hKuAk4HLHQcvXxxhiWPsr58jgdL3jZO9oU2h5Wr70ldCjykFDatWuDsIxCfDtJQzhqgIAzAch3BoATsJ--n25gTK2NpvP8t5v9hgjsOegnKPMua9Bqs2H4ktnhZqgtdxek6rRV7_DubedJF-wODkUSv40xB_TTnCC0moAoq3D_1j7zYfj_btCBRMvtnsCmVS29qS2d0VaQUpJsEGMsp1LETnPMUPzPGRlE2AVrGCxkXLfnUff3KqwA8ESlDTWLWzUOk4d8232gXzEtv6xJFWH_UHwc51evVuLF4xBRsCOjeyiSEEAzJ-00V1ubyb7ESoFubM1kWb1701bpqVysN_8h3NHhZhkPF4xWSd1_D8&cid=CAASPeRoYD6SLzdS3GfeF6pFP0XrxxqfIHPR2SVcC23N75EhTHHgSxwvgIfWq-HUCW7iNo-ld2vvJiUkODZDlfo

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E5F9 0
0 63ms
61ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CTibawWm-YJzeKtuGjuwP0c666ASP_5GVY5K0_9DwDfAuEAEgtKPufmDxrfyFpB-gAY6kq6QCyAEGqQLhSqvxym20PqgDAcgDCqoE4QFP0NPuV5y313f9WKfoWrBPUBEfkEvqVSUy7kgqkpZ1bc2-TYTx2kf8KEtq91ErG9GlCMcud6W_nKQ6zVMNLzH00HVDQgEv9TsqeQEoBuANPypBAoFhktbKLNW_YC8UKu47HrLAi9fZ67WjO31zII-aF24ssKZAY4hG0CHeaGxc4W95vue8PI4w5jFLjvKv6H1ZJESq4ascEITQZNQgqtedI5jzQ3nblsuzWhz_LASHb3gmZuxv29Y-16mZFBLIwJ-9Zp0r4xWOXI6bIK2PEvXT_JIKc57zyaunmdBly4QSH-jABO-xpYu-A-AEA4gF-uKyoy-SBQYIAxABGAGSBQYIGxACGAGSBQoIIhADGAFIsf5mkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAfa29TbAagHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUb2AcB8gcKEJHVAhi8sPOjAdIICQiA4YBQEAEYHYAKA8gLAbATgsbWC8gThvzZCdATANgTDYgUAdgUAdAVAYAXAbIXGgoYCAASFHB1Yi03MDE1MjM1MTIwOTE1NzY5&sigh=IshwvLqTpr0&cid=CAQSPwCNIrLMvZx6wuQNPDlxuXx7JMQ-8CTK_PS8YgXvs0A1qAzjWAHH-UMWBcyv5eN6yGhEiGXKh2sZvhQk7Ggl9w&template_id=509&vt=10
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame E5F9 0
0 15ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSsJDOAhg80HlaAl6qb8JA7HcxWHAsP4fy9cb8WPN0TFcDSQnKmdapBCCf9ZeU0CPoFyeOJ
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E5F9 2 KB
2 KB 9ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 45477
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 08 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E5F9 295 B
319 B 9ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 79805
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 07 Jun 2021 20:37:24 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E5F9 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 03 Jun 2021 18:27:10 GMT
x-content-type-options: nosniff
age: 346820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jun 2022 18:27:10 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame E5F9 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 16:01:41 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 528349
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Wed, 01 Jun 2022 16:01:41 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame E5F9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

39ms
38ms

Image
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Mon, 07 Jun 2021 18:47:30 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H/1.1

204
No Content

i
dmg.digitaltarget.ru/1/7209/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc
https://dmg.digitaltarget.ru/1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc&q=scc

0
398 B

98ms
98ms

Image
text/plain

185.15.175.148
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc&q=scc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.148 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

Redirect headers

Location: /1/7209/i/i?i=63477510670384.193974168597403&c=tg:adcm_pc&q=scc
Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/1/6533/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/6534/i/i?i=63477510670384.829178408551381&c=tg:adcm_pc
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=63477510670384.829178408551381&c=tg:adcm_pc
https://fnc.rt.ru/1/6532/i/i?i=ws9ITexXluQEvIx7cJoI&c=tg:rds_6534
https://fnc.rt.ru/1/6532/i/i?i=ws9ITexXluQEvIx7cJoI&c=tg:rds_6534&q=scc
https://dmg.digitaltarget.ru/1/6533/i/i?i=346157001586998176822000000018433398&a=774&e=4GrBE6moi55F5555K8up

49 B
603 B

111ms
110ms

Image
image/gif

185.15.175.148
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/1/6533/i/i?i=346157001586998176822000000018433398&a=774&e=4GrBE6moi55F5555K8up

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.148 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 12
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Location: https://dmg.digitaltarget.ru/1/6533/i/i?i=346157001586998176822000000018433398&a=774&e=4GrBE6moi55F5555K8up
Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://fnc.rt.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=63477510670384.498316421312570&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xp...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=63477510670384.498316421312570&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:du...
https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

49 B
445 B

55ms
54ms

Image
image/gif

87.240.137.158
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.137.158 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv158-137-240-87.vk.com

Software

kittenx / KPHP/7.4.107424

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:35 GMT
content-encoding: gzip
x-frontend: front605108
server: kittenx
x-powered-by: KPHP/7.4.107424
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 18:47:35 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 41
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=63477510670384.65843821119107&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:dujkWswTRa5m1sqxgoBVZEhL.xps...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=63477510670384.65843821119107&a=86&e=5EFC831F6369BE602C0B828402C5A64C&c=ss:86.up:5EFC831F6369BE602C0B828402C5A64C.sync:up.xdua:duj...
https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

49 B
446 B

146ms
51ms

Image
image/gif

87.240.137.158
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.137.158 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv158-137-240-87.vk.com

Software

kittenx / KPHP/7.4.107424

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:33 GMT
content-encoding: gzip
x-frontend: front605108
server: kittenx
x-powered-by: KPHP/7.4.107424
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 18:47:33 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 32
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

request.php Show response
hal90006.redintelligence.net/ Frame F9B8
Redirect Chain

https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

3 KB
2 KB

237ms
119ms

Script
application/x-javascript

138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 65987f068d41b2c2bb4cf87783fcd3d971f6b39da8eb76a88163a92fd81ee32e

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 84571500244718400510390011618006
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1075
Expires: Mon, 07 Jun 2021 19:47:30 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 07 Jun 2021 19:47:30 +0200

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3547 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZ6BKwWm-YLWIMp7d7_UPjfyw4AwAAAAAOAHgBAI&bg=!QUKlQgbNAAY6sG-_OrA7ACkAdvg8WoK6fBG22tuJq6kb_9ekpdHV2WkVhckhdzeN7POrRxL-clMjoAIAAAD7UgAAAA1oAQcKAJNBg-CXqEhc4WJTlcmv11GnPGI4TCu7r-3A9ERjZfwA1ZA4IA5rx4lTLzxTzNvzgC7N0eg_cMkAvQRa54Dqa7ePU0SlNkZR_lXEe_QsWX4u06OtZF-Qc2hhpAtzxki4kRtL61iJjGTZqVfjTxHol3MGwkdsvj7xAxGBiesnJ0YPCBvfc8mWBvNobP3mI_CfrJmN2OeZAt75fJBnkdPIg_uz5J9ukDFiPg54DeQHeNi9syIkBHO3IFVNWdhbHZvmSWRuNVm1YjGgrKPtOdP42S6k3O7-iJTyzOIdPzuoURvIYFlpzqUiYg3Xw414mYzfeAcZwgiPywDdNQbCjYba0RB_o42s3pRdV5GR1avh0S-hTHajvtiDq9kffR-QsVCEDxQmEFpznoa0N-TRaOyXankjKSuuEOK6WMPdOK33RmhP3VKWsaZ6zNDGtesoLmDCf2PjBqZ1dmV0l3cB_dqwmGN5BHmVCskm6OC3c4ZB9iWDPjx-0NE3H7uXHKKEK_JzzYMV3QPfn4FdBDmGj8w5KHYETS95xwjamrFQzbtFuJ-MaiizijA1pgcLW2sI788GpnIQdo5LiTSPSU4PKVCmHYowPfhhw8dqpJc9QPo4slWzVhb7GIl59P8UOz3xUFhnfLyygP2TA8CZKtirVfC2KMZsYzCQVsC3ZQ8iJLXwVdn8sTyE_8bCGhgBgwicMTeu7XN4RA28ZTzNJUvjOZpj2BPYOlXoa1W0KHd3DeCK5icWMRAVeN9fQeMAFx2VaOdmd1yaL6ssP7r1j8_M80Yx2ZaemhqXIx1UYKjWEq39jU2pvJa-SQIHhrS3WGb-uDhnbFrVchybfponeM8x1rhxCGiQ19c1t0uZ4YO45bxMUKd2e9_ObgpWIXj6KK4SlW_NhVMi4X2kr3TlGzHkmlBCiuCVIVYT85kj0Y7SOgGIbPWwLLoj9eFhQNzDyEwJDSGzdaFd5ppMr5cCmoz8nzTs2kEg7YL_5dZBm-_AqHqoV8Bv_zj7yJHYu7b6P3MaCHUwRvzWphyhFXcc3S6v-9WZFmtA_qTwL6dO1dM7IxNo-YcD332ljTPPvuVh_iGUv7WXRdMYSE-ghVrgiAP3Uzf63sGFxbp5KtSJ5RgUgqeePtK8vAQloAz2UT2I3FLrp_fXPYHkD76SVYWb1kdnnsrSfcXHSDDl_Q

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg Show response
static.tradetracker.net/se/material_image/02/ Frame 0CE1
Redirect Chain

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=84571500244718400510390011618006&t=html
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

39 KB
39 KB

68ms
24ms

Document
image/jpeg

2600:9000:2050:800:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2050:800:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91

Request headers

:method: GET
:authority: static.tradetracker.net
:scheme: https
:path: /se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; uf=gY0G4iKEZW20MjEnieBwJzFNeXRXTWpqbnRRNDlWN0pnaTdNRk5hU2VJN21XU3p5Q21TZjBydE9JWUtGV3ZFL0grZjlpa3FQMTc4eUFxeGI3ZVNiU0tGaUw4ZlNVVGlwb0NuQWhBPT0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

content-type: image/jpeg
content-length: 39656
accept-ranges: bytes
last-modified: Mon, 04 Nov 2019 09:13:22 GMT
server: nginx
date: Mon, 07 Jun 2021 18:47:18 GMT
etag: "5dbfebb2-9ae8"
x-cache: Hit from cloudfront
via: 1.1 e6c01b53bf2aaa4769dfc1f3537efc04.cloudfront.net (CloudFront)
x-amz-cf-pop: BUD50-C1
x-amz-cf-id: i1F-sn0pOzyevZZnxBXqrvTrJFgnx3m-szwBFK4WA0HSLlASGo-KKA==
age: 12

Redirect headers

date: Mon, 07 Jun 2021 18:47:30 GMT
content-type: text/html; charset=utf-8
location: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache, must-revalidate
set-cookie: uf=gY0G4iKEZW20MjEnieBwJzFNeXRXTWpqbnRRNDlWN0pnaTdNRk5hU2VJN21XU3p5Q21TZjBydE9JWUtGV3ZFL0grZjlpa3FQMTc4eUFxeGI3ZVNiU0tGaUw4ZlNVVGlwb0NuQWhBPT0%3D; expires=Tue, 07-Jun-2022 18:47:30 GMT; Max-Age=31536000; path=/; SameSite=None; domain=.tradetracker.net; secure pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; expires=Wed, 15-Sep-2021 18:47:30 GMT; Max-Age=8640000; path=/; SameSite=None; domain=.tradetracker.net; secure

GET
H2 200 / Show response
ti.tradetracker.net/ Frame F9B8 454 B
1 KB 259ms
107ms Script
text/javascript 108.128.9.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=84571500244718400510390011618006&t=js&wid=tt-55ad9c
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.9.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
Resource Hash: 00ef149724afa6ea5ba5ab1d024e310ba4034ac5672367212203c56e92eb1b49

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:47:30 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=utf8
server: nginx
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal90006.redintelligence.net/ Frame EC71 6 KB
2 KB 191ms
64ms Document
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=3d64469cc5&subid=&uid=75d21db7706b8061&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCifYdwWm-YLXZE8aKjuwPqNuCiAmVsMG4XKm605-rDPAuEAEgtKPufmDxrfyFpB_IAQmpAr-nEbyScrQ-qAMBqgTdAU_QikLNwEoV0xplT-ujFI2EVBP356CYGEaJMMhCLrwGAVcE2hWXygd1YzxOtIMDT3FGRMGZBvYjS_2hIZUN7BbbsKRTW4ogR2_5cTuM3sfmtlLuLi-TC9LzUzyKpEPLxlbdGJqeHjwgb-P7DX9xouAPpgwxP_LLYWi6aPS5wxi4Jflti5fxGERUZPrpAsfsRP91YVsqzYQSctld5R1WNldILvG9A3g4pNJ7wnAIEVhxaFRR8V8ceXVCUYZFijWt7xofWnahQPR6T0-PQ6tt-o4ay_rrAoRhFalvtbRZwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwPYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo8w-VSfQr9gz6rRgaPdpdzEvBNmcTSJ_YR5WL4WocUJhir4nni7trvNy1bIO3WQCqsyBCEKHZ91oI2U0%26sig%3DAOD64_1Kmn7ULqygNRcIZjmVtqVCu5WTsA%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-Dy5A_Cu_Oih_x8tq8wO6UV0T0EVSIMx0j8cIWY4BmdZGy22a6CIQJFTRCXEUrOi6TEiZlbFPHd1A5TtR8sQ9pnGor40b6nMJfKVcp26IvaxBbhddFbbc6vnZE21ujIlAhvqQqh_olhn__MAge4KwHzpqAB3A%26cry%3D1%26dbm_d%3DAKAmf-BJhe4yK9TAdTxYM3AY9IKzqEacw77m-hJgkQ7nzIkeQ6OpMyWWHIplq48EAU01JD_Azz34QCjk-uryq8dg_8ZK5BKuBUcr8jObD6PsE6DivY6h8EEErgxo7MWs-94dRVnlxPckOdh8hRZHcHC1V5uSTX5efKW3uSzmfQsDkFB7GVY8KQM-I8yp5BshtErtNl-6wrZFHJ_rFdahPKyNFbOHvyYwHhMBvRNRlvino7lmJPZIkPMDe5gPtWE95R8XaMOC_m1iAaWSq4XRav5YKfSaGJOgkZNY5QbdMyIt93jG5K-9nm4fUra3H_NmS-EgvFtsodltwlSAJ342pnm-nb2UpLt3upnvcuVY2gSL20xXyqPqH6O_h5cT6HluWrI_FVA_oGxuA3EESJEHMQzs-BmaVrCmWkWPIklDapEpCsZxv_2BM-tGq_lH4CWHe_7D8w991sQw%26adurl%3D&documentReferer=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4449965989808&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: adc9c8c77dfcd5a0568ba20e906b4b64bd2d7a92177ed05eb0f189895d10d12e

Request headers

Host: hal90006.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=9f6cd03d3b188763
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 07 Jun 2021 19:47:30 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1823
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

cshow.php
www.zenaps.com/ Frame F9B8
Redirect Chain

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=84571500244718400510390011618006&pv=1
https://www.zenaps.com/cshow.php?pvr=d04a9891-c7c0-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=84571500244718400510390011618006&pv=1

43 B
704 B

197ms
86ms

Image
image/gif

104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zenaps.com/cshow.php?pvr=d04a9891-c7c0-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=84571500244718400510390011618006&pv=1

Requested by

Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:47:30 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

Redirect headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.zenaps.com/cshow.php?pvr=d04a9891-c7c0-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=84571500244718400510390011618006&pv=1
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame F9B8 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99f7e03586054bbb9fb218086a118e80c7069808b2de130203a2301e43fa0761

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB69 42 B
64 B 50ms
49ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsupzlcvmL2jBOIb2tac6Onnc9ftnrAewcH01U6jOJlIzSfU1o7fhqI3eaxjkKWj52VarMZgVOeXgStA9jdijZghA6CDSDH6mp0YTcwkm_W_4_ah&sai=AMfl-YTo0tAsPFuJgBmGfGRrxHXF14clYWnHvkxsSNpRKWETWSultkCvW0JZgTgjWaWjo8GVTgvSca9sGc3oz-LsBylUQ_Bk7UiC17gAEX6Jmf4UQzO3JKILs-FW6DF7JmU&sig=Cg0ArKJSzJnpqi3zkHvFEAE&cid=CAASPeRotQDoj7PmLoik_MoM8qh7jPXt-j-sRrgxK8RVgNFPUDe852hUqdMHvQTjNZB2agdj_qjkui7q4R0UB7s&id=lidar2&mcvt=1034&p=900,315,990,1285&mtos=1034,1034,1034,1034,1034&tos=1034,0,0,0,0&v=20210604&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1836978441&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623091649371&dlt=64&rpt=48&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame EC71 4 KB
648 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:29:18 GMT
server: ESF
date: Mon, 07 Jun 2021 18:47:30 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 18:47:30 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EC71 18 KB
17 KB 190ms
63ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55483/creativesup/Teknikproffset-SE-1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 60b7b64a9d046a3c690b611787538225a5999589ddd63646858f9bc13d6ffe75

Request headers

Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17601
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EC71 13 KB
13 KB 190ms
64ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/53597/creativesup/Native1-1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 422d60a12cc30c6f36e9abea756b85533e867779649dd77e30ff1ad89219ac2b

Request headers

Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13535
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EC71 16 KB
16 KB 190ms
64ms Image
image/png 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55313/creativesup/native_1200x627.jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 645e55d6759b77501d91c0a0dca3a539426b16edd6ed55dec18d3ac46b700c9e

Request headers

Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15842
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90006.redintelligence.net/ Frame EC71 0
150 B 191ms
64ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=84571500244718400510390011618006&a=1702957e&vb=m
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Lingenfeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal90006.redintelligence.net/request_content.php?s=84571500244718400510390011618006&a=06b1a588
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:47:30 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame EC71 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal90006.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 09:02:48 GMT
x-content-type-options: nosniff
age: 553482
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 09:02:48 GMT

GET
H3-29 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame EC71 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal90006.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 00:05:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
age: 499322
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
expires: Thu, 02 Jun 2022 00:05:28 GMT

GET
H2

200

5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
static.tradetracker.net/se/material_image/35/ Frame F9B8
Redirect Chain

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=84571500244718400510390011618006&t=html
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

72 KB
72 KB

21ms
21ms

Image
image/png

2600:9000:2050:800:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
Requested by: Host: 9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
URL: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2050:800:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:46:49 GMT
via: 1.1 e6c01b53bf2aaa4769dfc1f3537efc04.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 12:05:20 GMT
server: nginx
age: 41
etag: "5f4e3900-11e3e"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: BUD50-C1
accept-ranges: bytes
content-length: 73278
x-amz-cf-id: LDC4OW4ZCLXxmz9GNi1xM3vfTMlcl7ZaGbgkmbSQHPf5qN4tkrYjMQ==

Redirect headers

date: Mon, 07 Jun 2021 18:47:30 GMT
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
location: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
cache-control: no-cache, must-revalidate
content-type: text/html; charset=utf-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_oe=ChMI69nQyZeG8QIVgql3Ch3LFAL2EAAYACDHg4ZIQhMI5L6qyZeG8QIVcRWLCh3OfAZY;met=1;&timestamp=1623091660130;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame BB69 42 B
498 B 202ms
88ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI69nQyZeG8QIVgql3Ch3LFAL2EAAYACDHg4ZIQhMI5L6qyZeG8QIVcRWLCh3OfAZY;met=1;&timestamp=1623091660130;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:47:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mksa.top/	1970-01-20 04:13:07	Name: __gads Value: ID=b24a6978230dad5f-2286965a5ac80015:T=1623091648:S=ALNI_MbJiF3dMZLNnvw8n9uHoGnrSv0SJQ
.mksa.top/	1970-01-19 18:52:58	Name: _gid Value: GA1.2.355166031.1623091648
.mksa.top/	1970-01-19 18:51:31	Name: _gat_gtag_UA_193456449_1 Value: 1
.mksa.top/	1970-01-20 12:22:43	Name: _ga Value: GA1.2.1775865527.1623091648

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://sci-hub.mksa.top/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9cdec375f2f0015549654098818824ee.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
cdn.ampproject.org
cm.g.doubleclick.net
code.createjs.com
counter.yadro.ru
dmg.digitaltarget.ru
dsum-sec.casalemedia.com
fnc.rt.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal90006.redintelligence.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
lh4.googleusercontent.com
optinder.com
p1.ntvk1.ru
pagead2.googlesyndication.com
s0.2mdn.net
sci-hub.mksa.top
securepubads.g.doubleclick.net
share.pluso.ru
static.tradetracker.net
stats.g.doubleclick.net
tag.digitaltarget.ru
ti.tradetracker.net
tpc.googlesyndication.com
ut9.rktch.com
vk.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.zenaps.com
img.sci-hub.shop
104.111.239.217
108.128.9.52
138.201.63.164
142.250.181.226
142.250.184.194
142.250.184.226
142.250.185.130
185.15.175.137
185.15.175.147
185.15.175.148
2.18.234.21
2600:9000:2050:800:1a:7c92:efc0:93a1
2606:4700:3033::6815:35c2
2606:4700:3034::6815:9e6
2606:4700:3035::ac43:c8d3
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2006
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a00:1450:400c:c07::9c
2a00:1450:400d:80a::2001
2a02:26f0:6c00::210:ba1a
2a02:6ea0:c700::2
31.131.252.94
37.200.67.211
37.252.172.37
87.240.137.158
88.212.201.204
88.99.219.174
89.108.97.2
00ef149724afa6ea5ba5ab1d024e310ba4034ac5672367212203c56e92eb1b49
026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5
0a60cc555878ad99db4a8b33e136ab7f3065aae78b17e358d11e6b765b217a97
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
20114d3ca9c2bc9b1f6d86f7fc195fb112ee03b69745477cb34a07b9e58b25ff
229f7b74c1efcd2b5cbe48f985964c1d19e34a741c79d3e66c5802a8ae166fb2
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a
2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2
3287bfc1cf898266141a34b341c6d9530d16bb3cb635d79b7a9958dcced73c4d
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
3d05af03c43c1ce053a75049e363a61af92d11f1854b7d931607c9587ac7e522
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
422d60a12cc30c6f36e9abea756b85533e867779649dd77e30ff1ad89219ac2b
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f0d3c0dc38073f9d61f23e085f07c4d0aafb51a8f1402c7c0d1ffcb40217225
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91
5be0e304429cdb17099bd1062871bb23a3e2771d6a369d835f739670d4514e50
5ee37f2eb2e2e7747c0c5272ce10cfad317aadcd93ec489f7db09fcf89e5795b
60b7b64a9d046a3c690b611787538225a5999589ddd63646858f9bc13d6ffe75
645e55d6759b77501d91c0a0dca3a539426b16edd6ed55dec18d3ac46b700c9e
64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b
65987f068d41b2c2bb4cf87783fcd3d971f6b39da8eb76a88163a92fd81ee32e
668c7eb47694674a6c9600e445c4462cf2646210da24724cd8cec0695757d9a1
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
79dab61d69cc249b4e00d000dad4bf62c6f2abf72f8ff2c0b3405b6601ac56e2
7a6696836d24e49b953eac6fcc02aaf3187a75a30ed6a11dee8e053c54200386
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996
84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
99f7e03586054bbb9fb218086a118e80c7069808b2de130203a2301e43fa0761
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a543779a9171b1861eca85108fc01a5bfa5426d5da2d64c9ee4bd2c9638eb5e6
a6ed0a3a8121db259b58801ca8940e19e16449ce982277a66f40dadad396c5ff
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482
a8d6471084afda8dd4417cd7c06ec72310feabc31ba3cd52d978dc0bfbfbce59
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f
adc9c8c77dfcd5a0568ba20e906b4b64bd2d7a92177ed05eb0f189895d10d12e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bd9c64f77f73813eaaec9b9c3ea5c41cc717df4dd9abbfe76a8b4a439a81eef6
bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0b3850a417ef733c6acaff02a3311c7ce9a5b7ee55d2cd76d8c7f1f661bcb20
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c
fcd5c5f96228d339caa9724ec264d9580f132483733794c499e2253f5d08b985
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

97 %HTTPS

56 %IPv6

29 Domains

40 Subdomains

40 IPs

5 Countries

1908 kBTransfer

3556 kBSize

4 Cookies

4 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

97 %
HTTPS

56 %
IPv6

29
Domains

40
Subdomains

40
IPs

5
Countries

1908 kB
Transfer

3556 kB
Size

4
Cookies

144 HTTP transactions
3 data transactions