sci-hub.mksa.top Open in urlscan Pro
2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On June 07 via api (June 7th 2021, 4:07:34 pm UTC) from NL

Summary HTTP 127 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 39 IPs in 6 countries across 28 domains to perform 127 HTTP transactions. The main IP is 2606:4700:3031::ac43:d9f7, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3031::ac43:d9f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::6815:9e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
4	37.200.67.211 37.200.67.211	49505 (SELECTEL) (SELECTEL)
1 2	88.212.201.210 88.212.201.210	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	50340 (SELECTEL-MSK) (SELECTEL-MSK)
15	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
3	185.15.175.157 185.15.175.157	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::10	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2606:4700:303... 2606:4700:3036::6815:15dc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
7 9	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	185.33.220.244 185.33.220.244	29990 (ASN-APPNEX) (ASN-APPNEX)
4	138.201.64.38 138.201.64.38	24940 (HETZNER-AS) (HETZNER-AS)
7 10	185.15.175.130 185.15.175.130	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2 2	185.15.175.137 185.15.175.137	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1	87.240.190.78 87.240.190.78	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
1 4	78.46.111.106 78.46.111.106	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:802::2006	15169 (GOOGLE) (GOOGLE)
2 3	108.128.9.52 108.128.9.52	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:215... 2600:9000:2156:3400:1a:7c92:efc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
2	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba2a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
127	39

2 2606:4700:3031::ac43:d9f7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::6815:9e6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.200.67.211 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.210 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host210.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.157 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::10 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 (^_^)/, GB)

p1.ntvk1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:15dc (United States)

ASN13335 (CLOUDFLARENET, US)

optinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut9.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.220.244 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.64.38 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.15.175.130 (Russian Federation) 7 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.137 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

fnc.rt.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.190.78 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv78-190-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.111.106 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.106.111.46.78.clients.your-server.de

hal900027.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:802::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.9.52 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

ti.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:3400:1a:7c92:efc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zenaps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	123 KB
22	doubleclick.net 7 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	187 KB
21	sci-hub.shop img.sci-hub.shop	576 KB
13	2mdn.net s0.2mdn.net	162 KB
13	digitaltarget.ru 7 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	26 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net hal900027.redintelligence.net	57 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
5	tradetracker.net 2 redirects ti.tradetracker.net static.tradetracker.net	113 KB
5	adnxs.com 3 redirects ib.adnxs.com	5 KB
4	pluso.ru share.pluso.ru	27 KB
4	google.com adservice.google.com www.google.com	929 B
3	googletagservices.com www.googletagservices.com	102 KB
3	kitbit.net kitbit.net	2 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	rt.ru 2 redirects fnc.rt.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	mksa.top 1 redirects sci-hub.mksa.top	7 KB
1	googleapis.com fonts.googleapis.com	752 B
1	createjs.com code.createjs.com	48 KB
1	zenaps.com www.zenaps.com	704 B
1	awin1.com 1 redirects www.awin1.com	722 B
1	vk.com vk.com	446 B
1	rktch.com ut9.rktch.com	88 B
1	optinder.com optinder.com	562 B
1	ntvk1.ru 1 redirects p1.ntvk1.ru	381 B
1	google.se adservice.google.se	799 B
1	googletagmanager.com www.googletagmanager.com	35 KB
127	28

	Domain	Requested by
21	img.sci-hub.shop	sci-hub.mksa.top
13	s0.2mdn.net	sci-hub.mksa.top s0.2mdn.net 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com sci-hub.mksa.top googleads.g.doubleclick.net 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com www.googletagservices.com
10	dmg.digitaltarget.ru	7 redirects
10	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com sci-hub.mksa.top googleads.g.doubleclick.net 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
9	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
6	securepubads.g.doubleclick.net	sci-hub.mksa.top securepubads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	hal900027.redintelligence.net	1 redirects 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com hal900027.redintelligence.net
4	hal9000.redintelligence.net	9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com hal900027.redintelligence.net
4	googleads.g.doubleclick.net	sci-hub.mksa.top 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
4	share.pluso.ru	img.sci-hub.shop sci-hub.mksa.top
3	ti.tradetracker.net	2 redirects sci-hub.mksa.top
3	www.googletagservices.com	securepubads.g.doubleclick.net sci-hub.mksa.top 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	www.google.com	tpc.googlesyndication.com sci-hub.mksa.top 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
3	kitbit.net	img.sci-hub.shop kitbit.net
3	9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	googleads4.g.doubleclick.net	sci-hub.mksa.top
2	static.tradetracker.net	hal900027.redintelligence.net 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
2	fnc.rt.ru	2 redirects
2	counter.yadro.ru	1 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sci-hub.mksa.top	1 redirects
1	ade.googlesyndication.com
1	fonts.googleapis.com	hal900027.redintelligence.net
1	code.createjs.com	s0.2mdn.net
1	www.zenaps.com	9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
1	www.awin1.com	1 redirects
1	vk.com
1	ut9.rktch.com
1	optinder.com
1	p1.ntvk1.ru	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.se	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	sci-hub.mksa.top
127	39

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.se GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.kitbit.net Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
ut9.rktch.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.tradetracker.net Amazon	`2021-01-21` - `2022-02-18`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 2B93DAF838B0483BEA099A6BD43BEB58
Requests: 57 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: CF11973E6F08CC8E2B40D3567628E0E8
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D8D724AD77DFAB5F2A2BDA98A81A2561
Requests: 1 HTTP requests in this frame

Frame: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5FF93FDD003AC3160EF36BE26694DBE7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ
Frame ID: 85AFAC312460CDB80ED63C46FD042070
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMzpUciR5ZXPZnK2-8HuhnyhxPeNKa8cMjDAZ99IfdCNTfnideqSgk0vP7MGYRajex5y8qbEsa23eL_1T7CkxAFI4PvXInQdB17fUdKRcllHBplJKTF894d6vlfLKDgPH6o89BRSZo-CG3jwwF9J1uKjVhSA&cry=1&dbm_d=AKAmf-B3Hnk3NPScjmz5iCtbbVwTFAqwIowNfe6iV5O7QCOWBPJUlNtR6h_XIpvO98KtMPf_s6DKy_8X_o6waHXYjrJX_J6r2tAXTaAI8b1Askkbv5S8hqXUEeUtPWe1JbwDs1yjUMhF9WA9EwCOgqbC6I2rBLGj2Q6pN3JAvgvY1BldSvH7-Cx0HpzttWpVdQay1_CzfUWIfCfG5U0D7NJOvCibKhAhZe-5b-yy4-DIF4bhtYmkXr0jL-Fa14oIdyD5LRnlvIuKPe2IgdyZ4Zc54RjEDR0Z3W-gThW4d73w6wNtIBYQML42MB6f4sNjSmlQE3XdxMqJYfKyXrwHFGNkmAmDjiK1ieNuXaerS_mr3-t5we45bsJ1trv7vvTZwVCPlQEi-jkWlDdVN1YpYFf9-UDTm9d-WZzPp3iZ5ADZhDIedVI-KpklrsMQayNtJxtEv2FjeunwmrtSZoniaQASf7GHWcUjhdfREVZsomnOK2IUcTjxU9r1YFAHShHWne4m1_sh1qh6UKFWzjXcz5fH4PBfCh1xfQLIYPYC65C7yI1lH_E6ojtzgp9wrQ6CUbCxd1VqCOLEWkb6o9MQYppXCuiWRzcLYYMEXGWd4NIntUHZJwmJm7w1p171yDIMB2ESk5G3eRphrUTdey1I5YbvFpgNmwLg4LjukfnkMqVlKm0uKXAvykTQjzgEnczWjvsPeB8u9Hr4O9hLQ-EGJvcCWqMoUfsSbTGqgNhgtBfs14WY5cTyoR99AKymR9IK4BtMNFL-gLFi4bODTrOffy7B7lDxj4dkGzsBE9lZQolg_VRxVdVnN4dEJQigHR1N4Z3uD9JzABCMXH7fwo7oSHxtPvhY2ErrROpKc4rzyR68e-b30kUwR02tdgW0pKqGvdgx4g2r_-iJBwCsocc9wd5rshd9tXnXpNc2sfUJnKGvzm809zWUNNZyiqDDd1tQMbTFWxHSsMDS8v7szOUE7w1KWk7Fr-uWwrKC_tOa1l5c6GcpqZWB-sczf0dCvFxylj8DrSyvhXLlw1ObA5y5V_kvZwp8ZsUzetIE-tsCTa9tgrrjkk1FJ9_6SpoTl-zBpEivkkERuBl-ElAxlHWDbvIe6GI9v3OW3lwKyxFP9ywNWHB3npJbguqNgt0S2CI_WNn9kUVr0OpkHqojoUVF6zsev3QcmrOPYfJfy5C4wYk411xIyjGZDRLkKObi7fafLqdiujKgKsOB2rr1xe2SYFTqbXoc-vC1MpJriOsxIGWAOQZxb9Zf70PCW_vLuSipLruzeypjx6XevwUMXK4X3dqIyPfPAYGzilarCYxGqbA5BFxnvb3pxvn2ELg6BM_dvXD4hcP2qSHeNqlXxm8PZVizQTSWUOG_8qRTAPX-2n15OuBxoxTleAcy6swyn_Y5nP-XnpIzAWgvy4enoZx0qEcxhf_lSqPOrSFGjrR0SkO7OzSsGkc_CVrbBWbHZKp42LOPs8uo3g_2cnMijUOsuhvOuyvPGCPXIiOSB5cfm1g23mRAdAE7xoeBoSBraFD_7L-ulic1IsBuqqLTpZDbyn1i9gNMZVqcrtfB3nhXINtJrExEbGbde32zRlcTwq9u3M87fA4QZTMvHBX6oYB2gbR6fVHcTGyVzXYExH21HrUC6_lsDjqu3VTvzXB8b7PF9fOzI9ihlVsr9AV6iic_5hqISg0ZO4fKFtKK_zrGSs42qA6CiW3R182KUwLD6tArpAxLfRgPnTWber43Y8J8evHzQcLqP5leeIYILmk0kR4vgK2GXY5py_afl3bDdkjWbG7F7udpsFsAOuDUQ7oj005WgmmgkNmBOAEs3MuE-IrjhWCjF2mdqPBXJaMQUsWihbV5yEtHvcq27019Bv-MA1UXDxUqoTM2UK0iN3Y15ejOJ_X2CzrqWd-kVE29U3u09m9AAcxwrREs1odIO01iOVnmzzwi7ZHf3n24_s9IEj3SgxDT8wdLPbEkFY2dHC6U0zH1bF1q7NkCglr9ySmrmPuxHyxxzEOVOQrQyX4ismQu3ApbbZZUhh39yxmw-RzMfhaFO200hKSviCdbAZBVKHut-rex0G88CTcaqFvzXfCb-EOt-O4fX7oEANP8CkWAS58Z9Q9XcuwSrJLykBXVENJD206FfC5nh1i9PwJqFTfjZVeL-MxS4_vn_NIk7NnchAtucRkw9caz68dpKIRPXjJ0ixx7MOfcWvQZlzb6lEffQfCkhbg18j6Z1ibSYiiTdPE44svRlvG2oMkHMjwh1cH1KcL9lhLcpv04Ncy-RPOj1tEKJcUPMM-WVaXfntSuO64fKWGZZcG7begsSHYZErqqAS9i7SHt8MpV68rDw0rl1LlbxTtFLV1eSPC1CDkISsAMx1Ja9qvwkDpHvJj_HjzXQhtzcdGq72AJtULX8WTtAWWzwdhCls3lU_uFpMxKQJmfmjwZEycI0LFVeWB5jyO97VbAaGEGfHVREBxjcCirWjebXwVBnyhvYmHkLBQgYoaRvAHPHKkjY30roFoAK36T-gTx5x-tZIue6tdTTdUpEovykV0f_bQuAem-03Yd9RWnjM0VOmp58uKLZKOJ-5cqBQDAda0nl68ZutJmLIbH8JKXZTtWPL7Ldwl8SLnOS_LLMR5-JUEJOI0L_wUw5rAf5FiBH6GO5Z_9kNmzo69_982gFfX44O5STeo_qz8fM6k1GBdmzGbuYoNmKPw5ZdWPapq_C5K1MQdlbG51AoYKz31g6y_ZBnC4KRpVACLk2hW7bdK0XsDuePS75YGbNrJJTbSS9jSMSe3dCfidN3rFqLz7LBxhPXl2MpMWGvd0T_64l0KUJjPgONacwXPNiE6XTgjV_GAw7braHEDAHZN3-8EiM0-BlaYQhwuJTk0O9kkJf41oOK1c9suRAqe1CnZzuRFba3v_yJhdrrVe5ypqGWGdVkcX3LN0i1XFfynT5EU5mlllpeYP0lURvYugOj3PbamXL8lKaE2ad9rrb2as45MNOpvCH4ycBPRApvsQEkxf2aXm2E3-8GKYcY7ruzoq9KIgAdWSM1Ztv-PRASF4vHyptzwK9Z3tUXzPNM-qXBAPG9mFYApKtfPHSd9zCUcNKQTUCExZllassBX3ZPRC_tnlZNVdvkZqwSXzXmilQ4SK5Rz6tb0hSIo9zzWXk9Jf05ZS01KthVKzvsy588EsY0MIJSlMwPzJ326OR7h_f1xiufaiclyRZd3AT9CocC8gOsTQQvDYbILRlUpxKCXMcnP1BRv8pqHLLGCNzMrwIvb8ZOGnupZH&cid=CAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240
Frame ID: 85F96DF7FF543EAACF895D9F01EB77A9
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C9F63AF8E108FB506017010147A3230A
Requests: 3 HTTP requests in this frame

Frame: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7C1E9F7926CBBC89DA7570FB0AF4D844
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4
Frame ID: AABE2B3C5DC942727C93E71B664CE179
Requests: 5 HTTP requests in this frame

Frame: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Frame ID: D46132088F483ABC01E0E3E77380BD48
Requests: 1 HTTP requests in this frame

Frame: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Frame ID: 75EA558855626DA1AFC5998F7D0B6830
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A7A8BBFFD8646F1249453E534AF4624B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Frame ID: 88134048E6A92755DD50E126972E9D33
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

127
Requests

97 %
HTTPS

55 %
IPv6

28
Domains

39
Subdomains

39
IPs

6
Countries

1518 kB
Transfer

2880 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Request Chain 49

https://p1.ntvk1.ru/nps HTTP 302
https://optinder.com/cro

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1&C=1

Request Chain 63

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5ENOa7KE7lhpg9CUcbygAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1

Request Chain 64

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkIB14ybDX0wsiuhrwSdMI&google_cver=1

Request Chain 65

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

Request Chain 72

https://dmg.digitaltarget.ru/1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc HTTP 302
https://dmg.digitaltarget.ru/1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc&q=scc

Request Chain 73

https://dmg.digitaltarget.ru/1/6534/i/i?i=279250062751501.196953136462636&c=tg:adcm_pc HTTP 307
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=279250062751501.196953136462636&c=tg:adcm_pc HTTP 307
https://fnc.rt.ru/1/6532/i/i?i=b0sVmGHXg2.ewfx7bkLq&c=tg:rds_6534 HTTP 302
https://fnc.rt.ru/1/6532/i/i?i=b0sVmGHXg2.ewfx7bkLq&c=tg:rds_6534&q=scc HTTP 302
https://dmg.digitaltarget.ru/1/6533/i/i?i=857954001618453759842000000003184246&a=774&e=UZoUbd1qGFu05555zB8V

Request Chain 74

https://dmg.digitaltarget.ru/1/1086/i/i?i=279250062751501.188843013673215&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.xps:xps0NQStf2y5aNy6pFZFGAkbw.xga:GA1_2_1077189628_1623082036.xgid:GA1_2_309786803_1623082036.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=279250062751501.188843013673215&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.xps:xps0NQStf2y5aNy6pFZFGAkbw.xga:GA1_2_1077189628_1623082036.xgid:GA1_2_309786803_1623082036.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=crossmedia_ddp&google_cm=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4 HTTP 302
https://dmg.digitaltarget.ru/awg/7162?a=155&e=CAESEC2ob8b64SI3c1973wuu6cs&ver=1&google_error=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4

Request Chain 75

https://dmg.digitaltarget.ru/1/1086/i/i?i=279250062751501.352836335038725&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.xps:xps0NQStf2y5aNy6pFZFGAkbw.xga:GA1_2_1077189628_1623082036.xgid:GA1_2_309786803_1623082036.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=279250062751501.352836335038725&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.xps:xps0NQStf2y5aNy6pFZFGAkbw.xga:GA1_2_1077189628_1623082036.xgid:GA1_2_309786803_1623082036.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

Request Chain 76

https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 89

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=83744900145930800510390011618027&t=html HTTP 302
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

Request Chain 92

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=83744900145930800510390011618027&pv=1 HTTP 302
https://www.zenaps.com/cshow.php?pvr=6e6da7e0-c7aa-11eb-8847-692d0cc96476&v=12846&r=566725&q=389131&s=2636829&viewref=83744900145930800510390011618027&pv=1

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1

Request Chain 95

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5ENKoWVko.g-VfzaPiHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1&google_hm=2

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGSVSGkNiSNwhXD-dlKo74g&google_cver=1

Request Chain 97

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

Request Chain 106

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=83744900145930800510390011618027&t=html HTTP 302
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

127 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

29 KB
6 KB

686ms
667ms

Document
text/html

2606:4700:3031::ac43:d9f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab

Request headers

:method: GET
:authority: sci-hub.mksa.top
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
expires: Tue, 08 Jun 2021 04:07:15 GMT
cache-control: max-age=43200 no-cache
x-cache: MISS MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a88d37e8b00004ac2dc372000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=f2TwfXdqNPn9hY9Iq9wqolQQnd1FcvRxoWLLrfzQwQOlNTsBbNePYIsimMPf5BxFfrje%2F%2Bt9XAh2fUQJlHnmdx6CGZ531IGv8QFOkvKx8pRn%2FbuPk0YPthWs8iObBTKRUZY5cW1LUK%2BZVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65bb21ddabdb4ac2-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date: Mon, 07 Jun 2021 16:07:14 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 07 Jun 2021 17:07:14 GMT
Location: https://sci-hub.mksa.top/
cf-request-id: 0a88d37e5e000005d8ad38e000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JsjI1lQaFqLXDUBMD%2FTBXi08UAFHV0U%2BSsYrl8nybv7sWjgeeQTYE3fGV03eA5UJT2dV2XyJ2cE9jntWkGngu02%2F8PKbO3tLkNLFU0mKy3YjrRWqQSa2oZlYhjNCHE7uY9fBntqoowY%2FJw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65bb21dd6c7a05d8-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
29 KB 67ms
52ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a88d3813d0000325009b1d000000001
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
etag: W/"5c00bb7c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WegcATOUHklVAXO3yWimMFjvk3EM1%2B9KqPYLonpZBG5ERBkU%2BpofyLjpPkYC5G%2Bi%2FF8mGVy6y4N%2F%2Fr760lAbZ0STsj1h7xyw0GvnkMYdnLVLC9yrS3Dr1QgAPkoKvliijhaUwSI9ybEoGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bb21e1fe573250-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
63 KB 71ms
57ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a88d3813d00003250e28ba000000001
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
etag: W/"5c13665c-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KdhC9VFG3nYzymz197D5DD8ALlTbBJJWkdwoSaX0jBqZF4URXyGhE2Vj0uBA2QA0%2Bi8e2XJHdONyMKJXep14LbOueb%2BHXQoAIs3lhMO9CyGlzD1QzASk5ITXAkRqEPI0RetEQX%2BqBabwTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bb21e1fe5c3250-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
22 KB 66ms
51ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a88d3813e00003250f2b3c000000001
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
etag: W/"5c00bb8c-1798d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zeGQZ0hHJUiAsOtdqC9Dl%2FJ0CwrLnXYyubazk%2BRsbs1Lrg2%2FklCTFp%2BT%2FF4Puqo4o6EIOBORpFKNIhqc2cYHXVwWcF%2BHg%2F0xnwztxyR8fzwyKagzr0HTGAHQA0eOZO2giDTyNzqGRyfhvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bb21e1fe5f3250-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 26ms
17ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22275
cf-request-id: 0a88d3818100004e19be34f000000001
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=x7KhQ9h03hvsbS0RHs2%2Bgu57ruX30xLeUqF2sipTN3zaX%2BKk3NuCD6b0PRWLCp0umtrf519c8Wk5eRLuhCwKDNS7KOIwXTP4qOKkBuE1MMuCoSeOV%2B%2FGLtakZIiVj5OTKiWF2o%2BmlFkJ0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e26ff04e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 16ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203599
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8428
cf-request-id: 0a88d3818700004e1982354000000001
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Nz5Ch0n4oXYYEIZMXNEZ1%2B7eJg%2FJSCuIBbitoJVkY9NDt00RDsK%2FlqLIZPBr9Y92CE6nPLNKbiRFwiiO9kEDI7oMgisO656ONxV7HxHDlbkDaMZ4zRz7AG90D2vGS3y%2BfoQEHF6%2FOTk3cg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e278074e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 169ms
57ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

031de2ba14934fe6c993c486fe0a30a18a8fc69066cf1efbcc4162adf6f32edc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "895 / 949 of 1000 / last-modified: 1623064273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21372
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:15 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2695ca5607e292c0f855af86ab3e21355d07c577f69ad84c17480f9845c9886

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35964
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 16:07:15 GMT

GET
H3-29 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 16ms
15ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 188646
cf-request-id: 0a88d3819800004e19c6202000000001
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=PKnAeaiHs5x8E0OG1SQm5aJOzvAqpJVJ0%2FOAuu%2FO%2FbWvRF69KlAakF149zC9WgUEV7FR9i4ETrhDhJvoI%2BR1A5tWPYZvNqx116YxTACVkHmc13%2B40jSffPnPER2TMM7GYKF0pec30l9CMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e288584e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 16ms
15ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 14556
cf-request-id: 0a88d3819f00004e19a8825000000001
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vaCwBcY4titI1k6tNN7BBGjLQAXgHs89K3%2B%2ByXobkZPEYbn1j312yoIDn8h85pLxlqZv0JmRD15qXyJUZclMHLcBupyoC4w5y%2BhKk3dC21r%2FOZyjVySpolJOWbahIohSxWgwKck1VoqbMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2987a4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 16ms
15ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 60144
cf-request-id: 0a88d381a000004e19ae925000000001
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0i73Z3e2pcnzDYzVReOUY0dm5gL4jLNqV2RvJVcuvfvrqolOK1OaRspMaNMgPoNaYjK1tJb%2B1549LMloDpC753Wvw6ISJT%2BwwyyidHGzdsY0Ozyl3YzpkPSTUx1AiCX4n%2FlqonpL3%2Bv3FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2987c4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 33ms
32ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 55605
cf-request-id: 0a88d381a000004e19b9ae2000000001
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=I%2BYEMhm3k%2F7%2F3eQlgvJJ4H44G4lcSia4Nkxo5ZAZzoAALG%2B46ioJo5zR%2FcNZ9wpCgeNo4rOqLC6Xiwo1OD2joXfyqOWyqBtG%2BloHqt6%2F5zxfPGLXEuGlWhXL4tSPnn%2BW%2Fv9m9jO5GWyTsw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2987d4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 34ms
33ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3361
cf-request-id: 0a88d381a000004e197e0ba000000001
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=MkMB7Bfe1C6vTUmDJMRghs3R8og9th33Na3HkaZMnosI30KBe9x%2F8gu8bnQyfJTIDmnVAAZTFMpx7ohFMBfs395f2naPf0wxd3CCA2aTnUBJEoP%2FgE9Xi1UYd6P5za%2BmY0r8cJSkuYmWkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2987f4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3-29 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 18ms
17ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1068
cf-request-id: 0a88d381cb00004e1988a47000000001
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0Gr6Y%2FJyLNiIKhQwiK3xO72557oKJmBW%2F%2ByP8wc5A%2FgZyMwWDJLIz6M3FYsOtDUkiNEh6domHD5LBm2TNyDnCZjLq6Gsh4rbESYgfMIFsWqTqaGUZT6TeFePgoNuQMkRx9LZNRVu%2Fwec7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2d95d4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 25ms
24ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1087
cf-request-id: 0a88d381cc00004e19953cc000000001
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wXDmcAblIs%2BetcajqvuEAwvmJwSKEefvw0sf9ndiFbSuGtQ9JffFllhYwi%2FSFBTBHK%2Bo0c6zN3%2FTA0wmbCpgi%2BOJmlsE1XMFq2h5DhCgBxUDPu81X0uOmRE7RzLZsXYmXJNpXeOjS6kAww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2d95e4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 14ms
13ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1637
cf-request-id: 0a88d381cc00004e19e2342000000001
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gYJ4rDoDZtlCrxUWefO9PJ63e%2BSIx9nRErGkSoGY5Fwejj7gKPlZ71XtC9cGqSzK%2BYSm5UrkKrFh2qPcIyqbunrZ64iZzb0peBo0KxIOgMuAdIa6bofIB%2FHp4K87WBY60xFijjzEowoXJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9634e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 16ms
14ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3907
cf-request-id: 0a88d381cc00004e19dd8a7000000001
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XZTzad4WGks%2Bm%2FzR6LL2qU%2F4rlKM90snwdMCtIdkxkklz1ruPpTIaVMlOjYhf%2Fk8sB%2FY3YEE3HUQkv0W%2FhrNQnkwfaSSFLiR%2FwPw0SqWJyzc3j1Kisjv9MEkPiKfl6Q2CyofUDNMV1fUwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9664e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 22ms
21ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4278
cf-request-id: 0a88d381cd00004e19c33a9000000001
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GRJ3kfHrAfVBNMOR88J8zz0jpv39ftdtEwmlsMrUt%2Fr5CvIoiMVA2YROir51ClnvA%2F1duLDPfk%2BNlMUJiwwfvghzv3JbPP8Nu9SePLUnh9CPlNk0mmYjxyvVstAI6UQ32w2Pt0bdby2%2B4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9684e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 16ms
14ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51212
cf-request-id: 0a88d381cd00004e19d20f1000000001
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aLzOSy7izvN2BgIby7SE931iO%2FX%2FEXkrwho4x3vFXGv2JxtdNIdxZcQq29m86VxBDk%2BNCvM%2BMZ2YKAAUZUNxt3wxPOSl8QdeiF3169JFLI9uHhFoRf0OdHHDm3G5x9Wa6fWu7y7Sqp2hpg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9694e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 14ms
12ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6197
cf-request-id: 0a88d381cd00004e19b9ae8000000001
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=is%2Fu%2FSxDVQAZ0EcO5b9OFRGItrXzGaSlVqR1NbjG1AIyf7OTNIOOuYIJCdkDLAuN3Cq76My%2BOYGuMNpoFZgIWySJ2JD0zIQRLhQCmkTrHGA8lmV8%2BN9vMoJbdqkmAeP6%2BHqnVvh%2Fy5CgBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e96c4e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 17ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17834
cf-request-id: 0a88d381cd00004e198da98000000001
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mEPJmGwm%2BMU1bdcjevvheRtvp0ZSajzdznoqoFCY6PUL9oNwF1E1eelbFUuclGRmIY43F3L8%2BHTrX8CYzAx%2BpXfTabGTMXc0t4dOTrxQVzgs0uifHlfHFS2rYOkHvD3Wg4ZnxjJwg6ItEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9714e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 17ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5751
cf-request-id: 0a88d381ce00004e19e4036000000001
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wwyfT4YfPL3TYuwZpvUaqJugcQAGQzKJg%2FYySMIpOFjko77TLWsVl0XE0M1715nwE5hr24AkD%2FD%2BkOQEI%2Fc4x5AFi1MID8DTdZkch0ij2GCoDS7%2Bx53K1BGc%2BOAn6P8qdufqJm72%2BQwKWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9734e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 17ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4152
cf-request-id: 0a88d381ce00004e19be35b000000001
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=U9Y8bIbLzOr0FU4lOBAnqeBt93wCRUqWgQkxnr6CXg5iktJTUsqtgU2OAtDSWD%2BiudwOL4Vjj8wWJ6FDPf9w7bz5kYPso%2Ff1Yevr0hYDO5CjCwLpYgJ8W0uOMOj8ZhuZfpxhhFpgL%2BzHIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bb21e2e9774e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
12 KB 13ms
13ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 203598
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a88d3820d00004e19b9af1000000001
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
etag: W/"5c00bef8-a5cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=vAnh4uJXneBTMO%2BuMoGXGDW9aHJDr1uvq9KHcMjTfFqLYNQDTUMYa2rtVVfgwbdaKQl5xQ1ejkgL1%2FErynoH49%2BWV06OpF0EA%2BRtVxYQYueSEGkLrBrzSalNff6a2%2FVb3gBgsN3gKf%2FWLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bb21e34a724e19-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 3352
date: Mon, 07 Jun 2021 15:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 07 Jun 2021 17:11:23 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=494153630&t=pageview&_s=1&dl=https%3A%2F%2Fsci-hub.mksa.top%2F&ul=en-us&de=UTF-8&dt=Sci-Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1441341101&gjid=832011762&cid=1077189628.1623082036&tid=UA-193456449-1&_gid=309786803.1623082036&_r=1&gtm=2ou621&z=1941855590

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-193456449-1&cid=1077189628.1623082036&jid=1441341101&gjid=832011762&_gid=309786803.1623082036&_u=YEBAAUAAAAAAAC~&z=75258304

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 16:07:15 GMT
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pubads_impl_2021052601.js Show response
securepubads.g.doubleclick.net/gpt/ 311 KB
109 KB 66ms
65ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 May 2021 08:37:30 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111649
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:15 GMT

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
799 B 36ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 1225ms
1224ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786138421657961&correlator=1329690041355388&output=ldjh&impl=fifs&eid=31061161%2C31061224%2C31061340%2C31061200%2C31061167%2C31060839%2C44744170&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C970X90-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1623082036&dt=1623082036016&dlt=1623082035496&idt=495&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=900&adks=1836978441&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=970x-1&ga_vid=1077189628.1623082036&ga_sid=1623082036&ga_hid=494153630&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1757f4f4cfefa68975f860ed3c63cd5059cf5e6c253b1c645cd6e7f02522b353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7594
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 29ms
13ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 559ms
558ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786138421657961&correlator=1329690041355388&output=ldjh&impl=fifs&eid=31061161%2C31061224%2C31061340%2C31061200%2C31061167%2C31060839%2C44744170&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C336X280-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280&cookie_enabled=1&bc=31&abxe=1&lmt=1623082036&dt=1623082036020&dlt=1623082035496&idt=495&frm=20&biw=1600&bih=1200&oid=3&adxs=632&adys=1552&adks=2992418410&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=528x334&msz=336x-1&ga_vid=1077189628.1623082036&ga_sid=1623082036&ga_hid=494153630&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

31dc9d13919ae54f4824ea07adba6e6b884e44e66fc9a6963fe461fa68e6dcaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 2 KB
1 KB 134ms
133ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786138421657961&correlator=1329690041355388&output=ldjh&impl=fifs&eid=31061161%2C31061224%2C31061340%2C31061200%2C31061167%2C31060839%2C44744170&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623082036&dt=1623082036022&dlt=1623082035496&idt=495&frm=20&biw=1600&bih=1200&oid=3&adxs=426&adys=2192&adks=1528813087&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1077189628.1623082036&ga_sid=1623082036&ga_hid=494153630&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a087e9644a6325301e75687dcf929ded5d2668f70ab6560a93657cc37e869b67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1122
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 477 B
286 B 1298ms
1297ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1786138421657961&correlator=1329690041355388&output=ldjh&impl=fifs&eid=31061161%2C31061224%2C31061340%2C31061200%2C31061167%2C31060839%2C44744170&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-youtu01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623082036&dt=1623082036023&dlt=1623082035496&idt=495&frm=20&biw=1600&bih=1200&oid=3&adxs=430&adys=2192&adks=3809152490&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1077189628.1623082036&ga_sid=1623082036&ga_hid=494153630&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

7354d73896dc5ac80c527f778647f5c5c7cfe2947cbf8852f712df2eb2d66c9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
466 B 383ms
66ms Script
application/javascript 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=hCMtmVpRyqHvoeSh&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

379e88be5700f1422e0c12dce95da09226e19d6aa9ff2d3ab0e2c6138f7107b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:09:01 GMT
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 119
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
466 B 380ms
65ms Script
application/javascript 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=bZJEXSgAWfQC9NFq

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

379e88be5700f1422e0c12dce95da09226e19d6aa9ff2d3ab0e2c6138f7107b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:09:01 GMT
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 119
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
496 B

97ms
97ms

Image
image/gif

88.212.201.210
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.210 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host210.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:16 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 06 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:16 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 06 Jun 2020 21:00:00 GMT

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 411ms
93ms Image
image/png 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:09:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 382ms
63ms Image
image/png 37.200.67.211
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.200.67.211 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:09:01 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kb.js Show response
kitbit.net/ 1 KB
2 KB 206ms
68ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/kb.js

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

4bba00ec25175501a6453b554897c80aca080ef9c0956e4e39eef504fd3473a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:05:42 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+Q9aE5wstTouCAg==
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=21600, private
Connection: keep-alive
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 22:05:42 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 38ms
19ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c7211bb67e53271a12a14527ffd1d663756ed2ebec8605eead6ee03c0a1af22e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7688
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:16 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame CF11 12 KB
5 KB 15ms
12ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 07 Jun 2021 16:06:26 GMT
expires: Tue, 07 Jun 2022 16:06:26 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 50
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D8D7 783 B
764 B 18ms
17ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7d14e590fb12d85ad5144c25b358d288fdd4881dda24656cb0301a44e13738b3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bCuQ7etiTutAB7xkpJbaOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

expires: Mon, 07 Jun 2021 16:07:16 GMT
date: Mon, 07 Jun 2021 16:07:16 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-bCuQ7etiTutAB7xkpJbaOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame CF11 14 KB
6 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 10:09:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 10:09:50 GMT

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ 3 KB
3 KB 281ms
92ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: kitbit.net
URL: https://kitbit.net/kb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:16 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H/1.1 200
OK s.js Show response
kitbit.net/ 1 B
303 B 76ms
74ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/s.js?u=https%3A%2F%2Fsci-hub.mksa.top%2F

Requested by

Host: kitbit.net
URL: https://kitbit.net/kb.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:05:42 GMT
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 16:05:41 GMT

GET
H/1.1 200
OK h.gif
kitbit.net/ 43 B
537 B 144ms
68ms Image
image/gif 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kitbit.net/h.gif?r=&s=1600*1200*24&u=https%3A//sci-hub.mksa.top/&h=Sci-Hub%26kbuid%3D5EFC831FD643BE602D0BE78402828B4E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:05:42 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+Q9aE5wstTouEAg==
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 16:05:42 GMT

GET
H2

200

cro
optinder.com/
Redirect Chain

https://p1.ntvk1.ru/nps
https://optinder.com/cro

0
562 B

54ms
40ms

Image
application/octet-stream

2606:4700:3036::6815:15dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optinder.com/cro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:15dc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=w6rYimvWfGg%2Bp36rwyjdkh3IlfOS%2BtL2yZRayX5WsfqpIiMIg0Ojq%2F3ft%2FB7Pb6bpGy0HnLV8tBMxYyrJLNsBA2SZ0%2BHx3o8%2FJTHQdMUQqMiptOMt6K4aUNS0AEqEwtWtpn07TDK"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cf-ray: 65bb21e76a644db8-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
cf-request-id: 0a88d384a600004db8c0be2000000001

Redirect headers

x-77-nzt: Abk73BDg8v+B
date: Mon, 07 Jun 2021 16:07:16 GMT
last-modified: Mon, 07 Jun 2021 16:07:15 GMT
server: CDN77-Turbo
x-77-nzt-ray: vz8eFaNbKmQ=
x-77-cache: MISS
content-type: text/html; charset=UTF-8
location: //optinder.com/cro
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
x-cache: MISS
x-77-pop: frankfurtDE
content-length: 0
x-request-id: 1230045024-1-1623082036.342
expires: Mon, 07 Jun 2021 16:07:15 GMT

GET
H/1.1 200
OK sud
ut9.rktch.com/ 88 B
88 B 154ms
51ms Image
image/png 89.108.97.2
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ut9.rktch.com/sud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 89.108.97.2 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d50603.reg.regrucolo.ru
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:16 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 88
Content-Type: image/png

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052601&jk=1786138421657961&bg=!2Nul25_NAAY6sG-_OrA7ACkAdvg8WuGm33906NunKv6slgnyoQmuWal4mP8mLeG_TFfC7aN4eCJpTQIAAABcUgAAAA1oAQcKAOwk6Rq_OJBerYNWsmn-WIuFbabnZ0LwMKg1ho6TegcaDhJV_Hkb8Lm_SNmao-LCJ-7eneGIVC95DLUsZJhhaSRGBEe8nrjPpNgXgBMVUKctIMLwm_aZFsbeDX6RASLxOoaJfD-aKt-V9aOgyMSLmIRZzgtocZEsRFkeHqtMqMYDnS6z36YGRAHFSkVT41PwfTnsmbJa-QEuaMEBmmOUpTvMYnVUjM_2G0HWsa7-s0G22zm0PVAzCsR85YG_N6GNtgMh550SZkRQwl8MmA-g0zu9xhqIF-hBU8uJDu1Sgksrhzeh36OdKZQKyFSUfZkCQu22YNSyjihkuldX48_fwgdC5aJFan9GOxlAXqAnzZbVk-x7eBPcSQN_iioaLBSIXN-LchRYhvFegCvh381xCIo8azJ0H5R-890pzH0tgKOfAIl9g_Zrmov4aYBpN8cUQjznSkiT2Eb6DdtaZEZu6ldlmc2gHrgCgJEeN_4h57azP33Bmk1jJvzPjWPGF-Fluiwk75Q73QfGqNz8x1_51vwsVt_ywzA4JJ5dSoGfCSbGc3nn1c70KGVIUZAA_P3DMxgVV7K2elMpkZnzHcdPzOXUChM48XqdeKb6_3YfppZvfRpCElED5i9OS80h_pwnF8IZn6SeKMO9FDdhsuBtTwR0k-GKynKjuQheGAO4ihHZ7N5x54KfLLFu3xUoejnyion9gwfiB8hFA8gnfvOsDCYiQfc3RaV9_nkzwpHC_rzrj8I2EWCBxJUiptpOHGD9HCJEXHM2L7R0_Ff6biTxEeY25Jyriv59bjad6bYix4g-z3jwCNKOEGJUfLDKae7t7uew_0NGBSkNalzJVUXE6A7TN5znaKAa9GLSQG1bTCmefCmcVJ7Ca_wrOl0mJx0h-T2GpiRXhF3En7FNjrHMgA31VmAUXhmJ7OXBzlKBnRESRfSrak6R0v3KD-ybMB4_f22cMW9RBK7zC99bKImBM26QOZMBCVOBbpVpxAEbwSbu4YWUdVoYIQd6iNu24CicOP5idMgNnZ_B5t82g1vjNRoTHZvBjWRrplh4n5ggG8Hj5rfzwT5WvtFIX5gasuiWO8l7

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ 15 KB
16 KB 153ms
153ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=43334000178663
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:16 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H3-29 200 container.html Show response
9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5FF9 6 KB
3 KB 21ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 16:07:16 GMT
expires: Tue, 07 Jun 2022 16:07:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:16 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 85AF 624 B
591 B 17ms
17ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 16:07:16 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUkvUJ3FezmPLKusiyVe5d2vwjOtjxla8mDLsnSJalhj4hu0LJ3TknNPyClh; expires=Sat, 02-Jul-2022 16:07:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 16:07:16 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 85F9 24 KB
13 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMzpUciR5ZXPZnK2-8HuhnyhxPeNKa8cMjDAZ99IfdCNTfnideqSgk0vP7MGYRajex5y8qbEsa23eL_1T7CkxAFI4PvXInQdB17fUdKRcllHBplJKTF894d6vlfLKDgPH6o89BRSZo-CG3jwwF9J1uKjVhSA&cry=1&dbm_d=AKAmf-B3Hnk3NPScjmz5iCtbbVwTFAqwIowNfe6iV5O7QCOWBPJUlNtR6h_XIpvO98KtMPf_s6DKy_8X_o6waHXYjrJX_J6r2tAXTaAI8b1Askkbv5S8hqXUEeUtPWe1JbwDs1yjUMhF9WA9EwCOgqbC6I2rBLGj2Q6pN3JAvgvY1BldSvH7-Cx0HpzttWpVdQay1_CzfUWIfCfG5U0D7NJOvCibKhAhZe-5b-yy4-DIF4bhtYmkXr0jL-Fa14oIdyD5LRnlvIuKPe2IgdyZ4Zc54RjEDR0Z3W-gThW4d73w6wNtIBYQML42MB6f4sNjSmlQE3XdxMqJYfKyXrwHFGNkmAmDjiK1ieNuXaerS_mr3-t5we45bsJ1trv7vvTZwVCPlQEi-jkWlDdVN1YpYFf9-UDTm9d-WZzPp3iZ5ADZhDIedVI-KpklrsMQayNtJxtEv2FjeunwmrtSZoniaQASf7GHWcUjhdfREVZsomnOK2IUcTjxU9r1YFAHShHWne4m1_sh1qh6UKFWzjXcz5fH4PBfCh1xfQLIYPYC65C7yI1lH_E6ojtzgp9wrQ6CUbCxd1VqCOLEWkb6o9MQYppXCuiWRzcLYYMEXGWd4NIntUHZJwmJm7w1p171yDIMB2ESk5G3eRphrUTdey1I5YbvFpgNmwLg4LjukfnkMqVlKm0uKXAvykTQjzgEnczWjvsPeB8u9Hr4O9hLQ-EGJvcCWqMoUfsSbTGqgNhgtBfs14WY5cTyoR99AKymR9IK4BtMNFL-gLFi4bODTrOffy7B7lDxj4dkGzsBE9lZQolg_VRxVdVnN4dEJQigHR1N4Z3uD9JzABCMXH7fwo7oSHxtPvhY2ErrROpKc4rzyR68e-b30kUwR02tdgW0pKqGvdgx4g2r_-iJBwCsocc9wd5rshd9tXnXpNc2sfUJnKGvzm809zWUNNZyiqDDd1tQMbTFWxHSsMDS8v7szOUE7w1KWk7Fr-uWwrKC_tOa1l5c6GcpqZWB-sczf0dCvFxylj8DrSyvhXLlw1ObA5y5V_kvZwp8ZsUzetIE-tsCTa9tgrrjkk1FJ9_6SpoTl-zBpEivkkERuBl-ElAxlHWDbvIe6GI9v3OW3lwKyxFP9ywNWHB3npJbguqNgt0S2CI_WNn9kUVr0OpkHqojoUVF6zsev3QcmrOPYfJfy5C4wYk411xIyjGZDRLkKObi7fafLqdiujKgKsOB2rr1xe2SYFTqbXoc-vC1MpJriOsxIGWAOQZxb9Zf70PCW_vLuSipLruzeypjx6XevwUMXK4X3dqIyPfPAYGzilarCYxGqbA5BFxnvb3pxvn2ELg6BM_dvXD4hcP2qSHeNqlXxm8PZVizQTSWUOG_8qRTAPX-2n15OuBxoxTleAcy6swyn_Y5nP-XnpIzAWgvy4enoZx0qEcxhf_lSqPOrSFGjrR0SkO7OzSsGkc_CVrbBWbHZKp42LOPs8uo3g_2cnMijUOsuhvOuyvPGCPXIiOSB5cfm1g23mRAdAE7xoeBoSBraFD_7L-ulic1IsBuqqLTpZDbyn1i9gNMZVqcrtfB3nhXINtJrExEbGbde32zRlcTwq9u3M87fA4QZTMvHBX6oYB2gbR6fVHcTGyVzXYExH21HrUC6_lsDjqu3VTvzXB8b7PF9fOzI9ihlVsr9AV6iic_5hqISg0ZO4fKFtKK_zrGSs42qA6CiW3R182KUwLD6tArpAxLfRgPnTWber43Y8J8evHzQcLqP5leeIYILmk0kR4vgK2GXY5py_afl3bDdkjWbG7F7udpsFsAOuDUQ7oj005WgmmgkNmBOAEs3MuE-IrjhWCjF2mdqPBXJaMQUsWihbV5yEtHvcq27019Bv-MA1UXDxUqoTM2UK0iN3Y15ejOJ_X2CzrqWd-kVE29U3u09m9AAcxwrREs1odIO01iOVnmzzwi7ZHf3n24_s9IEj3SgxDT8wdLPbEkFY2dHC6U0zH1bF1q7NkCglr9ySmrmPuxHyxxzEOVOQrQyX4ismQu3ApbbZZUhh39yxmw-RzMfhaFO200hKSviCdbAZBVKHut-rex0G88CTcaqFvzXfCb-EOt-O4fX7oEANP8CkWAS58Z9Q9XcuwSrJLykBXVENJD206FfC5nh1i9PwJqFTfjZVeL-MxS4_vn_NIk7NnchAtucRkw9caz68dpKIRPXjJ0ixx7MOfcWvQZlzb6lEffQfCkhbg18j6Z1ibSYiiTdPE44svRlvG2oMkHMjwh1cH1KcL9lhLcpv04Ncy-RPOj1tEKJcUPMM-WVaXfntSuO64fKWGZZcG7begsSHYZErqqAS9i7SHt8MpV68rDw0rl1LlbxTtFLV1eSPC1CDkISsAMx1Ja9qvwkDpHvJj_HjzXQhtzcdGq72AJtULX8WTtAWWzwdhCls3lU_uFpMxKQJmfmjwZEycI0LFVeWB5jyO97VbAaGEGfHVREBxjcCirWjebXwVBnyhvYmHkLBQgYoaRvAHPHKkjY30roFoAK36T-gTx5x-tZIue6tdTTdUpEovykV0f_bQuAem-03Yd9RWnjM0VOmp58uKLZKOJ-5cqBQDAda0nl68ZutJmLIbH8JKXZTtWPL7Ldwl8SLnOS_LLMR5-JUEJOI0L_wUw5rAf5FiBH6GO5Z_9kNmzo69_982gFfX44O5STeo_qz8fM6k1GBdmzGbuYoNmKPw5ZdWPapq_C5K1MQdlbG51AoYKz31g6y_ZBnC4KRpVACLk2hW7bdK0XsDuePS75YGbNrJJTbSS9jSMSe3dCfidN3rFqLz7LBxhPXl2MpMWGvd0T_64l0KUJjPgONacwXPNiE6XTgjV_GAw7braHEDAHZN3-8EiM0-BlaYQhwuJTk0O9kkJf41oOK1c9suRAqe1CnZzuRFba3v_yJhdrrVe5ypqGWGdVkcX3LN0i1XFfynT5EU5mlllpeYP0lURvYugOj3PbamXL8lKaE2ad9rrb2as45MNOpvCH4ycBPRApvsQEkxf2aXm2E3-8GKYcY7ruzoq9KIgAdWSM1Ztv-PRASF4vHyptzwK9Z3tUXzPNM-qXBAPG9mFYApKtfPHSd9zCUcNKQTUCExZllassBX3ZPRC_tnlZNVdvkZqwSXzXmilQ4SK5Rz6tb0hSIo9zzWXk9Jf05ZS01KthVKzvsy588EsY0MIJSlMwPzJ326OR7h_f1xiufaiclyRZd3AT9CocC8gOsTQQvDYbILRlUpxKCXMcnP1BRv8pqHLLGCNzMrwIvb8ZOGnupZH&cid=CAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eeffb63289a25714e03789962e35d848efec77515b637f48cc556bda362476cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12751
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 85F9 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:06:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:06:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 85F9 122 KB
37 KB 59ms
58ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:16 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:16 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 85F9 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:04:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:04:34 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 85F9 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRCBlEr5j_d0Nj_IESHbKG1NvMTIoNwesJflDQo6w3kDGvZL0bDkddpQ3gd-s9fLrkUZj8Y
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 85F9 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BdYM0BMroh1v6vnYMGTOndVO-I4h7FKEhUTkQMQUh_Vowha9nFo-IAphtX3Ybko21PtP_obr6-C8sYb8-ZP1-d8mmLlMp5zvJuNiBCfreWQrtQcO8

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 85AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1&C=1

43 B
1013 B

102ms
83ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 16:07:17 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:16 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKLel9qNCws8FJ2DGei_sfI&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 07 Jun 2021 16:07:16 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 85AF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5ENOa7KE7lhpg9CUcbygAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1

43 B
893 B

65ms
65ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 16:07:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 85AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDkIB14ybDX0wsiuhrwSdMI&google_cver=1

43 B
1021 B

56ms
55ms

Image
image/gif

185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDkIB14ybDX0wsiuhrwSdMI&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNVHzJQ2v9Cv8n_Lfl88gbsJ5ijU32rEdE1Q6VYwCCpai9wDfMhLm5hC4LLJYt4qz-qmQFDtMKZFzYCCOMMnpejOU23Z7qaHniU-ZvoHUoakqr-7RFwMMNSezX976Pm2RGH5yZoOrTFa2L9r-bZeSnuadGXYKigiyyvjBv1QfHUK0REOatQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:16 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.185:80
AN-X-Request-Uuid: e12483ef-6682-4568-ba75-e30a427ad5af
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:16 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDkIB14ybDX0wsiuhrwSdMI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 85AF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

170 B
188 B

69ms
68ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:16 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.40:80
AN-X-Request-Uuid: f041cf6a-0e24-4b2d-a0c8-32bbd82542a6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 85F9 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMzpUciR5ZXPZnK2-8HuhnyhxPeNKa8cMjDAZ99IfdCNTfnideqSgk0vP7MGYRajex5y8qbEsa23eL_1T7CkxAFI4PvXInQdB17fUdKRcllHBplJKTF894d6vlfLKDgPH6o89BRSZo-CG3jwwF9J1uKjVhSA&cry=1&dbm_d=AKAmf-B3Hnk3NPScjmz5iCtbbVwTFAqwIowNfe6iV5O7QCOWBPJUlNtR6h_XIpvO98KtMPf_s6DKy_8X_o6waHXYjrJX_J6r2tAXTaAI8b1Askkbv5S8hqXUEeUtPWe1JbwDs1yjUMhF9WA9EwCOgqbC6I2rBLGj2Q6pN3JAvgvY1BldSvH7-Cx0HpzttWpVdQay1_CzfUWIfCfG5U0D7NJOvCibKhAhZe-5b-yy4-DIF4bhtYmkXr0jL-Fa14oIdyD5LRnlvIuKPe2IgdyZ4Zc54RjEDR0Z3W-gThW4d73w6wNtIBYQML42MB6f4sNjSmlQE3XdxMqJYfKyXrwHFGNkmAmDjiK1ieNuXaerS_mr3-t5we45bsJ1trv7vvTZwVCPlQEi-jkWlDdVN1YpYFf9-UDTm9d-WZzPp3iZ5ADZhDIedVI-KpklrsMQayNtJxtEv2FjeunwmrtSZoniaQASf7GHWcUjhdfREVZsomnOK2IUcTjxU9r1YFAHShHWne4m1_sh1qh6UKFWzjXcz5fH4PBfCh1xfQLIYPYC65C7yI1lH_E6ojtzgp9wrQ6CUbCxd1VqCOLEWkb6o9MQYppXCuiWRzcLYYMEXGWd4NIntUHZJwmJm7w1p171yDIMB2ESk5G3eRphrUTdey1I5YbvFpgNmwLg4LjukfnkMqVlKm0uKXAvykTQjzgEnczWjvsPeB8u9Hr4O9hLQ-EGJvcCWqMoUfsSbTGqgNhgtBfs14WY5cTyoR99AKymR9IK4BtMNFL-gLFi4bODTrOffy7B7lDxj4dkGzsBE9lZQolg_VRxVdVnN4dEJQigHR1N4Z3uD9JzABCMXH7fwo7oSHxtPvhY2ErrROpKc4rzyR68e-b30kUwR02tdgW0pKqGvdgx4g2r_-iJBwCsocc9wd5rshd9tXnXpNc2sfUJnKGvzm809zWUNNZyiqDDd1tQMbTFWxHSsMDS8v7szOUE7w1KWk7Fr-uWwrKC_tOa1l5c6GcpqZWB-sczf0dCvFxylj8DrSyvhXLlw1ObA5y5V_kvZwp8ZsUzetIE-tsCTa9tgrrjkk1FJ9_6SpoTl-zBpEivkkERuBl-ElAxlHWDbvIe6GI9v3OW3lwKyxFP9ywNWHB3npJbguqNgt0S2CI_WNn9kUVr0OpkHqojoUVF6zsev3QcmrOPYfJfy5C4wYk411xIyjGZDRLkKObi7fafLqdiujKgKsOB2rr1xe2SYFTqbXoc-vC1MpJriOsxIGWAOQZxb9Zf70PCW_vLuSipLruzeypjx6XevwUMXK4X3dqIyPfPAYGzilarCYxGqbA5BFxnvb3pxvn2ELg6BM_dvXD4hcP2qSHeNqlXxm8PZVizQTSWUOG_8qRTAPX-2n15OuBxoxTleAcy6swyn_Y5nP-XnpIzAWgvy4enoZx0qEcxhf_lSqPOrSFGjrR0SkO7OzSsGkc_CVrbBWbHZKp42LOPs8uo3g_2cnMijUOsuhvOuyvPGCPXIiOSB5cfm1g23mRAdAE7xoeBoSBraFD_7L-ulic1IsBuqqLTpZDbyn1i9gNMZVqcrtfB3nhXINtJrExEbGbde32zRlcTwq9u3M87fA4QZTMvHBX6oYB2gbR6fVHcTGyVzXYExH21HrUC6_lsDjqu3VTvzXB8b7PF9fOzI9ihlVsr9AV6iic_5hqISg0ZO4fKFtKK_zrGSs42qA6CiW3R182KUwLD6tArpAxLfRgPnTWber43Y8J8evHzQcLqP5leeIYILmk0kR4vgK2GXY5py_afl3bDdkjWbG7F7udpsFsAOuDUQ7oj005WgmmgkNmBOAEs3MuE-IrjhWCjF2mdqPBXJaMQUsWihbV5yEtHvcq27019Bv-MA1UXDxUqoTM2UK0iN3Y15ejOJ_X2CzrqWd-kVE29U3u09m9AAcxwrREs1odIO01iOVnmzzwi7ZHf3n24_s9IEj3SgxDT8wdLPbEkFY2dHC6U0zH1bF1q7NkCglr9ySmrmPuxHyxxzEOVOQrQyX4ismQu3ApbbZZUhh39yxmw-RzMfhaFO200hKSviCdbAZBVKHut-rex0G88CTcaqFvzXfCb-EOt-O4fX7oEANP8CkWAS58Z9Q9XcuwSrJLykBXVENJD206FfC5nh1i9PwJqFTfjZVeL-MxS4_vn_NIk7NnchAtucRkw9caz68dpKIRPXjJ0ixx7MOfcWvQZlzb6lEffQfCkhbg18j6Z1ibSYiiTdPE44svRlvG2oMkHMjwh1cH1KcL9lhLcpv04Ncy-RPOj1tEKJcUPMM-WVaXfntSuO64fKWGZZcG7begsSHYZErqqAS9i7SHt8MpV68rDw0rl1LlbxTtFLV1eSPC1CDkISsAMx1Ja9qvwkDpHvJj_HjzXQhtzcdGq72AJtULX8WTtAWWzwdhCls3lU_uFpMxKQJmfmjwZEycI0LFVeWB5jyO97VbAaGEGfHVREBxjcCirWjebXwVBnyhvYmHkLBQgYoaRvAHPHKkjY30roFoAK36T-gTx5x-tZIue6tdTTdUpEovykV0f_bQuAem-03Yd9RWnjM0VOmp58uKLZKOJ-5cqBQDAda0nl68ZutJmLIbH8JKXZTtWPL7Ldwl8SLnOS_LLMR5-JUEJOI0L_wUw5rAf5FiBH6GO5Z_9kNmzo69_982gFfX44O5STeo_qz8fM6k1GBdmzGbuYoNmKPw5ZdWPapq_C5K1MQdlbG51AoYKz31g6y_ZBnC4KRpVACLk2hW7bdK0XsDuePS75YGbNrJJTbSS9jSMSe3dCfidN3rFqLz7LBxhPXl2MpMWGvd0T_64l0KUJjPgONacwXPNiE6XTgjV_GAw7braHEDAHZN3-8EiM0-BlaYQhwuJTk0O9kkJf41oOK1c9suRAqe1CnZzuRFba3v_yJhdrrVe5ypqGWGdVkcX3LN0i1XFfynT5EU5mlllpeYP0lURvYugOj3PbamXL8lKaE2ad9rrb2as45MNOpvCH4ycBPRApvsQEkxf2aXm2E3-8GKYcY7ruzoq9KIgAdWSM1Ztv-PRASF4vHyptzwK9Z3tUXzPNM-qXBAPG9mFYApKtfPHSd9zCUcNKQTUCExZllassBX3ZPRC_tnlZNVdvkZqwSXzXmilQ4SK5Rz6tb0hSIo9zzWXk9Jf05ZS01KthVKzvsy588EsY0MIJSlMwPzJ326OR7h_f1xiufaiclyRZd3AT9CocC8gOsTQQvDYbILRlUpxKCXMcnP1BRv8pqHLLGCNzMrwIvb8ZOGnupZH&cid=CAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:05:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:05:21 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 85F9 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89900
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
H/1.1 200
OK extension_1086.js Show response
tag.digitaltarget.ru/extensions/ 732 B
976 B 92ms
91ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/extensions/extension_1086.js?i=188217588067325
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:16 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-2dc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 732

GET
H/1.1 200
OK i0be04j7xi0r Show response
hal9000.redintelligence.net/zone/ Frame 85F9 11 KB
4 KB 176ms
58ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/i0be04j7xi0r?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D
Requested by: Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fdd02928d85206d46cd720b834871b6a814513d4514c1ed919a46757080141b1

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:16 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3938
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C9F6 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 84300
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame C9F6 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 10:09:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 10:09:50 GMT

GET
H/1.1

204
No Content

i
dmg.digitaltarget.ru/1/7054/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc
https://dmg.digitaltarget.ru/1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc&q=scc

0
398 B

93ms
93ms

Image
text/plain

185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc&q=scc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

Redirect headers

Location: /1/7054/i/i?i=279250062751501.631259872135647&c=tg:adcm_pc&q=scc
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/1/6533/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/6534/i/i?i=279250062751501.196953136462636&c=tg:adcm_pc
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=279250062751501.196953136462636&c=tg:adcm_pc
https://fnc.rt.ru/1/6532/i/i?i=b0sVmGHXg2.ewfx7bkLq&c=tg:rds_6534
https://fnc.rt.ru/1/6532/i/i?i=b0sVmGHXg2.ewfx7bkLq&c=tg:rds_6534&q=scc
https://dmg.digitaltarget.ru/1/6533/i/i?i=857954001618453759842000000003184246&a=774&e=UZoUbd1qGFu05555zB8V

49 B
603 B

3113ms
3112ms

Image
image/gif

185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/1/6533/i/i?i=857954001618453759842000000003184246&a=774&e=UZoUbd1qGFu05555zB8V

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 10
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Location: https://dmg.digitaltarget.ru/1/6533/i/i?i=857954001618453759842000000003184246&a=774&e=UZoUbd1qGFu05555zB8V
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://fnc.rt.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

7162
dmg.digitaltarget.ru/awg/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=279250062751501.188843013673215&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=279250062751501.188843013673215&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:d...
https://cm.g.doubleclick.net/pixel?google_nid=crossmedia_ddp&google_cm=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4
https://dmg.digitaltarget.ru/awg/7162?a=155&e=CAESEC2ob8b64SI3c1973wuu6cs&ver=1&google_error=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4

49 B
603 B

158ms
157ms

Image
image/gif

185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/awg/7162?a=155&e=CAESEC2ob8b64SI3c1973wuu6cs&ver=1&google_error=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 46
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dmg.digitaltarget.ru/awg/7162?a=155&e=CAESEC2ob8b64SI3c1973wuu6cs&ver=1&google_error=&code=1086&ts=hDDUoCAXFGEvh8v7O5e4
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=279250062751501.352836335038725&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:duzX03_w7zuJsnbgVur3b3rR.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=279250062751501.352836335038725&a=86&e=5EFC831FD643BE602D0BE78402828B4E&c=ss:86.up:5EFC831FD643BE602D0BE78402828B4E.sync:up.xdua:d...
https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

49 B
446 B

137ms
51ms

Image
image/gif

87.240.190.78
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.78 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv78-190-240-87.vk.com

Software

kittenx / KPHP/7.4.107422

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:20 GMT
content-encoding: gzip
x-frontend: front226207
server: kittenx
x-powered-by: KPHP/7.4.107422
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 16:07:20 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-953904-7yDR1
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 60
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

request.php Show response
hal900027.redintelligence.net/ Frame 85F9
Redirect Chain

https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

245ms
131ms

Script
application/x-javascript

78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 914a7353486a007feb2a6884b473f034e989ec29e02cbe6773b85b86f9a186af

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 83744900145930800510390011618027
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1076
Expires: Mon, 07 Jun 2021 17:07:17 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 07 Jun 2021 17:07:17 +0200

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9F6 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bb-a7NES-YI3pKLypx_APjduD8AUAAAAAOAHgBAI&bg=!LC-lL2vNAAY6sG-_OrA7ACkAdvg8WsVupbKV_UOrNOekEl7nMsnZeKPCmQ6IQ_xAfxK9xmxKGDOmUQIAAAByUgAAAAxoAQcKAK-EqD1Ng0DymCQ-gIldrjhmNQBRNxW0jaqvRWUuCEJ0JVPFo_gbyvNmOqxTuUw9ZA3oKJ3WPxMNECJnprp8rjv5f0XTvonO_cTF-s1Dr-JAvpGOSzc0yVG9T9frObQgidUn3n5ORH5SfzI2oIMzpc8vUu4b7qqvmgKxIydbm_D2Iga099LoYmH5nJzMhqnPBSzUwEpZNB74tRD5zgn3J_SLZWs9GRkiENX0wPBfBmQamQLijjiG6qUX1PBTwBXISqttze0gxg31PaYutzAPHR05ZRVj5sutXe40CjWvNVKDM1zDHDpoN2SS7rjkNWAmZjDZygWv5rI6_UNKMG0mHFfl2sjaXkYulv3au-T4aH7mdrj-UZQLppycCo6UC5nDw0ISqhC2ghFbie0Wu6ewvOHNo1ncD_mA7exUR_Q-LGE4QmqlBPho2sSO0u8dnVuFEyayD9IT_Jp3YHApP1jo-0r2YvV8tSfHJrk97GuBKvyrTA6ihm3ghpEJ1lmJyG4dqIkkhmS6drurBEfOpYJ8MMdwsC710J9jSM3lHRRT_ZNOJiMk051teV1pTt5jFM-JPIla4sU87SiqLIkZ9wrYxOVqJNDIMbMmw3EAmguHPMwJX8Oguy4Cq0I8qGLJOG3RwRnXY-A6QIxfvp3kUHipmpWumVp_WVSb1uJEAz6NlObVuYcn-3D34arNx0WLME9gI8l186LjxM1-eRo_X0jCXkZt1HSzvL1SpYvE1zwGa9mqrymq1APUQt7PnGzsknKE0fOMDLijNyHBWYdl39zdPBuszOsOjhJvb_IxLVxqqfwQbjPDiHUXd39L8bJ5oVN5u3klmXDmqGXfpeN_Dy-UPqRNVN1BXDA0uVyFrXurwft4lrsMMx4-pmiIRl6UgO8Sv1PkgyjuxEoBbO0nGcGe3SRQ2rut9Ke5_xn8jsGU6yZ8ji0Myrr2F_DIsHbMfokKiCsqfd5Un8NqubP2QbvLAw454iwviHEsfotDjBeeKlQWw2r3j6ndoICyaL1ZPrUt3hrN8ujMm9YtBclRFtpIyr9WAFCGJNiSkgpXP-sWCYahHhitCtxspj3BsTVEjz_mRdetE1XqAd7BriraVYh7UygtonYEPolDCiLHl6uOvp7dbpgCOKZ75_aAD-jpG3NH4D2zUsDsD_KtfyNmjt0NhqRtZd6cnfnGcbwWH8baA5mr36cETS8BA-e5V908hoqiaxa6X1YH

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:16 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7C1E 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 16:07:16 GMT
expires: Tue, 07 Jun 2022 16:07:16 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AABE 624 B
299 B 17ms
16ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUkskM4BNuMoj1n_1Wwz0GyCT-rjWqYei-OWo-cyfwzciRLsdfyqBzDMdkPrxj0; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 16:07:17 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 16:07:17 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7C1E 57 KB
23 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPtjBCiHf3d2eNTjJVz6-WfHltyHIO12Ko3Weu5xpx6eQ6lpW585icgr_npuqUl548CNqiOCyZfQtZe-59aApYuQiGwgqGOsGGABFGr2ubBrEpMwE_WjUOBOlW7Hx9w4mJZdm6yxwgUSWXC8BKLYLanTLugQ&dbm_d=AKAmf-DlGe7MkGcJoc3xq4pjSf8b-20uBmH_pS_9JBymQNbSxLOzu20OzgUQrzkIEbyVvhUTGjh084qlBaGmMULORMGT3xsxjCY7SGfOY6ilsI6sOGUBgq9wO4_XmIaKyH8YyCq8fo5HzeHqY7Er0YFxM7BrdlKonIRuWNvRSpG1Lrp_ryhWjW4DRKrHTVuNZBP0FZbYOkbQQP_-HYikwir2Y14AhvhA3svW_EWJVPbQDcYIL01cY_10PVlh-4cfsdy1zdwJ5BrCutjH6k9_qBdSjW1dqX3EK3Uof4ynGJABV1VuIf4wW9erxYCkXc4E4IIFnPrwzfFC_xsdZGwbgLDj5hKkE-hSo7X24Xptq9rF61Dsa8hlp5aIRfY6NuNjhSl_HI0Y4_vecyxuXqsiYT_yb0dCc2A7xHcA3i_nhSespBqhHFvhAwHGqKLfvdvO0-6p_p5ukr10c1gJzlvxjHW1-K_3bfNUY4aog-J8IjiPFoqnKdIKVuZ-d5Lq5XMlqyWlAIYz2npFFDLZSL3AzMTfmsyM4I-EYNNOalHQgSXtnu7A-5Wqsdv5bh8CuY6amnkz-ebEJc08fq9S9diKJIKgtzR-M9l139TC78FDKuCa8_Yd7a4wSomqywcyPqMmVV1mmuuBFRS8okGdOxUxQcc-oWYmDzw_Nh6rL2G5sGx7mgVuJ-JIe04ZNmUH3IAjP10nuFmo6czzgNFw3erZyOLlojfUwmbgNxJt8XCUJbBB2eZ-lzykedP9BSZM8_kenNrtajtaA5yycv-4i9h2X-P2hxzlnKkqzSR3I6htFIZDWP9WA8Cqs-3VxltHWRV2TuG25XXLQYlNPrGIkRGv2SL7yKMdXGj1IBUF8xphrpFjadp7UCRCtqUh0MBGVP_dH5N2DTujLgUnLusvj7wVqJdbHup_kxNdRMYzcRSCn0wTj2Tc8tEbScg2kAvq3PH23lvlQheXdS3rzcl6e3NeUgXaAN7axQEdXt20277WItkED0CnyFSdMe1CBAG9D_cDbD9D8cba-54zlT3B2eN791WVIUYmZn2nyjndVBjGRPCbsV7Kc7WTBMQmTTvXbEJ3wX_G3r4YoPBkojYycPI-HEvnSCUu38vN0LCya6mXzA6dqyX6PKiNjrch6Rvopdq71GsFPN6vRk3AthcBqgwiCf61fabUT-3dPYClmRwyVSIXkseDXX3SDP4fwaE4Ivw-8ZWheKpE6nkA8fUdhhfgtfUiZ307I708EnBowAyBXPzXgSuA6e4IFlthHK0V4CylIsru1eupqvACE7Ir8U0F1OgXxaR39dYO_WJyBwdD1b-ckR238wb7-LKg47RR5gj3woDldOTmU8xOMS-s4vuqznP1ry9cdu5EIkl-t3zlevggPfiJHDuSv6KsjxSZISY3KUxAbiJjAuUDZLi3nmGcyPKA34Nv4FIx6zoFQP0wszWy2WREPsUyauWWifslYOxocmRH7FcLlRw376e1p5Wyt6miZhbzaF_vQqx9Y4h8aieq-ivEsSra8DRMrFpABjV6LQtlxfObKzZ46PmNI8UZaC_eHIRnxMeS15KE2xqw_MnOElI3nMfjHurQ4uAIXTVc-tR0xwzs2FgSGgWphS1BGZBDPH96ELFVe384t35yBeVLV9DnY1HxBOgc-kqp7X6J-rjjvMoI1TxxoxqSKFGVWwW3neMZzi2Fc41-l4GHeQxv39IVgZv-W4mjlOSh84xHQJYwqKD8ZVSIXYlcUk-wyPhpewbqNNp5Npa-OOhk1NEMQyLbTOOq9L2RrKVYLFAE0Kiznrax3GIQ2eUM5Ixgi-afhXyhJ54coFzPhu0oIY6NxI2mGFDJGSiPplOoM3nQuEwTLG7S6o096szu2Os18Hzb0AeIIsNViKXw004E9Bf17vm18j21blbNGX-vIvjo-upwXY92XNzSMY7_Q1718MVZXwCqRxHulIsq7cTE3WHG1IJqnDS-1gJt67j_hIyRBv7of6f59HTElPgTPLCO1nu9Atbhi4SwPOKdN3HHfgpozKW6zpTw8x5OeBF3OdMdg9LnrVMwg6Dyiat69blTQYOUsoO_ve-wMmK-prjNYdHwkGKzdZb262xMDYOoUH0BI6J70PDOwcpe5sn4c3EO4xN-Fr_TgQ9vIUOtyqWDqauscXC9_N1Da-vkn3VN6BV0l55LryuMxX3f91_8go6hMJKpliRUnRuFoSfjegh_d3clcDyzvA4Lt889bgeX5GApblTlgV8uxMHC6u9Nr62-K-Xvb8KTFtH8uXHMkT2evMO4fmtRmQM4giwHNdqdcUE8x1a560QlZvdd1B7ikXYInjJ1oHI5Yb-Qa2m_s3wPHr2hyrK2E3sK4NFtgN6N2iz5dMxvn6i4G9DQLmhmcSjT0YTMeC7n6iCY3fTinZqPGBCFz_85VVSY-3PJIDuXWKBJKtQ5eh9ZOUDqkqa9szheGsOsFHiPRZoO_rrr2M2NXoIzozV--wgwd6LOayiMnkPPYKXVclO2aWmxTC3DyjYPOm4KFS3d3dfhLEkgg0R4tBTNw_cHAUDEmTd_VkDRMiBbyQLmJm-6lPuEfJg3iBdshTYK-iowsQCrHBYxedSyj7H_L6z5x7_Uz1DF5DTtcck8FQQoQ5eJLG22d9HOZoy7awbv4VI2YUvrKZ9LQLQ9-s5UeabKeKXUiSquNwoapBOfJEGjKkhwyg4lcHvOHOeIlWxGMnV5UqvqJmtkZz4iCnfA-uAm1JjOZqjDVCur1PvJ8xmFh3hohlO3mNXCtiWon9hG5zAqgd0AYqjRxA_cX0rs2C125H05SV7FkzRqJ4El8XUtHcaHs4S5CAtGjT8S1sxiO5DWwlI2OgGm0tzI78pnP3nPtl1oMjylLx9ucQjBKLseA7q7xSmD5UaHznKd2pYxNVNQQ0DK482OM64jToFagYLoJDZjWZrKHmA8esqYeW_BW_jauZff-ZxemN62R7t5xw1C4uSvKSa1ldFNI2hDB82vxJxbMaV9Hx8cG6FXgYxo-xEACE3LMMqHDlGmpMljNNlaDOiqSA&cid=CAASPeRoHkw8vYaVnwsD9yirCiIhZh_VCYxdBobsCoazIUylSjYvqjfzI6zHNr7NcbR6UaxAAE7HxKNqxhKJe88&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

251808cfd4c50f708c4810e43faf576f668d91c456021d8a016574799dd4d696

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23898
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C1E 42 B
63 B 40ms
38ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DXz70WxcMQ5VHqVw3mYo65nukv8ljQjvDxaJG8nI5UV8kr9Mo8KN7OFrOEt_l1mSZOe0mBgIQxl_Mm3moEMuJTHo8BZ97ud19tTgxlelyFwaWG0Ds

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 7C1E 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:06:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:06:20 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7C1E 122 KB
37 KB 59ms
58ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:17 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 16:07:17 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 7C1E 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:04:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:04:34 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7C1E 0
0 15ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS25H8oyCS2_kw8Fu-4_Ppt6ykIuiHbXmI-fFATW19yoxiLdmX7LFQaPRLBiDPbEI0ByjfJ
Requested by: Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 7C1E 111 KB
39 KB 218ms
5ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75732
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 07 Jun 2021 19:05:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame 7C1E 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPtjBCiHf3d2eNTjJVz6-WfHltyHIO12Ko3Weu5xpx6eQ6lpW585icgr_npuqUl548CNqiOCyZfQtZe-59aApYuQiGwgqGOsGGABFGr2ubBrEpMwE_WjUOBOlW7Hx9w4mJZdm6yxwgUSWXC8BKLYLanTLugQ&dbm_d=AKAmf-DlGe7MkGcJoc3xq4pjSf8b-20uBmH_pS_9JBymQNbSxLOzu20OzgUQrzkIEbyVvhUTGjh084qlBaGmMULORMGT3xsxjCY7SGfOY6ilsI6sOGUBgq9wO4_XmIaKyH8YyCq8fo5HzeHqY7Er0YFxM7BrdlKonIRuWNvRSpG1Lrp_ryhWjW4DRKrHTVuNZBP0FZbYOkbQQP_-HYikwir2Y14AhvhA3svW_EWJVPbQDcYIL01cY_10PVlh-4cfsdy1zdwJ5BrCutjH6k9_qBdSjW1dqX3EK3Uof4ynGJABV1VuIf4wW9erxYCkXc4E4IIFnPrwzfFC_xsdZGwbgLDj5hKkE-hSo7X24Xptq9rF61Dsa8hlp5aIRfY6NuNjhSl_HI0Y4_vecyxuXqsiYT_yb0dCc2A7xHcA3i_nhSespBqhHFvhAwHGqKLfvdvO0-6p_p5ukr10c1gJzlvxjHW1-K_3bfNUY4aog-J8IjiPFoqnKdIKVuZ-d5Lq5XMlqyWlAIYz2npFFDLZSL3AzMTfmsyM4I-EYNNOalHQgSXtnu7A-5Wqsdv5bh8CuY6amnkz-ebEJc08fq9S9diKJIKgtzR-M9l139TC78FDKuCa8_Yd7a4wSomqywcyPqMmVV1mmuuBFRS8okGdOxUxQcc-oWYmDzw_Nh6rL2G5sGx7mgVuJ-JIe04ZNmUH3IAjP10nuFmo6czzgNFw3erZyOLlojfUwmbgNxJt8XCUJbBB2eZ-lzykedP9BSZM8_kenNrtajtaA5yycv-4i9h2X-P2hxzlnKkqzSR3I6htFIZDWP9WA8Cqs-3VxltHWRV2TuG25XXLQYlNPrGIkRGv2SL7yKMdXGj1IBUF8xphrpFjadp7UCRCtqUh0MBGVP_dH5N2DTujLgUnLusvj7wVqJdbHup_kxNdRMYzcRSCn0wTj2Tc8tEbScg2kAvq3PH23lvlQheXdS3rzcl6e3NeUgXaAN7axQEdXt20277WItkED0CnyFSdMe1CBAG9D_cDbD9D8cba-54zlT3B2eN791WVIUYmZn2nyjndVBjGRPCbsV7Kc7WTBMQmTTvXbEJ3wX_G3r4YoPBkojYycPI-HEvnSCUu38vN0LCya6mXzA6dqyX6PKiNjrch6Rvopdq71GsFPN6vRk3AthcBqgwiCf61fabUT-3dPYClmRwyVSIXkseDXX3SDP4fwaE4Ivw-8ZWheKpE6nkA8fUdhhfgtfUiZ307I708EnBowAyBXPzXgSuA6e4IFlthHK0V4CylIsru1eupqvACE7Ir8U0F1OgXxaR39dYO_WJyBwdD1b-ckR238wb7-LKg47RR5gj3woDldOTmU8xOMS-s4vuqznP1ry9cdu5EIkl-t3zlevggPfiJHDuSv6KsjxSZISY3KUxAbiJjAuUDZLi3nmGcyPKA34Nv4FIx6zoFQP0wszWy2WREPsUyauWWifslYOxocmRH7FcLlRw376e1p5Wyt6miZhbzaF_vQqx9Y4h8aieq-ivEsSra8DRMrFpABjV6LQtlxfObKzZ46PmNI8UZaC_eHIRnxMeS15KE2xqw_MnOElI3nMfjHurQ4uAIXTVc-tR0xwzs2FgSGgWphS1BGZBDPH96ELFVe384t35yBeVLV9DnY1HxBOgc-kqp7X6J-rjjvMoI1TxxoxqSKFGVWwW3neMZzi2Fc41-l4GHeQxv39IVgZv-W4mjlOSh84xHQJYwqKD8ZVSIXYlcUk-wyPhpewbqNNp5Npa-OOhk1NEMQyLbTOOq9L2RrKVYLFAE0Kiznrax3GIQ2eUM5Ixgi-afhXyhJ54coFzPhu0oIY6NxI2mGFDJGSiPplOoM3nQuEwTLG7S6o096szu2Os18Hzb0AeIIsNViKXw004E9Bf17vm18j21blbNGX-vIvjo-upwXY92XNzSMY7_Q1718MVZXwCqRxHulIsq7cTE3WHG1IJqnDS-1gJt67j_hIyRBv7of6f59HTElPgTPLCO1nu9Atbhi4SwPOKdN3HHfgpozKW6zpTw8x5OeBF3OdMdg9LnrVMwg6Dyiat69blTQYOUsoO_ve-wMmK-prjNYdHwkGKzdZb262xMDYOoUH0BI6J70PDOwcpe5sn4c3EO4xN-Fr_TgQ9vIUOtyqWDqauscXC9_N1Da-vkn3VN6BV0l55LryuMxX3f91_8go6hMJKpliRUnRuFoSfjegh_d3clcDyzvA4Lt889bgeX5GApblTlgV8uxMHC6u9Nr62-K-Xvb8KTFtH8uXHMkT2evMO4fmtRmQM4giwHNdqdcUE8x1a560QlZvdd1B7ikXYInjJ1oHI5Yb-Qa2m_s3wPHr2hyrK2E3sK4NFtgN6N2iz5dMxvn6i4G9DQLmhmcSjT0YTMeC7n6iCY3fTinZqPGBCFz_85VVSY-3PJIDuXWKBJKtQ5eh9ZOUDqkqa9szheGsOsFHiPRZoO_rrr2M2NXoIzozV--wgwd6LOayiMnkPPYKXVclO2aWmxTC3DyjYPOm4KFS3d3dfhLEkgg0R4tBTNw_cHAUDEmTd_VkDRMiBbyQLmJm-6lPuEfJg3iBdshTYK-iowsQCrHBYxedSyj7H_L6z5x7_Uz1DF5DTtcck8FQQoQ5eJLG22d9HOZoy7awbv4VI2YUvrKZ9LQLQ9-s5UeabKeKXUiSquNwoapBOfJEGjKkhwyg4lcHvOHOeIlWxGMnV5UqvqJmtkZz4iCnfA-uAm1JjOZqjDVCur1PvJ8xmFh3hohlO3mNXCtiWon9hG5zAqgd0AYqjRxA_cX0rs2C125H05SV7FkzRqJ4El8XUtHcaHs4S5CAtGjT8S1sxiO5DWwlI2OgGm0tzI78pnP3nPtl1oMjylLx9ucQjBKLseA7q7xSmD5UaHznKd2pYxNVNQQ0DK482OM64jToFagYLoJDZjWZrKHmA8esqYeW_BW_jauZff-ZxemN62R7t5xw1C4uSvKSa1ldFNI2hDB82vxJxbMaV9Hx8cG6FXgYxo-xEACE3LMMqHDlGmpMljNNlaDOiqSA&cid=CAASPeRoHkw8vYaVnwsD9yirCiIhZh_VCYxdBobsCoazIUylSjYvqjfzI6zHNr7NcbR6UaxAAE7HxKNqxhKJe88&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:06:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:06:46 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 7C1E 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:05:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 116
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 16:05:21 GMT

GET
H2

200

dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg Show response
static.tradetracker.net/se/material_image/02/ Frame D461
Redirect Chain

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=83744900145930800510390011618027&t=html
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

39 KB
39 KB

40ms
9ms

Document
image/jpeg

2600:9000:2156:3400:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3400:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91

Request headers

:method: GET
:authority: static.tradetracker.net
:scheme: https
:path: /se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; uf=PKDV0rnMT6ZQFf8GRdM7x25FT3JkQWw5aWRJWWpuUm1KZlNqR0VMdlhoR29Od3ZTNzJYTmI4enlHQTcyL1ZFY0lTNHU3dzBFZEo2THA2NUNtYmN1ellBY0ZGdG1kdWRjZG83M1RRPT0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

content-type: image/jpeg
content-length: 39656
accept-ranges: bytes
last-modified: Mon, 04 Nov 2019 09:13:22 GMT
server: nginx
date: Mon, 07 Jun 2021 16:06:27 GMT
etag: "5dbfebb2-9ae8"
x-cache: Hit from cloudfront
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: oxsOcyvI2Ld9fa5Ugcu-hlycUkJZPg2xtgE16fr9jLeLO73Btr6TGw==
age: 293

Redirect headers

date: Mon, 07 Jun 2021 16:07:17 GMT
content-type: text/html; charset=utf-8
location: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache, must-revalidate
set-cookie: uf=PKDV0rnMT6ZQFf8GRdM7x25FT3JkQWw5aWRJWWpuUm1KZlNqR0VMdlhoR29Od3ZTNzJYTmI4enlHQTcyL1ZFY0lTNHU3dzBFZEo2THA2NUNtYmN1ellBY0ZGdG1kdWRjZG83M1RRPT0%3D; expires=Tue, 07-Jun-2022 16:07:17 GMT; Max-Age=31536000; path=/; SameSite=None; domain=.tradetracker.net; secure pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; expires=Wed, 15-Sep-2021 16:07:17 GMT; Max-Age=8640000; path=/; SameSite=None; domain=.tradetracker.net; secure

GET
H2 200 / Show response
ti.tradetracker.net/ Frame 85F9 454 B
1 KB 308ms
109ms Script
text/javascript 108.128.9.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=83744900145930800510390011618027&t=js&wid=tt-121e90
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.9.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
Resource Hash: 435f5f3eb4d6383cb2aaae93abf1e387de4acb22791ae314fbcaa545b3dab1b9

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:17 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=utf8
server: nginx
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900027.redintelligence.net/ Frame 75EA 6 KB
2 KB 181ms
61ms Document
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=4b4b5992ff&subid=&uid=900ab75629b902cf&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYhxRNES-YL6JCOPL7_UP5bqJsA-VsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAghGsVcRaLQ-qAMBqgTdAU_Q464MivaVy-RcnEPeSOTIRl0vVv928RgyMcn0oNOr_-OsliQSL4HMa9k2H48yvUO9q_VaF_6nU_QsskWz6R0Uir6KHAG5kQr8IxdNPO-GyHvYNENKKQ6yoqC2Ih1Cua_OUsHA-hZXVllYz68WiCu0vUQdXov8xn24ZoIfDGT4wdAjcx_07wCQqTa1XgDM5RjtZNL6DULoN9giZMaIulPd-GbvpSdjCp33soCBNQddMp9gcv-kKBcwja7C1W3dEOjZWu74fjg-7dKY1qrN6apJZd3Jt1Y7KdTBFX45wAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRo30EoyDcoNw4_-VE0wWWKRnrLocbjI0yq7-3YOieML2lfylE0WplAAdmsEe5lfEj-Kk_Fc3slCO70vEs%26sig%3DAOD64_2OxRSRLgwLzAFrTzxMge10a-6sEw%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-AYDNngrEzkzveOnIiXDpyj6cscEWer_i_P3417vpSoyaLYsigx05cjld8_MFO62Rjd4-3lwVYImsFeO74sMJy4pTU8P68a4xaZwITnhBpL9iGjxYaDXT5LwE9Nnlw_9ysIRuOK8gxQb8gQZQ85O2G6Yf77mA%26cry%3D1%26dbm_d%3DAKAmf-BQAus6P_mf0YD919IE64xdW6vNcRDdOA6ic9P299rt0Cz09zCBM9Hsghun1eNanjOZBquF88PW1mdZ9FAa2Zj7bJnMXnbdv81g4RcMdiQBdwfqaV94ZQSxb7-EWwoN6lI5wXRhzyiLudP3xU8vazJr-Jr4Hd3ISc8h8yEVF6gOkU5kObYRQGISuTy_M5slnSIPi5swF5w8NiRc7XwmzAaok3b_KwqWpyz6l1xaCfiWbbIOiQ-Za52ZYjdj3dEthhj-zTYMwao1g_i4vySBxwG9IDbwBUvBF-QhUiPMD5IrEx0QYHcIf_UCRXAL9l7TtZHsNovSMetp2cTr6zqgXoohfrvQf9hkj_sH-690lm5_MjqH9O4uJbENcQGD1s7Q0rii-Cv9Kxm_FG29Xf3Ebm1Xj4vweQW6baU7fCWLq9gYHA5YMoVu9HaXF1JNYJ63PH6_eBVn%26adurl%3D&documentReferer=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2F9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=4635954255654&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 9349826ff558c3904424a488e76ba23f658383030035c8e4878ce41b081953c3

Request headers

Host: hal900027.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=c893fa788d18ea28
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 07 Jun 2021 17:07:17 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1828
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

cshow.php
www.zenaps.com/ Frame 85F9
Redirect Chain

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=83744900145930800510390011618027&pv=1
https://www.zenaps.com/cshow.php?pvr=6e6da7e0-c7aa-11eb-8847-692d0cc96476&v=12846&r=566725&q=389131&s=2636829&viewref=83744900145930800510390011618027&pv=1

43 B
704 B

183ms
74ms

Image
image/gif

104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zenaps.com/cshow.php?pvr=6e6da7e0-c7aa-11eb-8847-692d0cc96476&v=12846&r=566725&q=389131&s=2636829&viewref=83744900145930800510390011618027&pv=1

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

Redirect headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.zenaps.com/cshow.php?pvr=6e6da7e0-c7aa-11eb-8847-692d0cc96476&v=12846&r=566725&q=389131&s=2636829&viewref=83744900145930800510390011618027&pv=1
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame 85F9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b0c8ea5a9a3515a171b8c7b736ebd134796fe8388b6138de6d7bf62394af58

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AABE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1

43 B
893 B

82ms
81ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 16:07:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AABE
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5ENKoWVko.g-VfzaPiHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1&google_hm=2

43 B
893 B

67ms
66ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 16:07:17 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTl9_bRaJD4Ls3RJHwWRq8&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame AABE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGSVSGkNiSNwhXD-dlKo74g&google_cver=1

43 B
1020 B

104ms
103ms

Image
image/gif

185.33.220.244
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGSVSGkNiSNwhXD-dlKo74g&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNXFpK0v6BcoM5id2wd1Kj0Ap8Ko5_Y2EuVp38dJHz_TKkl2a01kxsqh-UkAtoViadXv485mp147rqzTnc6OpHiPJ1-IAVg84VAHyDj0ilbBmQUV8b_f4qwd7WR4euePV-kCaPWMRkcjUuu9XYx0-nykmGD8rFv18_OWiDsJUNKK4zi2GQ4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.244 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

731.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.75:80
AN-X-Request-Uuid: d7a03932-c697-47e9-bfff-cfbff3d07452
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGSVSGkNiSNwhXD-dlKo74g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame AABE
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

170 B
188 B

62ms
60ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 16:07:17 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 731.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.165:80
AN-X-Request-Uuid: 952c1d89-9d11-4b85-873c-a1e090e88956
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQzODUwMzEwODQ5NzUyMDgxNw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7C1E 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89901
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
DATA 200
OK truncated
/ Frame 7C1E 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c59b38463930ba38386e7f3445198a88e3b26dd7f607340c0468234253359bf

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A7A8 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 84301
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 8813 6 KB
2 KB 15ms
12ms Document
text/html 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8956534/1621239267390/728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2292
date: Mon, 07 Jun 2021 12:50:25 GMT
expires: Tue, 08 Jun 2021 12:50:25 GMT
last-modified: Mon, 17 May 2021 08:14:27 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 11812
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C1E 0
107 B 205ms
93ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvg4-0vVJslMD8mnjWL3kE_93uoRbOCFrQeaeeM-BhiG5GEP71kKIjuvPwLJoUL_ZbRZXA9szXSyfi_kX5kqhogKjWQVu5ies4f4N_ufWYmyfhG6OidFaK4jmA8C4VbwesOjgxXgUX3Jsv5QyNRJjnp6T1kcp2L0Ovve-c88PBCzOH11tkgfKzj3f-jdCCTZ-9opfw2dCZ7ibDCdRsNfka3ayIlP9VEl_GvLe3tQcTtE-kDqx8kRHMFRg0r16rz906sfllBb_sZOyXfG67Iw9HCnAId2E1IUFoMPUVbV5pwy0eG5kkbvO5b4GcRS8d1VBuBgOKJ-v8zo_K7pA_3WVe8vsYCwEbbXav59-BPx-l2RL8ddR71yzWy9-uJgfq-DCxuxXkxl6IFuxokGIVvhIQPj3vppe1kR2lUwGMIY4FJb4mf0UlOJbUTN5pTSdcfdeSiqlp5NnForVDTuGD116oxQQFa1j_17JmHg1RHJ1j4LDKiNi0j-JiWh5VxieG73HI1C3_Ai_FSk-Pr8DO-IIT_gP5VLvYIUii1NO-N6EO9jopjMxms_TWIOIiVAU7eA0ZStIXv5BH4MxoM7aWslb5CYdsx0ZCT213gq3wxPFX54Yr4eVacBv-U_dEfFi60C6S_j_Kwq5H4s-kRYFijhmbymSvIdqRDEUfGaNK59lqX9Y44hdY0XW41EaijGDL2BCflFPkv09QeQJmFk6GNH2cwglHVKqa-pS3ZEnUXQjwp60ADqbhsZoclzfwueBpSJknGKuMOjS4mT1r4h85sPUqr3OA-C3aJ2FpZm8KMLddNbXpssY2QMcfokxTY_2btqLnniSBdekO6FIu9xTMl9IAhOiOFa2oLswYUYgPIIdwuIA9Be6sqM7ucokjmUQEAAn29-0rbogxq8l0Qq-w0o--TcBC_ue5EuuoLIiN43tBXEhTJoKiIzXM_qwIXRgDVFLNR13hRCLSY-rrZ4xw5yA1_paVcVP1xX-zNfGjxiHMRI17WefJBaBB_MEILQa62l-GiS-ctKB-nRfSi66wv-faqU-JllChVIJzZxGHzseLbahRduZioVvrhfcf9th7t2XQhSDLFyDYqF2XSG6Ki3-UtLNF390SMZcW8vbmYNOmZ-JGPVmJ8bMzFr6RlSY4oOirr8lwC9VhTLvPlPW3juHsQWzj9O4oLGPiWUy4P3O7LMWEyXxIqyKGVsZY&sai=AMfl-YRleLcyrU3rK0hW40j0M2rmH4sfb4HK_EKCpQlZOaW3z2byL7CVOpx0PO8mFCY_mK9pgiJy7HnXC22Rj9n32b_yGC_7ZMr0gEFJ_mnGaW1qK_uiJDuZVb20itmyRbyrTy_hbuGjPtpXEnmFGZu6nyiv87yp8n21Imk8Nj-LdqxB9SrstFbWCebg3dj2hCTTt_0fsxOwHi9GDvxc1I04_ktw-gtk2vxZkrdpVlSb_A&sig=Cg0ArKJSzClHj7oe5lMMEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=274&cbvp=1&cstd=270&cisv=r20210601.71662&adurl=

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 07 Jun 2021 16:07:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame A7A8 14 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 10:09:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21447
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 10:09:50 GMT

GET
H2 200 createjs-2015.11.26.min.js Show response
code.createjs.com/ Frame 8813 186 KB
48 KB 31ms
17ms Script
text/javascript 2a02:26f0:6c00::210:ba2a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/createjs-2015.11.26.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:07:17 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 07 Jun 2021 16:22:17 GMT

GET
H3-29 200 728x90.js Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 8813 16 KB
2 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11812
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2476
x-xss-protection: 0
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 08 Jun 2021 12:50:25 GMT

GET
H2

200

5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
static.tradetracker.net/se/material_image/35/ Frame 85F9
Redirect Chain

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=83744900145930800510390011618027&t=html
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

72 KB
72 KB

8ms
7ms

Image
image/png

2600:9000:2156:3400:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
Requested by: Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3400:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 16:06:27 GMT
via: 1.1 479d15a99f4dd073131fba1516541469.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 12:05:20 GMT
server: nginx
age: 244
etag: "5f4e3900-11e3e"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 73278
x-amz-cf-id: h8kK7AXFAZypzSZrmy7j-sOZ0eXkWbaGlXmJUbhzhMP2bHd66v5bTA==

Redirect headers

date: Mon, 07 Jun 2021 16:07:17 GMT
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
location: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
cache-control: no-cache, must-revalidate
content-type: text/html; charset=utf-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 bg1.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 19 KB
19 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg1.jpg

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19268
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C1E 0
528 B 123ms
88ms Ping
image/gif 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 16:07:17 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 bg2.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 10 KB
10 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg2.jpg

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11810
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10700
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

GET
H3-29 200 bg3.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 22 KB
22 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg3.jpg

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11809
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22696
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 75EA 4 KB
752 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900027.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 15:39:33 GMT
server: ESF
date: Mon, 07 Jun 2021 16:07:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 16:07:17 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 75EA 18 KB
17 KB 173ms
58ms Image
image/png 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55483/creativesup/Teknikproffset-SE-1200x627.jpg
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 5727b16d52438b292eef1290d7c6644f0512f3860ff5e0d7798b2981af814136

Request headers

Referer: https://hal900027.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17599
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 75EA 13 KB
13 KB 174ms
58ms Image
image/png 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/53597/creativesup/Native1-1200x627.jpg
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 43257add3b22a882aa4615654fc3c91214df22e75aa23c20a49a406f5b295e7c

Request headers

Referer: https://hal900027.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13534
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 75EA 16 KB
16 KB 181ms
61ms Image
image/png 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55313/creativesup/native_1200x627.jpg
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f40f5a86fa5bda6b9d2f42ffec1b4d7962f828dcba8b4b237897f9cd3c32ac18

Request headers

Referer: https://hal900027.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15841
Vary: Accept-Encoding
Content-Type: image/png

GET
H3-29 200 bg4.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 786 B
808 B 6ms
6ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg4.jpg

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11809
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 786
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 bg5.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 17 KB
17 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg5.jpg

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11809
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17109
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H/1.1 200
OK viewability Show response
hal900027.redintelligence.net/ Frame 75EA 0
150 B 174ms
58ms Script
text/html 78.46.111.106
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900027.redintelligence.net/viewability?s=83744900145930800510390011618027&a=e74127be&vb=m
Requested by: Host: hal900027.redintelligence.net
URL: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.111.106 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.106.111.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900027.redintelligence.net/request_content.php?s=83744900145930800510390011618027&a=238c8a9e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 16:07:17 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame 75EA 16 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900027.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 09:02:48 GMT
x-content-type-options: nosniff
age: 543869
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 09:02:48 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame 75EA 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900027.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 00:05:28 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
age: 489709
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
expires: Thu, 02 Jun 2022 00:05:28 GMT

GET
H3-29 200 copy1.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 5 KB
5 KB 8ms
8ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy1.png

Requested by

Host: 9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
URL: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11809
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4879
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 copy2.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy2.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11809
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4267
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 copy3.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 3 KB
3 KB 8ms
8ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy3.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11808
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3308
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 200 copy4.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy4.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11808
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2480
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A7A8 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bo6wENUS-YLzPEoeOjuwP5paIgAgAAAAAOAHgBAI&bg=!LyylLGjNAAY6sG-_OrA7ACkAdvg8WkMbedQ1cbkMeZmOZYtFxN1PvBU0Mhdqj6N0btIqrC2nKg_UBgIAAACwUgAAAAtoAQcKAKB_Rl0d7hhjgTJDnI-imheKZOQmbVjni5fi2OF2s6s4ePzv5TAk1uuLudOUZfj1VC2Nbw1gsQp15AuXxRKYrTYBlOiDJzYQ_B1dzOpfTDZ-s5s4Tzi76svCAYzFUnqXNbspbY7h_D-ZdQvBJShyv2_w14EQ5p8jYgZgcexSOR94rWx2lbC_lQiPbtjoCXC3JjJIWVjj1AWqn2JymButUEN1mQKdPfuV-3OUQzNGqmBX5jxvwZKG7pK3DXQobE92REMFgvIQ3J1Q6fDAyrbw5ejs3T01BZea3a4gkUf_zSBGfB-LjXqw9yAHh7gKRaxFkrr68z0_8YDdRpEmIrN0wGzLYXsbBnljZbWqopkirSCEOEWCdxlNwfd9kHhWNtDHtU_gEMfLL_3WHMXa0TgKGFHJTsJHvVwGFM8ytgzV0bRsfjeNkshKvT66rwrSb793S7IKRrHxttGuzDs0j2VCqKC0THmGW6mFeky3ItEU-jRuWZaMk-JWuB0wKLwVD0GNu_VVWNNolwS6LO0_DT0nQVloILTV45C6pJQbXLDvXE4sQJtv9ivNtxyOR6Sd1eTunVrha8lUmwKqJ3qliGUuvjkfQlzi09P5URyGtYaZIgzKwtf1zS4dgwVOoKxwdhAXC2VLJlyV4Jp6eS0XuCe1fDfFXQlKQNoveikhFjjEifm6ze-gBCdhCloWQZuymoj0LeCiPfT-88cpfeEvBPQR7vx_TtX8cBjCzk4_zFJlDM_kbuEfQIHPAks5HccE3KTTsudc36c2hJzFZ4Wj7aEQkGgY4M8lbO88-HynwejHkzvhljbaorNCF3f6Ch6jbFQUyJjCAfNbAkmA7JZ4r2SDtOf22JzcY1BVwVPe6dUrBl1IPpKwNVK3ESkK09dhOyQNKSIZCZPa3oTlG3c9tl3DjiY1Ww9lPUVn9BGhwYwDWBninEgb8FlwN0esZT4ttvuP6k2Qwr-uqNzFfj7ezCU-uXb7oYnTeCjtLpUhx9kEh6G8R4dLfzlD95Xot_o7M6bGboUa9_9ipkhcyaPfjWXqvrQ0BozDOd8SrMWdQ4ZS-qzH0lXCzvkpAPWeIxm2Qn2l6JI3SCE_kCMdYcPLJdQuFbJZ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 copy5.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 8813 35 KB
35 KB 7ms
7ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy5.png

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 11808
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35930
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7C1E 42 B
174 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstDB--Z0y_yNDjR_FyazbQXMz5yJEFrzZanjWVYLvteoxrPsIIfSbqbJCeeU5y2ZlZhGuPqmTNhYM9nG5iJa3Ug1_45W9RbbZE2GgKYPohhj1BJ&sai=AMfl-YQ2Ge8pSPKXKcBEC2DsCin33vd15bVKP_I8-432N-M6l7EuEE6sRB3u7eZiKMnmnrzUehS2MqMCW0O5JOc_U5_F_2izO6PWULXa3y-L5n5TkpPy3zf8yhy-5OQ77-g&sig=Cg0ArKJSzKO_8tX4i2jTEAE&cid=CAASPeRoHkw8vYaVnwsD9yirCiIhZh_VCYxdBobsCoazIUylSjYvqjfzI6zHNr7NcbR6UaxAAE7HxKNqxhKJe88&id=lidar2&mcvt=1000&p=900,315,990,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210604&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1836978441&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623082037258&dlt=11&rpt=2&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:18 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI_L2Z4vOF8QIVB4eDBx1mCwKAEAAYACDHg4ZIQhMI8dPr4fOF8QIVz8m7CB2CPgum;met=1;&timestamp=1623082047826;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 7C1E 42 B
515 B 202ms
86ms Image
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI_L2Z4vOF8QIVB4eDBx1mCwKAEAAYACDHg4ZIQhMI8dPr4fOF8QIVz8m7CB2CPgum;met=1;&timestamp=1623082047826;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 16:07:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mksa.top/	1970-01-19 18:52:48	Name: _gid Value: GA1.2.309786803.1623082036
.mksa.top/	1970-01-19 18:51:22	Name: _gat_gtag_UA_193456449_1 Value: 1
.mksa.top/	1970-01-20 12:22:34	Name: _ga Value: GA1.2.1077189628.1623082036

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9f46c294e27e50034fae5198b3ee3d78.safeframe.googlesyndication.com
ade.googlesyndication.com
adservice.google.com
adservice.google.se
cm.g.doubleclick.net
code.createjs.com
counter.yadro.ru
dmg.digitaltarget.ru
dsum-sec.casalemedia.com
fnc.rt.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900027.redintelligence.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
optinder.com
p1.ntvk1.ru
pagead2.googlesyndication.com
s0.2mdn.net
sci-hub.mksa.top
securepubads.g.doubleclick.net
share.pluso.ru
static.tradetracker.net
stats.g.doubleclick.net
tag.digitaltarget.ru
ti.tradetracker.net
tpc.googlesyndication.com
ut9.rktch.com
vk.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.zenaps.com
img.sci-hub.shop
104.111.239.217
108.128.9.52
138.201.64.38
142.250.184.226
142.250.185.130
142.250.185.98
185.15.175.130
185.15.175.137
185.15.175.157
185.33.220.244
2.18.234.21
216.58.212.162
2600:9000:2156:3400:1a:7c92:efc0:93a1
2606:4700:3031::ac43:d9f7
2606:4700:3034::6815:9e6
2606:4700:3036::6815:15dc
2a00:1450:4001:802::2006
2a00:1450:4001:803::200e
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:809::2004
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c04::9b
2a02:26f0:6c00::210:ba2a
2a02:6ea0:c700::10
31.131.252.94
37.200.67.211
78.46.111.106
87.240.190.78
88.212.201.210
89.108.97.2
026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5
031de2ba14934fe6c993c486fe0a30a18a8fc69066cf1efbcc4162adf6f32edc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1757f4f4cfefa68975f860ed3c63cd5059cf5e6c253b1c645cd6e7f02522b353
1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
251808cfd4c50f708c4810e43faf576f668d91c456021d8a016574799dd4d696
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a
2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31dc9d13919ae54f4824ea07adba6e6b884e44e66fc9a6963fe461fa68e6dcaf
3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2
34b0c8ea5a9a3515a171b8c7b736ebd134796fe8388b6138de6d7bf62394af58
379e88be5700f1422e0c12dce95da09226e19d6aa9ff2d3ab0e2c6138f7107b6
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
43257add3b22a882aa4615654fc3c91214df22e75aa23c20a49a406f5b295e7c
435f5f3eb4d6383cb2aaae93abf1e387de4acb22791ae314fbcaa545b3dab1b9
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bba00ec25175501a6453b554897c80aca080ef9c0956e4e39eef504fd3473a0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5727b16d52438b292eef1290d7c6644f0512f3860ff5e0d7798b2981af814136
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91
64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c59b38463930ba38386e7f3445198a88e3b26dd7f607340c0468234253359bf
6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7354d73896dc5ac80c527f778647f5c5c7cfe2947cbf8852f712df2eb2d66c9e
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
7d14e590fb12d85ad5144c25b358d288fdd4881dda24656cb0301a44e13738b3
7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996
84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
914a7353486a007feb2a6884b473f034e989ec29e02cbe6773b85b86f9a186af
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
9349826ff558c3904424a488e76ba23f658383030035c8e4878ce41b081953c3
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a087e9644a6325301e75687dcf929ded5d2668f70ab6560a93657cc37e869b67
a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c7211bb67e53271a12a14527ffd1d663756ed2ebec8605eead6ee03c0a1af22e
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e2695ca5607e292c0f855af86ab3e21355d07c577f69ad84c17480f9845c9886
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6
eeffb63289a25714e03789962e35d848efec77515b637f48cc556bda362476cb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f40f5a86fa5bda6b9d2f42ffec1b4d7962f828dcba8b4b237897f9cd3c32ac18
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c
fdd02928d85206d46cd720b834871b6a814513d4514c1ed919a46757080141b1
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

127 Requests

97 %HTTPS

55 %IPv6

28 Domains

39 Subdomains

39 IPs

6 Countries

1518 kBTransfer

2880 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

97 %
HTTPS

55 %
IPv6

28
Domains

39
Subdomains

39
IPs

6
Countries

1518 kB
Transfer

2880 kB
Size

3
Cookies

127 HTTP transactions
2 data transactions