sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On June 08 via api (June 8th 2021, 10:41:27 am UTC) from NL

Summary HTTP 122 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 25 domains to perform 122 HTTP transactions. The main IP is 2606:4700:3033::6815:35c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3033::6815:35c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::6815:9e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9b	15169 (GOOGLE) (GOOGLE)
4	31.131.252.91 31.131.252.91	49505 (SELECTEL) (SELECTEL)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	49505 (SELECTEL) (SELECTEL)
3	185.15.175.131 185.15.175.131	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::4	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2606:4700:303... 2606:4700:3036::6815:15dc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
7 9	185.15.175.130 185.15.175.130	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2 2	185.15.175.137 185.15.175.137	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2	87.240.137.158 87.240.137.158	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
10	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	130.211.47.109 130.211.47.109	15169 (GOOGLE) (GOOGLE)
3	34.107.167.126 34.107.167.126	15169 (GOOGLE) (GOOGLE)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
122	34

2 2606:4700:3033::6815:35c2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::6815:9e6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.131.252.91 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN49505 (SELECTEL, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.131 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::4 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 (^_^)/, GB)

p1.ntvk1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:15dc (United States)

ASN13335 (CLOUDFLARENET, US)

optinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut9.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.15.175.130 (Russian Federation) 7 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.137 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

fnc.rt.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.240.137.158 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv158-137-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.47.109 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 109.47.211.130.bc.googleusercontent.com

nxtck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.167.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 126.167.107.34.bc.googleusercontent.com

cdn-ssl-as.nxtck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	googlesyndication.com 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	241 KB
21	sci-hub.shop img.sci-hub.shop	576 KB
20	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	190 KB
12	digitaltarget.ru 7 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	26 KB
10	ampproject.org cdn.ampproject.org	200 KB
5	nxtck.com 1 redirects nxtck.com cdn-ssl-as.nxtck.com	14 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com	5 KB
5	googletagservices.com www.googletagservices.com	121 KB
5	google.com 2 redirects adservice.google.com www.google.com	1 KB
4	pluso.ru share.pluso.ru	27 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	kitbit.net kitbit.net	2 KB
2	gstatic.com fonts.gstatic.com	31 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	vk.com vk.com	891 B
2	rt.ru 2 redirects fnc.rt.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	mksa.top 1 redirects sci-hub.mksa.top	7 KB
1	2mdn.net s0.2mdn.net	70 KB
1	rktch.com ut9.rktch.com	88 B
1	optinder.com optinder.com	561 B
1	ntvk1.ru 1 redirects p1.ntvk1.ru	380 B
1	google.fr adservice.google.fr	799 B
1	googletagmanager.com www.googletagmanager.com	36 KB
122	25

	Domain	Requested by
21	img.sci-hub.shop	sci-hub.mksa.top
16	tpc.googlesyndication.com	sci-hub.mksa.top securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com sci-hub.mksa.top 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com ad.doubleclick.net pagead2.googlesyndication.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
9	dmg.digitaltarget.ru	7 redirects
8	securepubads.g.doubleclick.net	sci-hub.mksa.top securepubads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	securepubads.g.doubleclick.net sci-hub.mksa.top nxtck.com www.googletagservices.com ad.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	googleads.g.doubleclick.net	sci-hub.mksa.top
4	www.google.com	2 redirects sci-hub.mksa.top tpc.googlesyndication.com
4	share.pluso.ru	img.sci-hub.shop sci-hub.mksa.top
3	cdn-ssl-as.nxtck.com	nxtck.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	kitbit.net	img.sci-hub.shop kitbit.net
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	nxtck.com	1 redirects 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	securepubads.g.doubleclick.net
2	vk.com
2	fnc.rt.ru	2 redirects
2	counter.yadro.ru	1 redirects
2	61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sci-hub.mksa.top	1 redirects
1	s0.2mdn.net	ad.doubleclick.net
1	ad.doubleclick.net	www.googletagservices.com
1	ut9.rktch.com
1	optinder.com
1	p1.ntvk1.ru	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.fr	securepubads.g.doubleclick.net
1	www.googletagmanager.com	sci-hub.mksa.top
122	35

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.kitbit.net Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
ut9.rktch.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-17` - `2021-08-09`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.nxtck.com Thawte RSA CA 2018	`2020-11-05` - `2021-11-07`	a year	crt.sh
cdn-raw.nxtck.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 5BC3C87E9EBC9AB33B5CE47E9AE43DA7
Requests: 57 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032105281634000/amp4ads-v0.mjs
Frame ID: 43EA935F349ACADD291270DF77E7AF5D
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 8E9FCB2A49D6D1F20ACFFA45339E0E91
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A1E9F9A8B64476CF71371707C7AC4CEF
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: 80514BBFD38D8FAEF1E007D2BEE40E57
Requests: 16 HTTP requests in this frame

Frame: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C32DCC9B111808076DAB04C15F1F2D28
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk
Frame ID: A7F62182887B57C272F51354621FB1EC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFTEjQT-0MX58DPHN2YP4FfunvLzHQNmgKe3rmpHruopHGxuZKQchNzS622objQtCklMz1E2VlhogHqc6qRu-uCKC84cknPGYHbwqtJKGsPLVL84SoHqfbxZSsim5KuH3fHSBSya3AHJF0TtfcrqpjgS5Zhw&dbm_d=AKAmf-D01PmSwlKxW6a8pZAiuT8swjbIg1oRNH0UgacfvyVOyUO1tA6sVcFbAoeZUJZa8MucVFBpG7Gf2Xids3ihTg61PSougoU2c9ryXCcTQ_nN0qTmu2T5L1GaqlgrFIgwYyGCcrdo25I7cQzqoc0Z7QEfSd4ZsDhPQJElt2ii2vXM4gR1_kwZEd4CfEy9wnaEihYW8n0EC5JMUbj4g7MHOW39Gq4yA8y5N3R2438PbHB-c4i49pUaBALLPGAKQ75Qw-9kRBRS0r7Ji1ilRZgaqdQl8AB_jqWcuibiZ78C9UTxF8_3RzaxDQjMhNwMGJ_gPPTeIWkpRcbLI2bG22ivTcobbuYdCisc6sDZpBP-OaCfN0gbZDP81eIVaJZirzwZb6nENtYC9pVuDA56MBFkbTNyhZRmIwwkeNswapubhokaZ6JpYofaXEoqMv1cPElEOFgAJz--vtLCh50Qcy8UWxb0fjv6zX3TCmmJ6pqV-6dSQkELpzVraadPFjKCtQyT3iqTyK5kwsNgTt8efXxo1T0Nk0-uzm4dw4QL14JzPNvan7gStjrXzEqp3kiLXYD8k2CgxJ8daPdebddFk4rgpYPGFfXJTUvUDiD8Wt2ouhZzmeEknS2TpOnA2WPlPh1LOQVuGksRmXHbBn_PGcqmjX2XD3s0p6n2SiOzCUST-OYSRu4TtKZvsSfZRaMq3LVDTSAeEp9-469R8MnwyoIRFZTH5ygLmalnZu6AQ0_1KXjWqawHE2lIFWazVXTJODiNO_NovE8cvsU9OXLuOSLrQaYic1fjS7vuDLdncM_kxQvQofl3NEUotbwXwrK0n5aU5NrgEqVZWNtKWxxXNd-xClV2P2qEdyrjjIj-x3z3zY8VBwVC3h6t3lHt7bVVBC5JE7yGNmH7_2i4UrN8IgIqaMqN7OsmoTgvm7-cC13ziLvSwoWt1zdk92awXoQOGcwWCirMbnSX_bZnnkYupj5iCGW361KHVCkz0a-T_TBku-Y56IkidrBE7Tb88npLleJAcJBkyTTUVSqpp7BNAoLOMw0fD4a4LnXvubMUUNAfFJ4dhd4TAh9CTuMgwSGja1CHHxMBpoegWR854ebBnmG2TiQZk7hvVereGcr0B-9x3JwJNaZCTqhVISsJX_JJHMVNMQg4T7bT88qKdO-eeYxtZEYAubwoixRBYJ5-lKVUA3d4FKdPvjuViVM302rcurUsF54xmbaflF9Gj864OXaWrK74sT9HwU32840WGYrHQyNaumqNFQfgj355yprh77nLl_Ptutywr2koYkszX9qAy-6ChXR-7-1RqlXKb_QIXbCia2n9dZi0YQbiJvXV3la06yXKn3ahEE6CVv1t4acNxzWVLUNLf9Tv_ZtGD0gGlnLtAg5YRCupa9Ckdzl9m-aESPeEBKKD-GNvMRaCVKONHiLcFtP7Jbz092lgEDvOgobraNOgb_oHqKnOS413b7cRU_xcZdgExa-cKMEhvbQGWrL0ZxK97rKxaSZtUpFnUl5nEi1dQ2FiMLzLIhpJdFyyKIqoQePaz9uzX54_dL5wKpnDonjLW0R9jD3FRH_BKBy81xjtSE_4ajxVr14sdr1a1qyVA7aBBTWJsb9PZWpAPr1nY0oOz6_kPNAI6VFdQRHsGMml7MBmmz5qqntkRGYaIDPM4_Cu3jThjbn_wItxPb65CSmtHngp5CVQ_VGMSx_CakqbrlVu3kI5b4_t7ksGSQtyEPVDTH1RSpdv_vPC2epUW1hWpzGmef1BHhNPPeNNgvIb3V6cCR-W0_wN69ZjlZUZd8b106UFQLh7pyn3iqwcpqfxVSo1oEyljWS0KWKDmHTYVe3vv8yptN6kJMAel2Y0-GgHZfyX49G8pH9AioYTfrCPawfJwZ7xni9Jo_FLBGxulAScH-eFQi1Ci7g8nBE_gMZzhV-HxRVFspdqsDrRymgbxsu_KdG7oL9-_M1o9N_Pgk1t3dZksZLOYyow-KFk8ZrJH7jc7h6Pb7h0SFByZ88QPhfjwSjg04wisjz_QyidMAPC7KxD-TkzhVcuGezgSy-dz0ti8f_FovySKu68bw2-BmCY08lXRcPZ3rRZ2NMikHssRbbHOCQEycNoSSbae5KIWhlJIoy2hWtYTVk9YjBQzAYOizjAk2tN_vVI-qch3ZlCsM5MSaodm8DXrTdRmq-VnvJyGgsBODm9_INDbMjzCgS7_gZlXbqbDiCJwUvNkdB3o6Jmr1MPNwrv7NuAc_mec7baNDI8KY_ikmHJ3IdF63TNGEPj824mcxmo0kvK9RG5XMJKlppzh3AE_UWpbtAhRLXglOoM3uWOP_i9XvW6rVZJfys8UzeFzg3KMiSlKxzUUptk3IU752pbcGEJ4xYA3F-E-KBvN82r2TRzWJIDspD3EZtv6VZ5zZAZBrrmG_wse2nLX0l09-wukriukrMhF5vAHy3y0PofLjw_OyNwTn0IFHoxFRatAatnmR7YunrRtFE3lTwTBLJCRUZrUbZs7kBzM8phQ4MWYOarwZabLzMrFjZVmEL2jbOCc4L4mIiWY9T987KRrPZSd-khLuG9T_OQt1WFp_R02XfdrJPQ3r7wp2qxchneYxVxO0uPd1eMMqBQR0XxA5ffI0hckJYR8lrqSAH4ft0UyrnQrES_XBky12bWadqWfY1htLEMiF9RtQmTXajhCHV5BBH6iQZns5k7IgPDl6J6Oukha8gYi1rOAefCKVAOvDAOaKM3RIhM4BHlnkv6igdxfexB7Z2B-xWltRwU6viIt5laU_Wjnzmo3cty1XtIeivsl-B9uv0r4925Kwu-naMrKmkz-WDDg6UIzv1OylsN7tttFYOa8GrlgS0LdwBmbxE-vIBMn4sVQcaNgLkecPp_03cZh1EJbBs37ki1j0EFCUu6BynFurL4uavcADlHX8nu8246yKDr5SVsBdeQomd_4wQ66N6OlDtVb6HV4ruFdiX6pLXLcgYOBLAWrecouv-eXXXwcnWNro6KluWXmOTsqOw7BF2v32gihrJ49oJsQMzaF9kMKPWD7LbMRSldZvMIoqVsqndH0q2UTfjB2OsJMqDFZBIs3Qpr8ILuhJUJWS2hrgZhhSFy2eM9fgRZp1YUN9K30YY&cid=CAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240
Frame ID: 79A7AD46D0D4BEA3E2B70EFDC3407107
Requests: 7 HTTP requests in this frame

Frame: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
Frame ID: D9BAD28021264F198699CBBC85A9945A
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5BF25FD1F29468B23FABFD84D0A6F824
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N4022.4024539RAKUTENFR/B25109827.304865657;dc_ver=75.217;sz=300x250;u_sd=1;dc_adk=437876951;ord=3c2efn;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D583180%26ev%3D76461%26rid%3DISsgdC-wV3LIaA5q%26sid%3D567877782%26uuid%3Dea65be7e-6f18-4b73-bafb-17fad799e880%26ecr%3D%26referer%3Dhttps%253A%252F%252F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=sNnUUEg9Vr;osda=2;sttr=35;prcl=n
Frame ID: C0FC842CD2E7BD431DE8306F9835DBAE
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D283EB23E5138671C509ADA6C843FB90
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js
Frame ID: 8FC7CBA992CF8D96C07A4421924494E3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

122
Requests

97 %
HTTPS

54 %
IPv6

25
Domains

35
Subdomains

34
IPs

5
Countries

1562 kB
Transfer

3213 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Request Chain 44

https://p1.ntvk1.ru/nps HTTP 302
https://optinder.com/cro

Request Chain 48

https://dmg.digitaltarget.ru/1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc HTTP 302
https://dmg.digitaltarget.ru/1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc&q=scc

Request Chain 49

https://dmg.digitaltarget.ru/1/6534/i/i?i=965504862451968.292118680378121&c=tg:adcm_pc HTTP 307
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=965504862451968.292118680378121&c=tg:adcm_pc HTTP 307
https://fnc.rt.ru/1/6532/i/i?i=3A45JocXl2rjpiv7il9J&c=tg:rds_6534 HTTP 302
https://fnc.rt.ru/1/6532/i/i?i=3A45JocXl2rjpiv7il9J&c=tg:rds_6534&q=scc HTTP 302
https://dmg.digitaltarget.ru/1/6533/i/i?i=973863001586998174637000000018468605&a=774&e=5a8ub8UwBFl85555n2Ys

Request Chain 50

https://dmg.digitaltarget.ru/1/1086/i/i?i=965504862451968.120942788025023&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.xps:xpsAIdhPefpIyZthyXxRG9vgf.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=965504862451968.120942788025023&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.xps:xpsAIdhPefpIyZthyXxRG9vgf.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-956930-7bGhv

Request Chain 51

https://dmg.digitaltarget.ru/1/1086/i/i?i=965504862451968.498395820920715&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.xps:xpsAIdhPefpIyZthyXxRG9vgf.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=965504862451968.498395820920715&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.xps:xpsAIdhPefpIyZthyXxRG9vgf.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-518562-1Pcxj

Request Chain 64

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 84

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1&C=1

Request Chain 95

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL9JRgjUeseVUiMLso-8RwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGrfvpNHKPN7ntDgs_GuNoA&google_cver=1

Request Chain 97

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMzOTMxNTY1MDM2Mzk1MDg5Mg%3D%3D

Request Chain 99

https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D HTTP 302
https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1

122 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

29 KB
6 KB

566ms
548ms

Document
text/html

2606:4700:3033::6815:35c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:35c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab

Request headers

:method: GET
:authority: sci-hub.mksa.top
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
expires: Tue, 08 Jun 2021 22:41:08 GMT
cache-control: max-age=43200 no-cache
x-cache: MISS MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a8ccf49470000dfa591193000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=48dLBd1PfFYjllyGk8uAC5U64yro%2F98Vm4qcfwF4wYnT%2B9%2B18dyjPTfafa0vC4K7lnBrE5gIVNt82VJJYyBipEN2%2BPk7HmEiAQMMgSSMVFbU9s1%2BL%2BaHGJnTxyhFJhDhH62wHpxzGpbS1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65c1818868eddfa5-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date: Tue, 08 Jun 2021 10:41:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 08 Jun 2021 11:41:07 GMT
Location: https://sci-hub.mksa.top/
cf-request-id: 0a8ccf492100004e61e9119000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JvjM3ngu7tWTYUjMH7dR800bwr%2FMdLtwpHaizF1ZJ9rdKdVrgouBLHkM85e5px29PJnGD9Fik6zQmQoZ1o7GI3jtsaea0tee5i5VssOXRRB2Mjll0NVSwYJsKgnt%2FMm%2B4guL5Yuic8fugw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65c1818838784e61-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
29 KB 56ms
33ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ccf4b8400004ee688870000000001
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
etag: W/"5c00bb7c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=R9sHgL737V28IsNDRTiQKWn5OmXPKRzXxTtw13OIHCDaD4hPBOfKk05ef6vfhh01KZ6CYNzUtRZ68RQmmT2gVlMWPbwkUZzeUxLHLLuG%2BveGEkLbcRC%2FtJD%2BF7c6pM38Da4PHXPzy6VPvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65c1818c0e004ee6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
63 KB 69ms
45ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ccf4b8400004ee65323b000000001
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
etag: W/"5c13665c-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5bOjSti5OSAP%2FN9Vfk4YLgROK1UfQmDPQ%2Fo%2BIzL6K59evMMZ%2Fku8npzEC068FZnlZLB6jy2pIt39t0ZzNeftsHAJKrAijhyDtVA9AlE4rEePNNhhtH3Nh3jZTspsNNAcKKLdiO8nkFL9YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65c1818c0e034ee6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
22 KB 58ms
35ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ccf4b8400004ee63e396000000001
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
etag: W/"5c00bb8c-1798d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4ijF19U0iGDPe7o401oM%2FNcEy%2BHMC3WAAtk2gd%2BTLAwVUbnk16M2Ef%2FXrq3CLA6wErZF3DMdShwCMlFIQuWTVoySFB9TrabkkbO9y8g0yNYpJFbLcCjrnor8MnBcaz4dYGDVaiOZW4e5gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65c1818c0e054ee6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 32ms
21ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22275
cf-request-id: 0a8ccf4bbe00004df42c22f000000001
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lnAeQDOh8hfvoaVroFH3jGke1mw4t0f314OFt3s%2F3WlZsEuj4u4tclYk2HO8l7z1sm5Z%2B%2F7Y8fFJ%2BSz6oyJSJMLMhZmiDji%2BPOoIlwc1KA6185OYSzNtqQXcrPxdtQ7NPxHUtyAcSA0e1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c68a14df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 20ms
16ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270432
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8428
cf-request-id: 0a8ccf4bbd00004df498ad8000000001
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XoJgXyY87JVZQO7B6imbKXIYNCUg20c5e7imB6LzAhIdxLMDdZTgrrPTe0FE8lqz%2B8neUpjG1JdX7ILNdHET%2B5U4OTkMxxdfRkr%2B3WPzcC8EwOgCH93XwXVqbvjfWdN61dFDqi8AElUhqA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c689c4df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 61 KB
21 KB 52ms
52ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

e4d2ad1634d3edff68d97fc7108092f01c4735455af1fe4661f320b16c417f24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "896 / 523 of 1000 / last-modified: 1623145046"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21220
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
36 KB 34ms
14ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d04828857d1ff31d24b42317e5d011487543b95da962b1704fc018f63cce9d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35965
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 08 Jun 2021 10:41:08 GMT

GET
H3-29 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 12ms
12ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 188646
cf-request-id: 0a8ccf4bcd00004df48632c000000001
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YscCONo5BuxKPXSj%2B42mTwcyQ82Pt5MKLj3w1iYS3%2Fium9K%2FnC6Em26BIQPKVQjkogoegCjzkj7QPD6X5zZChsKHvZgcE9A54P8UP620bXDM%2B8WTn7NOPSRm0QqkHVJsBaUQkBoJ%2BW3UJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c78db4df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 23ms
21ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 14556
cf-request-id: 0a8ccf4bd500004df498ad9000000001
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2O48n3BCOC6O%2BxGvcAZnHEdJDG5I1kyeBDDeOoZI9Ri2%2FHjUNOS%2Bpx0Wi8qCrF0PV2g2NEydLtEzXP%2BzKNpd9N6JNiXmdcfduyctw1GShdTtC9GcZpXZ5iCeNeASsBFWQzHLmL4XNg%2B2hA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c88f44df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 23ms
22ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 60144
cf-request-id: 0a8ccf4bd500004df452920000000001
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0J06FYvxy%2FtDXgjTI61GlirZQwr0J2rGSpp6UOG%2FPnRgtRwu%2BdQOWoFIvFxUJyW7gPzDYIttBBEhC1C0vUNByzFh8hJHfrnE0nXDLq6nWySfupPe31kHjqTvMk97ndY96I14sqoLjfCEHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c88f74df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 28ms
28ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 55605
cf-request-id: 0a8ccf4bd600004df4728d1000000001
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Wg125S3p%2BwiArhLbBy7iFv1RpZL8AkwG4zNzPuStiingaRKjgzStMnNgwiocTiHtoB4XUJ0diPlAgpnw23QiXgpM71DziD6O3egPnrKMflpbWdpVA3ibE%2FXekQMB8qk9q7%2FgJCWEsAdeng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c88f94df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 29ms
28ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3361
cf-request-id: 0a8ccf4bd600004df45c268000000001
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qSHJDlVszLl8O0XFVe7EruTy90uTRZxGCQ%2BX6G9X7Fe5MtMyUGT7SJwhEKpBaJ4x0Ss6jNXnu8SEKNZpBo27APf7Cu%2FEw6WkAl2GTr3%2F434LxIOxVVfEe4xg4W4WDitJk1u6qxbYfHykBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818c88fd4df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3-29 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 22ms
19ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1068
cf-request-id: 0a8ccf4c0f00004df455895000000001
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=RBInUt25ny09Q%2BsAJEL%2BZDJDstFQL%2FidJawX9WWSh4lS433ZvD5RGWq8%2By2yS5mmbNtvXxRL%2FISOcGpKYlNvb6MsXvTCO%2BNlpAI938hSn4uSKydCIWovpyfDMRCkI%2BhIX61f7aiHJWUZjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818ce9f44df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 41ms
38ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1087
cf-request-id: 0a8ccf4c0f00004df49e1aa000000001
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wHZpF840zH6UNIOiIXUXXlpLAArRWuF%2FpZbCVx4VOJNoZOkcmXsZzVMrZNj2uOhKKnMh%2F4Jqqwcfh7L5hbWBS2b0zC53zv9%2BAi2DrvtG5opI5PioOCDd8FgmPnpdRO0aKVyG5GEaW%2Fs4zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818ce9f84df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 22ms
19ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1637
cf-request-id: 0a8ccf4c0f00004df478057000000001
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0dUPGH4Q3X0JSk8NOW18qjXPVZOOMD747LCaXgZkjVFpoW7FJGG%2BX1If4pYfzPNVFxLme2299qI1Ys2ZW%2FUcPxaZDBKUUx81Btr165HxWBd8iRoINLnWsQYsSGkdqMCHErrAW31b6PiapA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818ce9f94df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 18ms
15ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3907
cf-request-id: 0a8ccf4c1000004df45c26e000000001
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ta4vN5q%2Bpwc6A1JV9Hne6MRBXPx3tXcKFdQnp%2F03IqvRlahgpBIPjidvqBITgHbmJJr%2FOtjKm%2FoVktj2Rn6zrcGOyuOL2oDkw9j%2BXKiaf9hoHX%2FkeqU%2BhtsSch2YQajG34YPJSbrpDHBmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818ce9fc4df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 23ms
20ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4278
cf-request-id: 0a8ccf4c1000004df46b309000000001
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5QxKfR8%2F8lm4onJYIVW%2FrPYGnW5vC3rYU5DE28MY%2BlhIzWBhkwiIe6e6drbg37H%2BjSMDZ2LLMxRKdfU%2Bx%2Ft2krwR74lxhut43lcQ5mmOOCDkxiWpLiJk%2BvZPPytMN9WdKTaX3cOaL266Iw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818ce9ff4df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 22ms
20ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51212
cf-request-id: 0a8ccf4c1000004df4693d3000000001
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=t3Ln42Yr3a0%2FqCW4yByfK6KONyqgs85kp96VHEkL%2FEvwZh%2Fq9QNZhZugyHHpa31NIA0EY6sYPprODR2IMkVbdi57kg9za%2FrZ42HxDUh8jOlOmYBpXAOjh8SXGCZw9iUwYFJAI5UPuUwfjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818cea014df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 24ms
22ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6197
cf-request-id: 0a8ccf4c1000004df45aac8000000001
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=FTgC62Xii0OtIumoxaxiKFgQ%2Fny9Z1RqWFI9VKEDd%2BS1Jh96X0EVmj4jufsFqAqHItbG94IDD%2B286f2RsbUxEVdiICRT%2BfaP%2Fm8iMAXid8rzZ7jrOakIyfoUwsNgvvG55wL4mQNUDl8vrg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818cea034df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 24ms
22ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17834
cf-request-id: 0a8ccf4c1100004df49c2ac000000001
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rl8ZP%2FO9x9WdgtpqOj7m6Mnm1I8%2FGonp3BJJHsnDhBwjRggZFOJSvnj6IOmp%2BlNXeVIL6nhoMs40fHKmCXMXzUFWN5zI1ffJ4I%2FRzdOCMvtG0tsqtkO35SDyw4HNr46NjG4WynpKyRMcFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818cea044df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 26ms
24ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5751
cf-request-id: 0a8ccf4c1100004df4388e6000000001
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=g8RMHGuesZKN3DkPXhg%2BnMYbxCpdnoHnbi5PgiGSOcORASpvTGVLEc%2FOKwhU1addt%2FGX6GmoRD9Ye3Lz77PKk75TcZjpzF4KCZ7jEjm4GcVO8t2pXLvkibW15SrY0AfFcL5Jmq%2B6WXf8Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818cea064df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 26ms
25ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4152
cf-request-id: 0a8ccf4c1100004df42b907000000001
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wpH7%2BEbuFBg9L%2FqANWSV9WAif%2BtuiC4HZFSvVheZvAF8J9QlZ3H0yZyvHuL1Yrox17onBMEwylMSfUigABLnW19wd4vkh50mxmrd9KyzsUwUjQdjhhVS%2Fc2HuQxEI7edFHg%2B3p9C2%2BKS4g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65c1818cea084df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
12 KB 22ms
16ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 270431
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a8ccf4c2400004df4aa93b000000001
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
etag: W/"5c00bef8-a5cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=20njOGM7GMldUj6ewQW%2FG3Dzlr5MplJxnlmJkgl4SjIsn1T0ow4cgDB2nuqJGpCt127tYs6Tz73mhRVNsh91ODPgdhL0xeM%2FJI3HSABVYFX%2F7O1MnUjRyjPoS7gwVxz6VMtrvbieF%2FOw5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65c1818d0a494df4-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pubads_impl_2021060701.js Show response
securepubads.g.doubleclick.net/gpt/ 318 KB
112 KB 39ms
39ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

094c1111eeb737673d376e2598c9abfad2c1dadeab91522940bbf5d2ff512a72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 Jun 2021 08:45:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114129
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:08 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5386
date: Tue, 08 Jun 2021 09:11:22 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Tue, 08 Jun 2021 11:11:22 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1582349350&t=pageview&_s=1&dl=https%3A%2F%2Fsci-hub.mksa.top%2F&ul=en-us&de=UTF-8&dt=Sci-Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1334925677&gjid=817346883&cid=1720323629.1623148869&tid=UA-193456449-1&_gid=726499386.1623148869&_r=1&gtm=2ou621&z=1954178101

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
799 B 46ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 42ms
14ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 42 KB
11 KB 1183ms
1183ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1344928066937523&correlator=333008327180705&output=ldjh&impl=fifs&eid=31061161%2C31061385%2C21064370%2C31061200%2C31060840&vrg=2021060701&ptt=17&sc=1&sfv=1-0-38&ecs=20210608&iu_parts=22149012983%2Cycykh-ndd%2C970X90-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1623148868&dt=1623148868832&dlt=1623148868456&idt=346&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=900&adks=1836978441&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=970x-1&ga_vid=1720323629.1623148869&ga_sid=1623148869&ga_hid=1582349350&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

51654cea7baa3054df9d88aaa41bd60b7e6ecb3c90e5906706efe68543caaffe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11113
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 48ms
14ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 1848ms
1847ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1344928066937523&correlator=333008327180705&output=ldjh&impl=fifs&eid=31061161%2C31061385%2C21064370%2C31061200%2C31060840&vrg=2021060701&ptt=17&sc=1&sfv=1-0-38&ecs=20210608&iu_parts=22149012983%2Cycykh-ndd%2C336X280-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280&cookie_enabled=1&bc=31&abxe=1&lmt=1623148868&dt=1623148868839&dlt=1623148868456&idt=346&frm=20&biw=1600&bih=1200&oid=3&adxs=632&adys=1552&adks=2992418410&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=528x334&msz=336x-1&ga_vid=1720323629.1623148869&ga_sid=1623148869&ga_hid=1582349350&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8f6b5b292f569b4aa23391599e2b5ba79f921042cee545029ae7854a7c3a13e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8694
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 479 B
293 B 1368ms
1367ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1344928066937523&correlator=333008327180705&output=ldjh&impl=fifs&eid=31061161%2C31061385%2C21064370%2C31061200%2C31060840&vrg=2021060701&ptt=17&sc=1&sfv=1-0-38&ecs=20210608&iu_parts=22149012983%2Cycykh-ndd%2Czsy-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623148868&dt=1623148868845&dlt=1623148868456&idt=346&frm=20&biw=1600&bih=1200&oid=3&adxs=426&adys=2192&adks=1528813087&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1720323629.1623148869&ga_sid=1623148869&ga_hid=1582349350&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

b263d0216e5452f8e16cb2daf840e2c0a29143781a1484849d4dbadc7d279505

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 263
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 50 KB
11 KB 1572ms
1572ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1344928066937523&correlator=333008327180705&output=ldjh&impl=fifs&eid=31061161%2C31061385%2C21064370%2C31061200%2C31060840&vrg=2021060701&ptt=17&sc=1&sfv=1-0-38&ecs=20210608&iu_parts=22149012983%2Cycykh-ndd%2Czsy-youtu01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623148868&dt=1623148868848&dlt=1623148868456&idt=346&frm=20&biw=1600&bih=1200&oid=3&adxs=430&adys=2192&adks=3809152490&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1720323629.1623148869&ga_sid=1623148869&ga_hid=1582349350&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9e7946100120e4c56bf5f5142d95185e42624edf98bdae4413c31441a8d4c67d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11382
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
431 B 50ms
15ms XHR
text/plain 2a00:1450:400c:c04::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-193456449-1&cid=1720323629.1623148869&jid=1334925677&gjid=817346883&_gid=726499386.1623148869&_u=YEBAAUAAAAAAAC~&z=2060997899

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 08 Jun 2021 10:41:08 GMT
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 262ms
70ms Script
application/javascript 31.131.252.91
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=sZXQzo2bQAs9p8lL&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

c471f0127ca22bf64c2926056cfb8aa50fce2505f4d500c057c520396d15e842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Fri, 11 Jun 2021 10:41:09 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 266ms
67ms Script
application/javascript 31.131.252.91
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=nxlrJ7cCHsxJKundefinedSK

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

c471f0127ca22bf64c2926056cfb8aa50fce2505f4d500c057c520396d15e842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Fri, 11 Jun 2021 10:41:09 GMT

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
496 B

70ms
70ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:09 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 07 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:09 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sun, 07 Jun 2020 21:00:00 GMT

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 304ms
108ms Image
image/png 31.131.252.91
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 259ms
59ms Image
image/png 31.131.252.91
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kb.js Show response
kitbit.net/ 1 KB
2 KB 625ms
62ms Script
application/javascript 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/kb.js

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

7c26262d428c007c7f8102c7e0923dfc02e60a9a10f8e13993fe3241a21849a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:39:35 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC/SOeESQsqUHBuAg==
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=21600, private
Connection: keep-alive
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 16:39:35 GMT

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ 3 KB
3 KB 184ms
60ms Script
application/javascript 185.15.175.131
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: kitbit.net
URL: https://kitbit.net/kb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.131 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H/1.1 200
OK s.js Show response
kitbit.net/ 1 B
303 B 61ms
60ms Script
application/javascript 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/s.js?u=https%3A%2F%2Fsci-hub.mksa.top%2F

Requested by

Host: kitbit.net
URL: https://kitbit.net/kb.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:39:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 10:39:35 GMT

GET
H/1.1 200
OK h.gif
kitbit.net/ 43 B
537 B 120ms
58ms Image
image/gif 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kitbit.net/h.gif?r=&s=1600*1200*24&u=https%3A//sci-hub.mksa.top/&h=Sci-Hub%26kbuid%3D5EFC831FE748BF602A0B4984026E7050

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:39:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC/SOiESQsqUHBvAg==
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 10:39:36 GMT

GET
H2

200

cro
optinder.com/
Redirect Chain

https://p1.ntvk1.ru/nps
https://optinder.com/cro

0
561 B

41ms
25ms

Image
application/octet-stream

2606:4700:3036::6815:15dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optinder.com/cro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:15dc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:09 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=p8Uv0vSTMFAjgEBEu0BfVyi2iCSZftx%2FbXQ62AqYutp9DnQgXLq2GrezDXaKkq%2BwtAnqYMlRX4AUeNlmLou%2BWF7nwDtDrUyee9P1h0f6xO%2Bpkgq0IhZ8%2F8YGxjKUb%2F80ypZwKYoa"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cf-ray: 65c181935d54e003-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
cf-request-id: 0a8ccf50140000e003c701f000000001

Redirect headers

x-77-nzt: AcO1rzWCXweB
date: Tue, 08 Jun 2021 10:41:09 GMT
last-modified: Tue, 08 Jun 2021 10:41:08 GMT
server: CDN77-Turbo
x-77-nzt-ray: Gga7cOuIGRM=
x-77-cache: MISS
content-type: text/html; charset=UTF-8
location: //optinder.com/cro
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
x-cache: MISS
x-77-pop: frankfurtDE
content-length: 0
x-request-id: 1233321810-1-1623148869.608
expires: Tue, 08 Jun 2021 10:41:08 GMT

GET
H/1.1 200
OK sud
ut9.rktch.com/ 88 B
88 B 194ms
64ms Image
image/png 89.108.97.2
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ut9.rktch.com/sud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 89.108.97.2 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d50603.reg.regrucolo.ru
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 88
Content-Type: image/png

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ 15 KB
16 KB 107ms
106ms Script
application/javascript 185.15.175.131
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=903915913142329
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.131 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H/1.1 200
OK extension_1086.js Show response
tag.digitaltarget.ru/extensions/ 732 B
976 B 60ms
60ms Script
application/javascript 185.15.175.131
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/extensions/extension_1086.js?i=943998768480224
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.131 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:09 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-2dc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 732

GET
H/1.1

404
Not Found

i
dmg.digitaltarget.ru/1/7195/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc
https://dmg.digitaltarget.ru/1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc&q=scc

0
452 B

77ms
63ms

Image
text/plain

185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc&q=scc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:10 GMT
Server: nginx
Connection: keep-alive
Content-Type: Not found: placement 7195
Transfer-Encoding: chunked
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

Redirect headers

Location: /1/7195/i/i?i=965504862451968.967263893228900&c=tg:adcm_pc&q=scc
Date: Tue, 08 Jun 2021 10:41:10 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/1/6533/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/6534/i/i?i=965504862451968.292118680378121&c=tg:adcm_pc
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=965504862451968.292118680378121&c=tg:adcm_pc
https://fnc.rt.ru/1/6532/i/i?i=3A45JocXl2rjpiv7il9J&c=tg:rds_6534
https://fnc.rt.ru/1/6532/i/i?i=3A45JocXl2rjpiv7il9J&c=tg:rds_6534&q=scc
https://dmg.digitaltarget.ru/1/6533/i/i?i=973863001586998174637000000018468605&a=774&e=5a8ub8UwBFl85555n2Ys

49 B
603 B

75ms
75ms

Image
image/gif

185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/1/6533/i/i?i=973863001586998174637000000018468605&a=774&e=5a8ub8UwBFl85555n2Ys

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 10:41:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 15
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Location: https://dmg.digitaltarget.ru/1/6533/i/i?i=973863001586998174637000000018468605&a=774&e=5a8ub8UwBFl85555n2Ys
Date: Tue, 08 Jun 2021 10:41:13 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://fnc.rt.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=965504862451968.120942788025023&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=965504862451968.120942788025023&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:d...
https://vk.com/rtrg?p=VK-RTRG-956930-7bGhv

49 B
445 B

185ms
65ms

Image
image/gif

87.240.137.158
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-956930-7bGhv

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.137.158 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv158-137-240-87.vk.com

Software

kittenx / KPHP/7.4.107432

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
x-frontend: front605108
server: kittenx
x-powered-by: KPHP/7.4.107432
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Tue, 08 Jun 2021 10:41:10 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-956930-7bGhv
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 17
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=965504862451968.498395820920715&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:dunRmrS7kxGRt2AgpoBEUaaG.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=965504862451968.498395820920715&a=86&e=5EFC831FE748BF602A0B4984026E7050&c=ss:86.up:5EFC831FE748BF602A0B4984026E7050.sync:up.xdua:d...
https://vk.com/rtrg?p=VK-RTRG-518562-1Pcxj

49 B
446 B

75ms
65ms

Image
image/gif

87.240.137.158
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-518562-1Pcxj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.137.158 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv158-137-240-87.vk.com

Software

kittenx / KPHP/7.4.107432

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
x-frontend: front605108
server: kittenx
x-powered-by: KPHP/7.4.107432
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Tue, 08 Jun 2021 10:41:10 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-518562-1Pcxj
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 149
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032105281634000/ Frame 43EA 191 KB
54 KB 35ms
9ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032105281634000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bec5f2d4c04b745da44edaf721e56b231f9d08914a11b397d848c40f69d0c48f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15314
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55252
x-xss-protection: 0
server: sffe
date: Tue, 08 Jun 2021 06:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d4150df44d24ecdc"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:25:56 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032105281634000/v0/ Frame 43EA 12 KB
5 KB 33ms
7ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032105281634000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cfa2c1817acc9845143087b8f08cfbf450334d63f8b69ea16ec5bf8222cc9ae8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 554622
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4567
x-xss-protection: 0
server: sffe
date: Wed, 02 Jun 2021 00:37:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ca56b057322a8584"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 00:37:28 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032105281634000/v0/ Frame 43EA 87 KB
27 KB 47ms
21ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032105281634000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac39fd2de34b92759571eae7493ba485a9c437b55a9b17e4ae0c2af108658e30

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 567051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27321
x-xss-protection: 0
server: sffe
date: Tue, 01 Jun 2021 21:10:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3f2374642481d921"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 21:10:19 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032105281634000/v0/ Frame 43EA 4 KB
2 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032105281634000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2995615474b2ef92946ae6000ca992f89c7ff861082cacb1aa2176e81b1514e2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 559911
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1522
x-xss-protection: 0
server: sffe
date: Tue, 01 Jun 2021 23:09:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "514585efdf5d56f0"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 23:09:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032105281634000/v0/ Frame 43EA 41 KB
13 KB 49ms
26ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032105281634000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

84430d6abc2891ae6d6d74e51804bb5edfb8406efad225ad57d89801a1cd7d2a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 567051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13144
x-xss-protection: 0
server: sffe
date: Tue, 01 Jun 2021 21:10:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "db4e8fd655d0c88e"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 21:10:19 GMT

GET
DATA 200
OK truncated
/ Frame 43EA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dafefd6db96287e4ef8254d51b102cac5872c4af475b9915dbb0853b3586cb6e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 8180595813474601689
tpc.googlesyndication.com/simgad/ Frame 43EA 75 KB
75 KB 32ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8180595813474601689?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmpHvcigk8Nd0wsxxfZBofB1AWWaQ

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fef6ad425f309e8678c0422ed12b81860c27b08be7bd9e3d3d1c55802e69fd58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 10:23:20 GMT
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 18:47:53 GMT
server: sffe
age: 519470
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76295
x-xss-protection: 0
expires: Thu, 02 Jun 2022 10:23:20 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 43EA 2 KB
3 KB 31ms
6ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 16298
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 09 Jun 2021 06:09:32 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 43EA 295 B
399 B 23ms
17ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 50626
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 08 Jun 2021 20:37:24 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 43EA 0
0 41ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS-2rXjAdeP21wRW-czaZkIV9jk4cYlyQEEqcxtxPJ2K3S3MuyMBziGPwMymyrmUAYn3Y4-2V8VtIJ1TV3DZihOv4Dhhg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 43EA 0
0 47ms
46ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPupiREm_YKm0Nouw7gPG2KywBJ6rmd9i2aHG7YEOven7i6gdEAEgtKPufmD7AaAB48-ZvwPIAQLgAgCoAwHIAwiqBOMBT9BpndVPhj3bs0bV6BFnSXsVRE0qrgbbXI91hDJBcje4YGIG0mxTn3EDhiU3uJGZ7_q90NAtcbolnZx6QuWkwKZZfi-2BqoLmPz1knewbGpm7AXucehADkS0-5k8oJCFjW_oJTu_xu8g5RIQqqCSvSYtOv3zqxzHDshXUCnaewMW4l2TQhJSfsvb3pcNm9UcOXBw0jbyfFSz8pxtVF8PXDjB_F4OBvc5bEoVRRe8XjcaS8Foh4Qpo99uJHmcX_76q1iDHJa7IjC4FN3ccHKx3DBhhnv6tJ1EpppAQ9ypq_ZDfqjABJK6gKHFA-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfd9pMwqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEELeDGdIICQiI4YAQEAEYHYAKA8gLAdgTDdAVAYAXAbIXGgoYCAASFHB1Yi03MDE1MjM1MTIwOTE1NzY5&sigh=l1IXyzz8Ooo
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 47ms
20ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021060701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b24877acc148d81edd424346c38f3c18b5a437ec1dfe1b724c47b7e37015d0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7904
x-xss-protection: 0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 43EA
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

36ms
15ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 08 Jun 2021 10:41:10 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 24ms
21ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 8E9F 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Tue, 08 Jun 2021 10:23:56 GMT
expires: Wed, 08 Jun 2022 10:23:56 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1034
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A1E9 783 B
531 B 19ms
18ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bfa2be3f7406ad140771aca55adeaf8b688d71e9ca4a6cb9affe5c5e3648b5d9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fh15TrJiwFtDlks/p3YN1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

expires: Tue, 08 Jun 2021 10:41:10 GMT
date: Tue, 08 Jun 2021 10:41:10 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-fh15TrJiwFtDlks/p3YN1g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E9F 14 KB
6 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 171176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame 8051 191 KB
54 KB 27ms
14ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 359702
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H3-29 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 8051 12 KB
4 KB 49ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 359704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 8051 87 KB
27 KB 50ms
36ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 15876
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Tue, 08 Jun 2021 06:16:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:16:34 GMT

GET
H3-29 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 8051 4 KB
2 KB 50ms
37ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 359704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 8051 41 KB
13 KB 50ms
37ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 359704
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8051 4 KB
1 KB 58ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 10:37:36 GMT
server: ESF
date: Tue, 08 Jun 2021 10:41:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 8051 4 KB
690 B 71ms
27ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 08 Jun 2021 08:43:30 GMT
server: ESF
date: Tue, 08 Jun 2021 10:41:10 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8051 2 KB
2 KB 12ms
5ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 16298
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Wed, 09 Jun 2021 06:09:32 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 8051 295 B
319 B 14ms
7ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 50626
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 08 Jun 2021 20:37:24 GMT

GET
DATA 200
OK truncated
/ Frame 8051 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02c42f8b1a7c8f57abc95c977e16a6ead0e934ae26a82cb10c36d36ca0fc5df7

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/383791016617716081/ Frame 8051 41 KB
41 KB 17ms
7ms Image
image/jpeg 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/383791016617716081/downsize_200k_v1?sqp=4sqPyQSLAUKIAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-Mg8I2AQQ2AQYASABLQAAAD8&rs=AOga4qlS8y6w4hc_uGRCX-XK0VQclQi0cA

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b569580ef8a96ab357bfd7acb2b175c79bb77eb758915da46baf7a191aa8e57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 05 Jun 2021 10:38:50 GMT
x-content-type-options: nosniff
last-modified: Thu, 01 Apr 2021 21:59:31 GMT
server: sffe
age: 259340
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42396
x-xss-protection: 0
expires: Sun, 05 Jun 2022 10:38:50 GMT

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12219243200893561773/ Frame 8051 3 KB
3 KB 13ms
8ms Image
image/png 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12219243200893561773/downsize_200k_v1?sqp=4sqPyQR5QncIABIUDc3MzD4VAAAAQB0AAAAAJQAAAAAYACIKDQAAgD8VAACAPypPCFoQAR0AALRCIAEoATAGOANAgMLXL0gAUABYAGBacAJ4AIABAIgBAJABAJ0BAACAP6ABAKgBALABgK3iBLgB____________AcUBLbKdPg&rs=AOga4qmsJ3kY5NOT9FIeNkrQObZa8CYTzg

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2ea9e178494e471a22dba184d1bc6959371e91cbae564c45528ec0222e4119c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 07:39:54 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Oct 2020 16:47:12 GMT
server: sffe
age: 10876
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3093
x-xss-protection: 0
expires: Wed, 08 Jun 2022 07:39:54 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8051 0
0 46ms
41ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C8xvVRkm_YJCWDKaWx_APudyB2A7vrM_6YuvYhJqqDb_hHhABILSj7n5g-wGgAZnbyYIDyAEGqQLrh_aFv260PuACAKgDAcgDCqoE7QFP0InW9lqdiOOoLYPAOBUE-YOrle_LlQkHXHYK_XFRRA1q9iHMPg58GC-nj4c_PttGwSsSPLGkgo5LqysujiP-w9jVtQiUHvCfIvA2xYo1vZszWq-8G6GPRAvTZ4UqJEB6kPE5MbnoTWoGAGwkQuo-X6Ws-kPsWQTE5zlZdCAdb8IT12kCauzowpmgbRFgQoKgYi_Xn46uqD7lRwAvNKz9PNVHNtgCmoOXaSGY-O_t58nHlnFmch2wvOjL7De-o_X8feN9WfG3IfjU09KJq6LSGjclEoftoN9K5k6dZ64z0NOWjSmuS6ugOnbDZ0rABJqZ1q3BAuAEAZIFBAgEGAGSBQQIBRgEoAY3gAfPpLZ9qAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEJ6FAdIICQiI4YAQEAEYHYAKA8gLAdgTDYgUA9AVAYAXAbIXGgoYCAASFHB1Yi03MDE1MjM1MTIwOTE1NzY5&sigh=oqjuJ1HCCas&template_id=492
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8051 15 KB
16 KB 29ms
8ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 08:33:34 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 7656
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Wed, 08 Jun 2022 08:33:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame 8051 16 KB
16 KB 34ms
13ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 00:19:38 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 555692
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
expires: Thu, 02 Jun 2022 00:19:38 GMT

GET
H3-29

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 8051
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

23ms
22ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Tue, 08 Jun 2021 10:41:10 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 16ms
16ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021060701&jk=1344928066937523&bg=!iomlic3NAAY6sG-_OrA7ACkAdvg8WjGiUT57TvM25K6RMow6wHj8eH2g3D3bkH76W8kHYDehhXGcUAIAAAElUgAAAA1oAQeZAmW3SyZ2EmvtFABX3GDpgEEawtd4HuAikrQHWj6fhlXzR1jAlAIcbLMtl73L3OwQI6DF0CjBYqc41hOhOzvymEhkDtliuX9cmhVWrZ0lIg4kk-gwKlgzWfePAa0jGxreXrPfw6nOsySk4JJR4bNHeUwDm01nVx3_YyhKQjWNMYaJOE9JNfMYv0amCRtI-kcD1ayOTtrazpuaM-ApTf7q8ngzD2LOTEHvtGB0GyMWG8bhuSSa__zfTxZ80l9tVek3Hajlxr1zdEjye9P8D6SmMJ70tTGlhFdYifkBX-JSoUHDzhPluLiBRxRtZiHHj83r0Nfnq1EkAeT-KfXisl4y5Yh1ki0YtaRgai5_ggvdUiJqJTxl10JYrBnzF-7z7-jKtH1fBaGiTg0Lr7hoe9S3qfw_ZDEQ0x7Cu2YYEz9QoYLNdEqoZB5ea8cMY4zJlmllpro1mDOWIRwqSVRNRyUd40Kgi5zf3KessNKYs5sxUFX9E4KSv0dmgjc3PrT77VVowm6OR5AVvXGvzl78Uer3JWdOKh44eBjz0VEpPyLklKn3V9Kw22WyBgL9r0u5evyjIs5X8lXNM-E5eJdgWrDLWEv2YQAIo-DTUax9XHmrrScydHG4Gxs7YfDGFWGN4BMFO1OYrpix1bMxrkRr7qivE42Zk46Kka1wZB2dbeZJwQY1XqovZDNY60xTDHrPALuU5DKLWXmWMIBQE-6gy0eSuRKIEarfGoa9uKKkpup_sV6xlbWO-0hjyIiqH64Q6ZJqCB2SwS_pctlPDRrIRK3vHA2-33EKbWBVheWH7VTqvudcndqjX-iY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C32D 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Tue, 08 Jun 2021 10:41:08 GMT
expires: Wed, 08 Jun 2022 10:41:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 2
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021060701.js?31061385

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066164336645"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A7F6 624 B
299 B 19ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlzQtwrLE51dHJYfgln6G3gzU-F8OV8u_pwEoGZBzKoHQ8ImKCC75HgHWYcXbU; test_cookie=CheckForPermission; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Tue, 08 Jun 2021 10:41:10 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 79A7 11 KB
8 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFTEjQT-0MX58DPHN2YP4FfunvLzHQNmgKe3rmpHruopHGxuZKQchNzS622objQtCklMz1E2VlhogHqc6qRu-uCKC84cknPGYHbwqtJKGsPLVL84SoHqfbxZSsim5KuH3fHSBSya3AHJF0TtfcrqpjgS5Zhw&dbm_d=AKAmf-D01PmSwlKxW6a8pZAiuT8swjbIg1oRNH0UgacfvyVOyUO1tA6sVcFbAoeZUJZa8MucVFBpG7Gf2Xids3ihTg61PSougoU2c9ryXCcTQ_nN0qTmu2T5L1GaqlgrFIgwYyGCcrdo25I7cQzqoc0Z7QEfSd4ZsDhPQJElt2ii2vXM4gR1_kwZEd4CfEy9wnaEihYW8n0EC5JMUbj4g7MHOW39Gq4yA8y5N3R2438PbHB-c4i49pUaBALLPGAKQ75Qw-9kRBRS0r7Ji1ilRZgaqdQl8AB_jqWcuibiZ78C9UTxF8_3RzaxDQjMhNwMGJ_gPPTeIWkpRcbLI2bG22ivTcobbuYdCisc6sDZpBP-OaCfN0gbZDP81eIVaJZirzwZb6nENtYC9pVuDA56MBFkbTNyhZRmIwwkeNswapubhokaZ6JpYofaXEoqMv1cPElEOFgAJz--vtLCh50Qcy8UWxb0fjv6zX3TCmmJ6pqV-6dSQkELpzVraadPFjKCtQyT3iqTyK5kwsNgTt8efXxo1T0Nk0-uzm4dw4QL14JzPNvan7gStjrXzEqp3kiLXYD8k2CgxJ8daPdebddFk4rgpYPGFfXJTUvUDiD8Wt2ouhZzmeEknS2TpOnA2WPlPh1LOQVuGksRmXHbBn_PGcqmjX2XD3s0p6n2SiOzCUST-OYSRu4TtKZvsSfZRaMq3LVDTSAeEp9-469R8MnwyoIRFZTH5ygLmalnZu6AQ0_1KXjWqawHE2lIFWazVXTJODiNO_NovE8cvsU9OXLuOSLrQaYic1fjS7vuDLdncM_kxQvQofl3NEUotbwXwrK0n5aU5NrgEqVZWNtKWxxXNd-xClV2P2qEdyrjjIj-x3z3zY8VBwVC3h6t3lHt7bVVBC5JE7yGNmH7_2i4UrN8IgIqaMqN7OsmoTgvm7-cC13ziLvSwoWt1zdk92awXoQOGcwWCirMbnSX_bZnnkYupj5iCGW361KHVCkz0a-T_TBku-Y56IkidrBE7Tb88npLleJAcJBkyTTUVSqpp7BNAoLOMw0fD4a4LnXvubMUUNAfFJ4dhd4TAh9CTuMgwSGja1CHHxMBpoegWR854ebBnmG2TiQZk7hvVereGcr0B-9x3JwJNaZCTqhVISsJX_JJHMVNMQg4T7bT88qKdO-eeYxtZEYAubwoixRBYJ5-lKVUA3d4FKdPvjuViVM302rcurUsF54xmbaflF9Gj864OXaWrK74sT9HwU32840WGYrHQyNaumqNFQfgj355yprh77nLl_Ptutywr2koYkszX9qAy-6ChXR-7-1RqlXKb_QIXbCia2n9dZi0YQbiJvXV3la06yXKn3ahEE6CVv1t4acNxzWVLUNLf9Tv_ZtGD0gGlnLtAg5YRCupa9Ckdzl9m-aESPeEBKKD-GNvMRaCVKONHiLcFtP7Jbz092lgEDvOgobraNOgb_oHqKnOS413b7cRU_xcZdgExa-cKMEhvbQGWrL0ZxK97rKxaSZtUpFnUl5nEi1dQ2FiMLzLIhpJdFyyKIqoQePaz9uzX54_dL5wKpnDonjLW0R9jD3FRH_BKBy81xjtSE_4ajxVr14sdr1a1qyVA7aBBTWJsb9PZWpAPr1nY0oOz6_kPNAI6VFdQRHsGMml7MBmmz5qqntkRGYaIDPM4_Cu3jThjbn_wItxPb65CSmtHngp5CVQ_VGMSx_CakqbrlVu3kI5b4_t7ksGSQtyEPVDTH1RSpdv_vPC2epUW1hWpzGmef1BHhNPPeNNgvIb3V6cCR-W0_wN69ZjlZUZd8b106UFQLh7pyn3iqwcpqfxVSo1oEyljWS0KWKDmHTYVe3vv8yptN6kJMAel2Y0-GgHZfyX49G8pH9AioYTfrCPawfJwZ7xni9Jo_FLBGxulAScH-eFQi1Ci7g8nBE_gMZzhV-HxRVFspdqsDrRymgbxsu_KdG7oL9-_M1o9N_Pgk1t3dZksZLOYyow-KFk8ZrJH7jc7h6Pb7h0SFByZ88QPhfjwSjg04wisjz_QyidMAPC7KxD-TkzhVcuGezgSy-dz0ti8f_FovySKu68bw2-BmCY08lXRcPZ3rRZ2NMikHssRbbHOCQEycNoSSbae5KIWhlJIoy2hWtYTVk9YjBQzAYOizjAk2tN_vVI-qch3ZlCsM5MSaodm8DXrTdRmq-VnvJyGgsBODm9_INDbMjzCgS7_gZlXbqbDiCJwUvNkdB3o6Jmr1MPNwrv7NuAc_mec7baNDI8KY_ikmHJ3IdF63TNGEPj824mcxmo0kvK9RG5XMJKlppzh3AE_UWpbtAhRLXglOoM3uWOP_i9XvW6rVZJfys8UzeFzg3KMiSlKxzUUptk3IU752pbcGEJ4xYA3F-E-KBvN82r2TRzWJIDspD3EZtv6VZ5zZAZBrrmG_wse2nLX0l09-wukriukrMhF5vAHy3y0PofLjw_OyNwTn0IFHoxFRatAatnmR7YunrRtFE3lTwTBLJCRUZrUbZs7kBzM8phQ4MWYOarwZabLzMrFjZVmEL2jbOCc4L4mIiWY9T987KRrPZSd-khLuG9T_OQt1WFp_R02XfdrJPQ3r7wp2qxchneYxVxO0uPd1eMMqBQR0XxA5ffI0hckJYR8lrqSAH4ft0UyrnQrES_XBky12bWadqWfY1htLEMiF9RtQmTXajhCHV5BBH6iQZns5k7IgPDl6J6Oukha8gYi1rOAefCKVAOvDAOaKM3RIhM4BHlnkv6igdxfexB7Z2B-xWltRwU6viIt5laU_Wjnzmo3cty1XtIeivsl-B9uv0r4925Kwu-naMrKmkz-WDDg6UIzv1OylsN7tttFYOa8GrlgS0LdwBmbxE-vIBMn4sVQcaNgLkecPp_03cZh1EJbBs37ki1j0EFCUu6BynFurL4uavcADlHX8nu8246yKDr5SVsBdeQomd_4wQ66N6OlDtVb6HV4ruFdiX6pLXLcgYOBLAWrecouv-eXXXwcnWNro6KluWXmOTsqOw7BF2v32gihrJ49oJsQMzaF9kMKPWD7LbMRSldZvMIoqVsqndH0q2UTfjB2OsJMqDFZBIs3Qpr8ILuhJUJWS2hrgZhhSFy2eM9fgRZp1YUN9K30YY&cid=CAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cb49d081c0e55cc0e7422d4d9e1b7e64c64c50ffce596ac490493d7243b7697

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8233
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame 79A7 2 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/window_focus_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:35:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1316
x-xss-protection: 0
server: cafe
etag: 797314601362473214
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 10:35:54 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 79A7 122 KB
37 KB 23ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:10 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066169988846"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/ Frame 79A7 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210603/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 45
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5644
x-xss-protection: 0
server: cafe
etag: 16788636151609896382
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 10:40:25 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79A7 42 B
63 B 16ms
14ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CAXD5okgBJM7VxgUc7VpPEDlyl3F_TEHmpOczERBiFd7OWjZY1TDSAWjNJEEE8_mbTEOEm6Ca5IMklg_3NOBjpYXFLFylGJW4OgEM9GzP-HONcwv4

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A7F6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1&C=1

43 B
1014 B

48ms
43ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 10:41:10 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:10 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Tue, 08 Jun 2021 10:41:10 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame A7F6
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL9JRgjUeseVUiMLso-8RwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1

43 B
1014 B

35ms
35ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:11 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 10:41:11 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:11 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOmHdifFCdGWkRoGfChG0F8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame A7F6
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGrfvpNHKPN7ntDgs_GuNoA&google_cver=1

43 B
1021 B

46ms
28ms

Image
image/gif

185.33.221.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGrfvpNHKPN7ntDgs_GuNoA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQ6fHv1QIY1vuUrAEwAQ&v=APEucNWxAQmoEYo1OZ17MYtCHTdIgQlvS5q8ndb2j-YrFHX3I3yEYpsl1HDcrNcan6TVdMCm1r6ogfPZmAeBRWp8rWh_XVFpdCLjeU23qT96VIuuJuvhJ6GjA94xv90RBF7SBEu5asd0Aihg_ReZQHuyke6FMNFiTP-HT_3mz40sSDXy5gLrNUk

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.90 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:10 GMT
X-Proxy-Origin: 185.93.2.202; 185.93.2.202; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.153:80
AN-X-Request-Uuid: 15eb9a89-e1af-478f-8bbc-fe79a7630978
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGrfvpNHKPN7ntDgs_GuNoA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A7F6
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMzOTMxNTY1MDM2Mzk1MDg5Mg%3D%3D

170 B
188 B

52ms
51ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMzOTMxNTY1MDM2Mzk1MDg5Mg%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 10:41:10 GMT
X-Proxy-Origin: 185.93.2.202; 185.93.2.202; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.185:80
AN-X-Request-Uuid: 8f45829e-e6d9-465e-9daf-404b27cebef6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMzOTMxNTY1MDM2Mzk1MDg5Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 79A7 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DFTEjQT-0MX58DPHN2YP4FfunvLzHQNmgKe3rmpHruopHGxuZKQchNzS622objQtCklMz1E2VlhogHqc6qRu-uCKC84cknPGYHbwqtJKGsPLVL84SoHqfbxZSsim5KuH3fHSBSya3AHJF0TtfcrqpjgS5Zhw&dbm_d=AKAmf-D01PmSwlKxW6a8pZAiuT8swjbIg1oRNH0UgacfvyVOyUO1tA6sVcFbAoeZUJZa8MucVFBpG7Gf2Xids3ihTg61PSougoU2c9ryXCcTQ_nN0qTmu2T5L1GaqlgrFIgwYyGCcrdo25I7cQzqoc0Z7QEfSd4ZsDhPQJElt2ii2vXM4gR1_kwZEd4CfEy9wnaEihYW8n0EC5JMUbj4g7MHOW39Gq4yA8y5N3R2438PbHB-c4i49pUaBALLPGAKQ75Qw-9kRBRS0r7Ji1ilRZgaqdQl8AB_jqWcuibiZ78C9UTxF8_3RzaxDQjMhNwMGJ_gPPTeIWkpRcbLI2bG22ivTcobbuYdCisc6sDZpBP-OaCfN0gbZDP81eIVaJZirzwZb6nENtYC9pVuDA56MBFkbTNyhZRmIwwkeNswapubhokaZ6JpYofaXEoqMv1cPElEOFgAJz--vtLCh50Qcy8UWxb0fjv6zX3TCmmJ6pqV-6dSQkELpzVraadPFjKCtQyT3iqTyK5kwsNgTt8efXxo1T0Nk0-uzm4dw4QL14JzPNvan7gStjrXzEqp3kiLXYD8k2CgxJ8daPdebddFk4rgpYPGFfXJTUvUDiD8Wt2ouhZzmeEknS2TpOnA2WPlPh1LOQVuGksRmXHbBn_PGcqmjX2XD3s0p6n2SiOzCUST-OYSRu4TtKZvsSfZRaMq3LVDTSAeEp9-469R8MnwyoIRFZTH5ygLmalnZu6AQ0_1KXjWqawHE2lIFWazVXTJODiNO_NovE8cvsU9OXLuOSLrQaYic1fjS7vuDLdncM_kxQvQofl3NEUotbwXwrK0n5aU5NrgEqVZWNtKWxxXNd-xClV2P2qEdyrjjIj-x3z3zY8VBwVC3h6t3lHt7bVVBC5JE7yGNmH7_2i4UrN8IgIqaMqN7OsmoTgvm7-cC13ziLvSwoWt1zdk92awXoQOGcwWCirMbnSX_bZnnkYupj5iCGW361KHVCkz0a-T_TBku-Y56IkidrBE7Tb88npLleJAcJBkyTTUVSqpp7BNAoLOMw0fD4a4LnXvubMUUNAfFJ4dhd4TAh9CTuMgwSGja1CHHxMBpoegWR854ebBnmG2TiQZk7hvVereGcr0B-9x3JwJNaZCTqhVISsJX_JJHMVNMQg4T7bT88qKdO-eeYxtZEYAubwoixRBYJ5-lKVUA3d4FKdPvjuViVM302rcurUsF54xmbaflF9Gj864OXaWrK74sT9HwU32840WGYrHQyNaumqNFQfgj355yprh77nLl_Ptutywr2koYkszX9qAy-6ChXR-7-1RqlXKb_QIXbCia2n9dZi0YQbiJvXV3la06yXKn3ahEE6CVv1t4acNxzWVLUNLf9Tv_ZtGD0gGlnLtAg5YRCupa9Ckdzl9m-aESPeEBKKD-GNvMRaCVKONHiLcFtP7Jbz092lgEDvOgobraNOgb_oHqKnOS413b7cRU_xcZdgExa-cKMEhvbQGWrL0ZxK97rKxaSZtUpFnUl5nEi1dQ2FiMLzLIhpJdFyyKIqoQePaz9uzX54_dL5wKpnDonjLW0R9jD3FRH_BKBy81xjtSE_4ajxVr14sdr1a1qyVA7aBBTWJsb9PZWpAPr1nY0oOz6_kPNAI6VFdQRHsGMml7MBmmz5qqntkRGYaIDPM4_Cu3jThjbn_wItxPb65CSmtHngp5CVQ_VGMSx_CakqbrlVu3kI5b4_t7ksGSQtyEPVDTH1RSpdv_vPC2epUW1hWpzGmef1BHhNPPeNNgvIb3V6cCR-W0_wN69ZjlZUZd8b106UFQLh7pyn3iqwcpqfxVSo1oEyljWS0KWKDmHTYVe3vv8yptN6kJMAel2Y0-GgHZfyX49G8pH9AioYTfrCPawfJwZ7xni9Jo_FLBGxulAScH-eFQi1Ci7g8nBE_gMZzhV-HxRVFspdqsDrRymgbxsu_KdG7oL9-_M1o9N_Pgk1t3dZksZLOYyow-KFk8ZrJH7jc7h6Pb7h0SFByZ88QPhfjwSjg04wisjz_QyidMAPC7KxD-TkzhVcuGezgSy-dz0ti8f_FovySKu68bw2-BmCY08lXRcPZ3rRZ2NMikHssRbbHOCQEycNoSSbae5KIWhlJIoy2hWtYTVk9YjBQzAYOizjAk2tN_vVI-qch3ZlCsM5MSaodm8DXrTdRmq-VnvJyGgsBODm9_INDbMjzCgS7_gZlXbqbDiCJwUvNkdB3o6Jmr1MPNwrv7NuAc_mec7baNDI8KY_ikmHJ3IdF63TNGEPj824mcxmo0kvK9RG5XMJKlppzh3AE_UWpbtAhRLXglOoM3uWOP_i9XvW6rVZJfys8UzeFzg3KMiSlKxzUUptk3IU752pbcGEJ4xYA3F-E-KBvN82r2TRzWJIDspD3EZtv6VZ5zZAZBrrmG_wse2nLX0l09-wukriukrMhF5vAHy3y0PofLjw_OyNwTn0IFHoxFRatAatnmR7YunrRtFE3lTwTBLJCRUZrUbZs7kBzM8phQ4MWYOarwZabLzMrFjZVmEL2jbOCc4L4mIiWY9T987KRrPZSd-khLuG9T_OQt1WFp_R02XfdrJPQ3r7wp2qxchneYxVxO0uPd1eMMqBQR0XxA5ffI0hckJYR8lrqSAH4ft0UyrnQrES_XBky12bWadqWfY1htLEMiF9RtQmTXajhCHV5BBH6iQZns5k7IgPDl6J6Oukha8gYi1rOAefCKVAOvDAOaKM3RIhM4BHlnkv6igdxfexB7Z2B-xWltRwU6viIt5laU_Wjnzmo3cty1XtIeivsl-B9uv0r4925Kwu-naMrKmkz-WDDg6UIzv1OylsN7tttFYOa8GrlgS0LdwBmbxE-vIBMn4sVQcaNgLkecPp_03cZh1EJbBs37ki1j0EFCUu6BynFurL4uavcADlHX8nu8246yKDr5SVsBdeQomd_4wQ66N6OlDtVb6HV4ruFdiX6pLXLcgYOBLAWrecouv-eXXXwcnWNro6KluWXmOTsqOw7BF2v32gihrJ49oJsQMzaF9kMKPWD7LbMRSldZvMIoqVsqndH0q2UTfjB2OsJMqDFZBIs3Qpr8ILuhJUJWS2hrgZhhSFy2eM9fgRZp1YUN9K30YY&cid=CAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15657
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:20:13 GMT

GET
H2

200

as.php Show response
nxtck.com/ Frame D9BA
Redirect Chain

https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgt...
https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgt...

3 KB
2 KB

35ms
35ms

Document
text/html

130.211.47.109
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
Requested by: Host: 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com
URL: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.47.109 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 109.47.211.130.bc.googleusercontent.com
Software: adserver-ga-6966f9dbd7-8nmn9 /
Resource Hash: 8c35fea89a8ed83d05e4fdb68104ff50b8b16660177215e5f8cccb4f288c2587

Request headers

:method: GET
:authority: nxtck.com
:scheme: https
:path: /as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tc=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/

Response headers

p3p: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV'
server: adserver-ga-6966f9dbd7-8nmn9
x-robots-tag: noindex, nofollow
expires: Tue, 01 Jan 2001 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: uuid=c2f42806-e87a-4cf9-9b01-c6531e6e8d95; Path=/; Max-Age=31536000; Expires=Wed, 8 Jun 2022 10:41:10 GMT; Secure; SameSite=None
vary: accept-encoding
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 08 Jun 2021 10:41:10 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

p3p: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV'
server: adserver-ga-6966f9dbd7-4dw7l
x-robots-tag: noindex, nofollow
expires: Tue, 01 Jan 2001 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: tc=1; Path=/; Max-Age=31536000; Expires=Wed, 8 Jun 2022 10:41:10 GMT; Secure; SameSite=None
location: /as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
content-length: 0
date: Tue, 08 Jun 2021 10:41:10 GMT
via: 1.1 google
alt-svc: clear

GET
DATA 200
OK truncated
/ Frame 79A7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 410285695e618dde330a4471e3015c060e52bb75c50ff25cb4d6d313af69e452

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5BF2 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Jun 2021 09:25:41 GMT
expires: Wed, 08 Jun 2022 09:25:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4529
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 5BF2 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 171176
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame D9BA 8 KB
4 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:23:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 08 Jun 2021 11:23:08 GMT

GET
H2 200 rm_iab.js Show response
cdn-ssl-as.nxtck.com/iab/js/ Frame D9BA 3 KB
3 KB 104ms
31ms Script
application/x-javascript 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ssl-as.nxtck.com/iab/js/rm_iab.js
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 126.167.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 77dd7a6ab6c5b70535f944b314aefb2139419836cfcac9d57f765fc7c123b82c

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:11 GMT
via: 1.1 google
last-modified: Wed, 14 Nov 2018 22:57:04 GMT
server: nginx
etag: "5beca840-a1b"
content-type: application/x-javascript
accept-ranges: bytes
alt-svc: clear
content-length: 2587

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ Frame D9BA 37 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 09:23:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4682
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 09:23:08 GMT

GET
H2 200 B25109827.304865657;dc_ver=75.217;sz=300x250;u_sd=1;dc_adk=437876951;ord=3c2efn;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g... Show response
ad.doubleclick.net/ddm/adi/N4022.4024539RAKUTENFR/ Frame C0FC 30 KB
17 KB 144ms
68ms Document
text/html 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N4022.4024539RAKUTENFR/B25109827.304865657;dc_ver=75.217;sz=300x250;u_sd=1;dc_adk=437876951;ord=3c2efn;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D583180%26ev%3D76461%26rid%3DISsgdC-wV3LIaA5q%26sid%3D567877782%26uuid%3Dea65be7e-6f18-4b73-bafb-17fad799e880%26ecr%3D%26referer%3Dhttps%253A%252F%252F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=sNnUUEg9Vr;osda=2;sttr=35;prcl=n

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

2d7ad74664e3f9e42f04fa3202e61b88a99c6d48f7e41ee76b75f4a2f98d3e4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad.doubleclick.net
:scheme: https
:path: /ddm/adi/N4022.4024539RAKUTENFR/B25109827.304865657;dc_ver=75.217;sz=300x250;u_sd=1;dc_adk=437876951;ord=3c2efn;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D583180%26ev%3D76461%26rid%3DISsgdC-wV3LIaA5q%26sid%3D567877782%26uuid%3Dea65be7e-6f18-4b73-bafb-17fad799e880%26ecr%3D%26referer%3Dhttps%253A%252F%252F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=sNnUUEg9Vr;osda=2;sttr=35;prcl=n
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://nxtck.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlzQtwrLE51dHJYfgln6G3gzU-F8OV8u_pwEoGZBzKoHQ8ImKCC75HgHWYcXbU; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://nxtck.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 08 Jun 2021 10:41:11 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 16837
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 OBA_marker.png
cdn-ssl-as.nxtck.com/iab/img/ Frame D9BA 3 KB
3 KB 32ms
31ms Image
image/png 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-ssl-as.nxtck.com/iab/img/OBA_marker.png
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 126.167.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:11 GMT
via: 1.1 google
last-modified: Tue, 02 Oct 2012 09:47:13 GMT
server: nginx
etag: "506ab821-cbe"
content-type: image/png
accept-ranges: bytes
alt-svc: clear
content-length: 3262

GET
H2 200 OBA_en.png
cdn-ssl-as.nxtck.com/iab/img/ Frame D9BA 4 KB
4 KB 32ms
31ms Image
image/png 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-ssl-as.nxtck.com/iab/img/OBA_en.png
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23472&cb=1623148870390051&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 126.167.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 835b8e7fce8c7030ab18fe28277589c21b062b5b6e6301939cb1e62b1af3f151

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:11 GMT
via: 1.1 google
last-modified: Tue, 02 Oct 2012 09:47:12 GMT
server: nginx
etag: "506ab820-108b"
content-type: image/png
accept-ranges: bytes
alt-svc: clear
content-length: 4235

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5BF2 0
20 B 16ms
15ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMNG3Rkm_YP28Ltax3gO29ZTgBAAAAAA4AeAEAg&bg=!ExClEFTNAAY6sG-_OrA7ACkAdvg8WqpuxnHqPjfujt_CKnk_FZbJhTB66jMKMRqigpn2K_GpqJHjpAIAAACHUgAAAA5oAQeZAwpQING51k_D97NViiOrri_QHvCqogCnJRUMeo9I0UCiN36mId7geKf316MQvCgH30P5P_PLrmAeFWnrH4tTg471oKgNZqS4k1MevqJ6kPhqzpI4KJqjT97tnWjnGB8IA9zbp5Loy74zy9CwBwqiZ-lNCAwhvSXbL_IH9_CAosn0XU6LJve1K6-YWlvaPWaSdIIibUbxmVVZFAjXzS2RLVAtWFOcQtrhPFxN8NuoTEeOuI1_xMqtRp06lLx0zB_NCEZeatNJswcXp7KLAYGctGxdy0c9sxMJcUT-I863CA_d17LhR0Fh8u2JF_Lovn7UJqXO2RyPO_ql6t3c9lEM3IXiywvexUj-aftOPnL_yp2NWkku7LPIewYperQ9Z4ZSYESdbsk4IJjRQOXNhLD29Cb3xBg4DNN_0MHlrZLxiua_bhEgqyvNP5QxNLXEsHC5pZC7MalIxNkrg685WwYfN6flERLZGk3XWzDCk3rdGf3Xjp_7gpIq-sIX1Dgz8ERkp0mR2I0NNodyQMiTToN7Ilw8BoeKl8q_K2mePfOu77PT6bZOZZEnZKIR9tRHRUSWHYa186wNACli3Fzryu1IUwIF3OlCAbrPLLc_zyZKqa6NCH0jd0BvNFzEDMSwopL98PCkgUfPewahQ4u6z6C3PJUVrIVKaJnasOkOyr7DBiDXX5RWBVT4-XtCY3G5LkTak5gxLRtZsmaByUiaI8B6ueUHDFElA6fYhvvox-7VYHq0OERBCOowXDwJ8Kp3sLKWZc3YsqfHtKhamy64Shun4dJcsS1F4B8jyyDRmScBczhw5rIhgiIuNZeq4IYRO_9v32XowPWlHo2-iOTA3ApF5gVmSRLe5WZOXnakwwqQYNt6JOFuwRmO0SWco2NuOyjv7febzC5Me4FcFHE5JdO_gXgZppNqnH4zyrWAkljkdlWzpPTV2I1xNbzZh9crRhDKB6p6pvTJ8-xxOcpfMCD8IcJeZLGDLsEPrIpvJ-Fr-aIi-nyN3JmAoy8okYw8WfoLYESrjo_GxR5BXZjq

Requested by

Host: 61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com
URL: https://61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 024_Think_300x250_GIF_2021-05-31.jpg
s0.2mdn.net/4249241/ Frame C0FC 70 KB
70 KB 36ms
7ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4249241/024_Think_300x250_GIF_2021-05-31.jpg

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N4022.4024539RAKUTENFR/B25109827.304865657;dc_ver=75.217;sz=300x250;u_sd=1;dc_adk=437876951;ord=3c2efn;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC-ZNLRkm_YKPnF5KQ4gGQtq_IDcSv64hjo5fS7pYOh6ibzIgKEAEgtKPufmD7AcgBCakCzxqo_G1utD6oAwGqBN0BT9DVtgH7uvMSneKAGB4pO98cvJj7woyNwQPAauMV0HYdg1lTG2jfO21WAK-q--Hr1YixxG7Pan600vXPvCWeQm-4DBT64FA44v201lv2A7ARXJdTDugLlf1YYnEfLFcipSHTufzRMyZCFJQyzI2O21gJXDKiumK1ZPExyDaUuD47u7ERr3qUZhM88iy_it3kYXSyehEgdEJcabm2tYb9-kNsxEfgdCxhf11M7REZpzxtiZqeT1zZz14iCSVgjJ4ELRpsOInNldYv00CHK3fSjiVQNIFjr0BjR8TCV9TABJiPutjLA-AEA5AGAaAGTYAH3J-I1QKoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE9jj1gvQEwDYEwrYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASFeRoqOAtoX_TCo5hghIuxk3GdFYmcg%26sig%3DAOD64_0O1YFmhhb5wufY80hsY5U0XAaM3w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-ApgvK6HI5n7vk8d8QSDIP3StUszoWcHNmxhKJLpJR8Q2IDbFqzX4W5npiO_i1f7nIRYMPiJHu4DX4WH9UddODegwF3DqQE1zTSRuPX-xa4X-RdXXC4i3BidSa36hYDtiWEzs_vc9Q_-fUXvKU_xVzjKefHNw%26dbm_d%3DAKAmf-BKsDaAMBWdnoPrO1PJN4XWdumqaDh7pMZUOyCEGWwqiYad75xS_nTqODfdhDMmz2rJfIbo7FZ3dV6PLNOu3JQcfROR-5EccwvkSFb_duHiKieDuZc__nDxZVkTuxvpWJLiKOyE3RXXabBPg4nKYCojAT6s0tGk3tgxvS3777XPR2bRcSb0DBLFVaVHwg4I4wUlutwdi4Yj_Hjl4-KomMqgR1kFOKA8pmg_IvL-UhXcJv1pZTUmWYzyVfrQuOV_NsV2lgtDnKM2zmD4seuQJ3i2fKgdRI--8FCgWz81m-MWxdr-wiKCuqcr2Z9avp9C2rBak8U-Nhc5UeoLI7980Dqd_RrXHV2PLnMgVIrqXfyVHR674dm1W4-tDKrifBfGBXCtGt9aXEN61_FaORy3sqICY1YC1Nmn7gDLzXNJ7XNoi4m1S1ZiL49VqRE6C986bKq5pLmqrIdRUTAI25vd87k8B5kfmQ%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D583180%26ev%3D76461%26rid%3DISsgdC-wV3LIaA5q%26sid%3D567877782%26uuid%3Dea65be7e-6f18-4b73-bafb-17fad799e880%26ecr%3D%26referer%3Dhttps%253A%252F%252F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=sNnUUEg9Vr;osda=2;sttr=35;prcl=n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fd9f5a19a66ec4d05e424457a99e7dce5a5c4e8c1e0fe7f04f2e8b182ad662d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 14:24:30 GMT
x-content-type-options: nosniff
last-modified: Mon, 31 May 2021 14:26:04 GMT
server: sffe
age: 73001
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71220
x-xss-protection: 0
expires: Tue, 08 Jun 2021 14:24:30 GMT

GET
H3-29 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/ Frame C0FC 10 KB
4 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a0b09cbb763ef7e1ab6183b36a3ff732a874dc4faa20f375c807d8ade0438d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 17:08:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63176
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4190
x-xss-protection: 0
server: cafe
etag: 13053538017912979805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 17:08:15 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/elements/html/ Frame C0FC 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:38:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 10:38:03 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C0FC 122 KB
37 KB 20ms
15ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:11 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066169988846"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:11 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C0FC 0
528 B 92ms
35ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstiCrCwyQyjDDuxLfeVnWUvVcPUrZQ37ZzYIImgmsPlvqFzmNfdw-CeDoGbFrc20tsleaqKAIr_1Fmlb6b0OHiBzvPwFHvnLLvTqfJqCJnsSpg4yFbpPOPXNf78WPwfOeapQiWCXskA_hpDAkwV&sig=Cg0ArKJSzMnlQNw6oPIqEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20210603.61227&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C0FC 41 KB
15 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15658
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:20:13 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C0FC 6 KB
4 KB 26ms
25ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76a279430fcdd22d906294d36c67c9707774a95b0abad772493966ad273a580e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4310
x-xss-protection: 0

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D283 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Jun 2021 09:25:41 GMT
expires: Wed, 08 Jun 2022 09:25:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4530
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 43EA 42 B
64 B 49ms
48ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssC2tlHnU4yZRT3q7zc7XjntC5zZApYaxLT2RBoZ3Kv_nZLggG9AnKD-1fiZiK7uZ_5FzmwGMMxDuXdzsCLtu-fBQw0wialO5tObcTV9p52apqBzTqRRc-cIbv-pg&sai=AMfl-YSuOWLaJ04WYl9Mtp0mfyALeAtvGVlMs5qKAbSyf-3TN77bDEBLSKJEjcK-s5i5VNeEQ_i27NyY-T5OWsCD3mUxDtrzYpE7A-NOrVh8psp83cfvgLvODo4j4AX3EDQ&sig=Cg0ArKJSzN5x4bgnQuJDEAE&id=ampim&o=315,900&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=134&tls=1141&g=100&h=100&tt=1141&r=v&avms=ampa&adk=1836978441

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame C0FC 0
23 B 91ms
37ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 10:41:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C0FC 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 10:41:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 08 Jun 2021 10:41:11 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame D283 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 171177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 200 6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js Show response
pagead2.googlesyndication.com/bg/ Frame 8FC7 14 KB
6 KB 22ms
10ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6ARyktE4tPRvvoSTtP7tfQ53d_-1azzHygxxMe6f4h8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 11:08:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 171177
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5749
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 11:08:14 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D283 0
20 B 18ms
16ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bk-HjR0m_YInyBpHu3wOS3JiwCwAAAAA4AeAEAg&bg=!TE-lTwvNAAY6sG-_OrA7ACkAdvg8WpddeLmP1bPO5087kH38K8oGbx-DMwsm4c6qH3KqwSMjksVDWAIAAAC_UgAAAA1oAQcKACHjKqWzxaI-i93htjstdDmMzlPTeKGumcVAAte8ZiaSY2SZAzxl62Z6JSgDSkD76sCHXU8yHelpA49YnN9EwFiidGFugXlmWyxqxgqDfwCAjNrgRQhSGsJVVQb-c5C45bqPYfratEusJEj-C_mftOVXln4U1uh4F7PAAbLbIlJ4UW2nOJ1cqUe4OgOi3IH1dWwFJnu5I9kw6kvFY3GlVkCbX9CCVfGJVH_U_p47D8oxgH_Etfo2XpLdw-pg7yqbssaY5BVG3JiGbID2f7XMBG0zHvHsOXPYm9BJ5NgpnJ5LMSMxqygbJR_MIUD9ga7yJ3rDC_H1OkTHkkqpO_5ZYYtJ0DFvBdnYEUEqDJsNMs_-UxuTUhG5ffXNQ7JEwwffbIRe3QY5vlQ26EB1JBboImt_KpRylSvHTyX7RC3GuIH9HbbbTPYfgadmcj87DDVxSnTHqVvmG216aWH7XomV97LWpYozRLZcMv7TKetajjq0PihzDEb2usI60V7F0LZUvq7z3vjJQh-hWlPqyrgxuy0hFUQUDWil2Fw7CkM15GLs1Wab8oTWZYbAtUr_CWAAi17cmShxmZ0rriAo09VjA14cThs4KnTs7l4xX8Z99RBFcCfmaGJg83NfxhhUl3lk02mmmOKIPvQ9Utmdyau1J7__CbtUSJV2n5M6es5js4vd4ssh8-6AIsNPcfVbmf9mWW1rTDHPc4Dxy94E8Edb5KvB985-tH8K3qfJPjO8uRBQI76dwqPO2u0CyHvqoZ7Rk7k_N1BjyXk2zOLnqvIIuqwIo8tbeK6qDUBeAnmZjYz0P8QArDiaNVcRTJDG7DQ0TmFNW3lJzdLjVVH2nEij3lF2Ih_bHtcPVg9lcjxblQihyXYzdvtJ2a9rFRTgiTxhlBHHISu8QZr54NfT8jM7okVo7Mx0-jspHCJ1iIPCNaqHuhb6ST9Ua3mjoI5Wx78on4AbAtLI5Fi19xSqKdbRUccMoYIPqoSMl7vSbmcWZo3btHQ_HLX4s2kgfqcXrEU_y-K6m-CayhR3g3tzADZiVJ41742ypOjG25Ty1Em2GG8EsyMjDDSENSS8awNUdbUvhVGQlqDcf90iWq1kFF6nmB3lcmPDdT33xAFVIhBTxUvrRFsV7L_MaTM29IWip5vObck

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 10:41:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mksa.top/	1970-01-19 18:53:55	Name: _gid Value: GA1.2.726499386.1623148869
.mksa.top/	1970-01-19 18:52:28	Name: _gat_gtag_UA_193456449_1 Value: 1
.mksa.top/	1970-01-20 12:23:40	Name: _ga Value: GA1.2.1720323629.1623148869

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/032105281634000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105281634000 https://sci-hub.mksa.top/
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://sci-hub.mksa.top/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

61126125e9abfc70c83a57071d7ca255.safeframe.googlesyndication.com
ad.doubleclick.net
adservice.google.com
adservice.google.fr
cdn-ssl-as.nxtck.com
cdn.ampproject.org
cm.g.doubleclick.net
counter.yadro.ru
dmg.digitaltarget.ru
dsum-sec.casalemedia.com
fnc.rt.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
nxtck.com
optinder.com
p1.ntvk1.ru
pagead2.googlesyndication.com
s0.2mdn.net
sci-hub.mksa.top
securepubads.g.doubleclick.net
share.pluso.ru
stats.g.doubleclick.net
tag.digitaltarget.ru
tpc.googlesyndication.com
ut9.rktch.com
vk.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
img.sci-hub.shop
130.211.47.109
142.250.184.194
142.250.185.130
142.250.185.162
142.250.186.38
185.15.175.130
185.15.175.131
185.15.175.137
185.33.221.90
2.18.234.21
2606:4700:3033::6815:35c2
2606:4700:3034::6815:9e6
2606:4700:3036::6815:15dc
2a00:1450:4001:803::2006
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:829::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
2a00:1450:4001:831::200a
2a00:1450:400c:c04::9b
2a02:6ea0:c700::4
31.131.252.91
31.131.252.94
34.107.167.126
87.240.137.158
88.212.201.198
89.108.97.2
02c42f8b1a7c8f57abc95c977e16a6ead0e934ae26a82cb10c36d36ca0fc5df7
094c1111eeb737673d376e2598c9abfad2c1dadeab91522940bbf5d2ff512a72
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fd9f5a19a66ec4d05e424457a99e7dce5a5c4e8c1e0fe7f04f2e8b182ad662d
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1a0b09cbb763ef7e1ab6183b36a3ff732a874dc4faa20f375c807d8ade0438d9
1d8c7ce12428be733a9213b2fecae66db6950a933c276d68bf7c8271829a627d
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
2995615474b2ef92946ae6000ca992f89c7ff861082cacb1aa2176e81b1514e2
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2d7ad74664e3f9e42f04fa3202e61b88a99c6d48f7e41ee76b75f4a2f98d3e4e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
3a677da8f32851941b090ee6e9294757cba154033200b20231b2a4ca7f62a820
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
410285695e618dde330a4471e3015c060e52bb75c50ff25cb4d6d313af69e452
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51654cea7baa3054df9d88aaa41bd60b7e6ecb3c90e5906706efe68543caaffe
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5cb49d081c0e55cc0e7422d4d9e1b7e64c64c50ffce596ac490493d7243b7697
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41
76a279430fcdd22d906294d36c67c9707774a95b0abad772493966ad273a580e
77dd7a6ab6c5b70535f944b314aefb2139419836cfcac9d57f765fc7c123b82c
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
7c26262d428c007c7f8102c7e0923dfc02e60a9a10f8e13993fe3241a21849a5
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
835b8e7fce8c7030ab18fe28277589c21b062b5b6e6301939cb1e62b1af3f151
84430d6abc2891ae6d6d74e51804bb5edfb8406efad225ad57d89801a1cd7d2a
84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8c35fea89a8ed83d05e4fdb68104ff50b8b16660177215e5f8cccb4f288c2587
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8f6b5b292f569b4aa23391599e2b5ba79f921042cee545029ae7854a7c3a13e9
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9b569580ef8a96ab357bfd7acb2b175c79bb77eb758915da46baf7a191aa8e57
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9e7946100120e4c56bf5f5142d95185e42624edf98bdae4413c31441a8d4c67d
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
abc1bbfb097cfaf4715fe823adb40881f8ed35a943692d5c037945c2fcc56340
ac39fd2de34b92759571eae7493ba485a9c437b55a9b17e4ae0c2af108658e30
acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24877acc148d81edd424346c38f3c18b5a437ec1dfe1b724c47b7e37015d0c0
b263d0216e5452f8e16cb2daf840e2c0a29143781a1484849d4dbadc7d279505
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bec5f2d4c04b745da44edaf721e56b231f9d08914a11b397d848c40f69d0c48f
bfa2be3f7406ad140771aca55adeaf8b688d71e9ca4a6cb9affe5c5e3648b5d9
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c2ea9e178494e471a22dba184d1bc6959371e91cbae564c45528ec0222e4119c
c471f0127ca22bf64c2926056cfb8aa50fce2505f4d500c057c520396d15e842
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfa2c1817acc9845143087b8f08cfbf450334d63f8b69ea16ec5bf8222cc9ae8
d04828857d1ff31d24b42317e5d011487543b95da962b1704fc018f63cce9d48
d1ac43e9327c147dc04b1efcd475ba7e9d464e6504eaffb167d0412d339b39e5
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
dafefd6db96287e4ef8254d51b102cac5872c4af475b9915dbb0853b3586cb6e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d2ad1634d3edff68d97fc7108092f01c4735455af1fe4661f320b16c417f24
e8047292d138b4f46fbe8493b4feed7d0e7777ffb56b3cc7ca0c7131ee9fe21f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370
fef6ad425f309e8678c0422ed12b81860c27b08be7bd9e3d3d1c55802e69fd58
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

122 Requests

97 %HTTPS

54 %IPv6

25 Domains

35 Subdomains

34 IPs

5 Countries

1562 kBTransfer

3213 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

97 %
HTTPS

54 %
IPv6

25
Domains

35
Subdomains

34
IPs

5
Countries

1562 kB
Transfer

3213 kB
Size

3
Cookies

122 HTTP transactions
3 data transactions