sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On June 07 via api (June 7th 2021, 6:57:31 pm UTC) from NL

Summary HTTP 127 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 35 IPs in 6 countries across 28 domains to perform 127 HTTP transactions. The main IP is 2606:4700:3033::6815:35c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3033::6815:35c2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::6815:9e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
4	31.131.252.90 31.131.252.90	49505 (SELECTEL) (SELECTEL)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	50340 (SELECTEL-MSK) (SELECTEL-MSK)
10	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	185.15.175.157 185.15.175.157	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::3	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2606:4700:303... 2606:4700:3036::6815:15dc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
6 9	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	185.33.223.178 185.33.223.178	29990 (ASN-APPNEX) (ASN-APPNEX)
13	2a00:1450:400... 2a00:1450:4001:802::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	159.69.70.9 159.69.70.9	24940 (HETZNER-AS) (HETZNER-AS)
7 9	185.15.175.131 185.15.175.131	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2 2	185.15.175.137 185.15.175.137	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
2	87.240.190.67 87.240.190.67	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
1 4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
2 3	108.128.9.52 108.128.9.52	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:205... 2600:9000:2050:b000:1a:7c92:efc0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
127	35

2 2606:4700:3033::6815:35c2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::6815:9e6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.131.252.90 (Russian Federation)

ASN49505 (SELECTEL, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.157 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::3 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 (^_^)/, GB)

p1.ntvk1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:15dc (United States)

ASN13335 (CLOUDFLARENET, US)

optinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut9.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.185.226 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.33.223.178 (Amsterdam, Netherlands) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:802::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba18 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.69.70.9 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.9.70.69.159.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.15.175.131 (Russian Federation) 7 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.15.175.137 (Russian Federation) 2 redirects

ASN43226 (SAFEDATA Uplinks, RU)

fnc.rt.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 87.240.190.67 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)
PTR: srv67-190-240-87.vk.com

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.9.52 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-9-52.eu-west-1.compute.amazonaws.com

ti.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2050:b000:1a:7c92:efc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.tradetracker.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zenaps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	123 KB
21	doubleclick.net 6 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net	187 KB
21	sci-hub.shop img.sci-hub.shop	576 KB
13	2mdn.net s0.2mdn.net	162 KB
12	digitaltarget.ru 7 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	26 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net hal900030.redintelligence.net	57 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
5	tradetracker.net 2 redirects ti.tradetracker.net static.tradetracker.net	113 KB
5	adnxs.com 3 redirects ib.adnxs.com	5 KB
4	pluso.ru share.pluso.ru	27 KB
4	google.com adservice.google.com www.google.com	2 KB
3	googletagservices.com www.googletagservices.com	102 KB
3	kitbit.net kitbit.net	2 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	vk.com vk.com	891 B
2	rt.ru 2 redirects fnc.rt.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	mksa.top 1 redirects sci-hub.mksa.top	7 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	zenaps.com www.zenaps.com	704 B
1	awin1.com 1 redirects www.awin1.com	722 B
1	createjs.com code.createjs.com	48 KB
1	rktch.com ut9.rktch.com	88 B
1	optinder.com optinder.com	562 B
1	ntvk1.ru 1 redirects p1.ntvk1.ru	379 B
1	google.se adservice.google.se	853 B
1	googletagmanager.com www.googletagmanager.com	36 KB
127	28

	Domain	Requested by
21	img.sci-hub.shop	sci-hub.mksa.top
13	s0.2mdn.net	sci-hub.mksa.top s0.2mdn.net b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
13	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com googleads.g.doubleclick.net sci-hub.mksa.top www.googletagservices.com
10	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com sci-hub.mksa.top googleads.g.doubleclick.net
9	dmg.digitaltarget.ru	7 redirects
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	securepubads.g.doubleclick.net	sci-hub.mksa.top securepubads.g.doubleclick.net
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
4	hal900030.redintelligence.net	1 redirects b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com hal900030.redintelligence.net
4	hal9000.redintelligence.net	b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com hal900030.redintelligence.net
4	googleads.g.doubleclick.net	b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com sci-hub.mksa.top
4	share.pluso.ru	img.sci-hub.shop sci-hub.mksa.top
3	ti.tradetracker.net	2 redirects sci-hub.mksa.top
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	www.googletagservices.com	securepubads.g.doubleclick.net b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com sci-hub.mksa.top
3	www.google.com	tpc.googlesyndication.com b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com sci-hub.mksa.top
3	kitbit.net	img.sci-hub.shop kitbit.net
3	b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.gstatic.com	fonts.googleapis.com
2	static.tradetracker.net	hal900030.redintelligence.net b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
2	vk.com
2	fnc.rt.ru	2 redirects
2	googleads4.g.doubleclick.net	sci-hub.mksa.top
2	counter.yadro.ru	1 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sci-hub.mksa.top	1 redirects
1	ade.googlesyndication.com
1	fonts.googleapis.com	hal900030.redintelligence.net
1	www.zenaps.com	b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
1	www.awin1.com	1 redirects
1	code.createjs.com	s0.2mdn.net
1	ut9.rktch.com
1	optinder.com
1	p1.ntvk1.ru	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.se	securepubads.g.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	sci-hub.mksa.top
127	39

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.se GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.kitbit.net Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
ut9.rktch.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tls.adobe.com DigiCert SHA2 Secure Server CA	`2020-06-01` - `2022-06-06`	2 years	crt.sh
redintelligence.net R3	`2021-04-21` - `2021-07-20`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
*.tradetracker.net Amazon	`2021-01-21` - `2022-02-18`	a year	crt.sh
www.awin1.com DigiCert Secure Site ECC CA-1	`2020-04-21` - `2021-07-21`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 13 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 95AAC837E9E3C2EEDD6DC483BC93D12B
Requests: 57 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: A0CDA943BFA097377C9009EA0A99058B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CB647410E5BA34C20607297FD861F5AF
Requests: 1 HTTP requests in this frame

Frame: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 25D167B96B4A75D19C02E76F26065411
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8
Frame ID: 64866F630DDCAE0226D00BD5D558B980
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E8B185349D6E111A2AA572DE39FCAFEB
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Frame ID: 1EB315F3ADF6725F7517769BDB4C79D6
Requests: 13 HTTP requests in this frame

Frame: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D2AB473C83D7811AD57EC394126AA248
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE
Frame ID: BB3216B6C90D3C2211F5850C81C33B14
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BgnbPxKrHvHD4Fc_yN9Tpid6zb5-gXKjCCW0LThGnPFNGaI-1m8lt2xWnRTKlWeeGnPYqdR2am2AQuW87jRW5fn3cWzoPL7mQ8y9u73uP15NH448TE9vlk2bxVwuVN_7Z72_ioHnyvW8ASv1z-Po7dK4wG3Q&cry=1&dbm_d=AKAmf-D5ifnx7vLbd8M29cREeqAlsyEEunlvjD9VncW0RtqLrVSztHWtmepzFLeivfkgPHWYp4HsJdZclN0EN9fZWezbTl_5f5Aw8tn6kAl9m-2HeHIPmWFuKMq9WkhrFOC4SVnih49CCOS-9QWHhrxHAofhWN-kN4KO57bUwKgwVCHdW5-9xpDvWTUOz6pyZZqJ8UFHatJ0tt89wDatrxODyw0ihRIFCNW_RJ_1ox9PCLqmt3TaNMKzSuP8T5RuUsYM-LuIiGbAVEaU9_0wjFk58m4HaKsyYaphcowfKhJ9OeZMv7RO593aHB3J-I5kzjnWIGHmqWKggbjIjzX-IpvIXLoqAOFiF9RDgzEanCf-brDG1O_rDcQKz3OGjBeYkU6_M3SsaTcoIlh3w1nFw6ZQXY4k4Ys3aYqwMv366m8nhFdVMEyz4AFcJ3jPbPYDvS-zzZwodQ2buwbJ_Edh39X3gA1M1_mEEMrovodap62yvjGSXjvgpGM6te01q3kWTbx9dV42FWWtflauI00JF3MUYdoDAlD51psS-_p30Fwux00TulBLWGTgSCcd2YVXHKWJuFt8wDfx1OMltmyf9K33UNIRti4d0uWj04RJkOnX1H72EEKH4AjKWmFKo9WaVr9USi_aXEEtFf-rR2SsAEZ0Dap2Mv-IhHI4Hl2AcGN4p8qLoxCiw3dWNKlj6QssYDbRx4rcfOV0PEYroy7e2XT6An7su5Okhn8MhSF6y7iSaW8KnRB7tZWEJ8LM1WBVSsUv6mdnWrGNuVZlrtyBv5J1QtgSP5Y-dohqSJrQayxCRbA17GWXEdL_FwrqwSckNiTNv9SMCenei1xd_CdGZzV97baXyaeFKgs_3kte4dLPJ7GbVDoOLuqjWzegfHfVYByrZi9QvU1CxrD9LkLF1kboRfeOeYFQSUahIu6lx01OzanEdN-l7TlVZBuAKU_IrJnrf6iCyQJOeGmJvV6HlUOWlN89jDf5YjEYjDTzv6XmV1r4L7bd4UepxPOdlQjc-II21D5g6dxI26U3QSxbEHKMFZNFFjLf7g-YQ2akaStTPLXPNQbvkwJXj-UmcJzzvurHvMXULCMAFztJX2cv2b8lkYjevl0bhme1L6vfC6H7U9KzQ5QK-PbrIXjOvk7UR5MNCjoBNOGFricGswD0sjrvtVs_e1D3pG6-Ib9Jq8S2PM_FVjwWLVDcSQNpfP_gmHE-2zq5E2KPeQN6Pua7hc-gi2L5jg5Lx_DmtlbSvR8f5PbGHkzuG8AqKAAJISEW2C9leA8R9w_Z8CKud4rwI51Sa03C_dAQXPK-FI1U6a9kqVeWNtqTQymgOeOQcwcC0ar3n84p9uvr1nI9H_7TKQIxBmIdp3K8P1DkLb-EpAk2XC2ZsHANVhEIdZxDJUId1kDQH-JVgHAPiTC2Nvb97GwvUuEs9s058VrAO91LMUUgrr8qSAUbKSTvwK7o2PSKr4pVX0eWzP78AZZIu6bFJo1xHe7RShNVcoD30-WDmb-m_8Sz4MYeq-jhm3YAoPrTSd3bDH8vYB9iU8SmUuRI4589gL73K1yAqW7m_aS93RkfhWlurSzSE-9X4ZIMhBcYnIcM8ZzDXKaHlt_CIgIjprS2Jh0UOTbDiHAwsgvV5d2Sixka-JuHE1WMg0J8VZsL0cwlTaknLvdkxUGPwKPNaawCpzuxTs3kLdcxirf8aecQFENqf7_GrRbV60ABkEm7yT-z4SfbO1rFQgMMxL3_dw4ZUDIPwuYHSo9x8ZGbFMInVsWTNCC3IkQMFPI8StuHPk-Ka8-gUmCYNpGvePJMVD4mv28ZO8khfpu544GsI0kh0n-kc81P4beSPykkpCLSUg8PIPPmgy20rN7ZhnJSWr_qKAl9Y-499ewKzdjXqA9C6BrjUxzQZjdJJGjTRnc9HV45zU4Rkpe2z-2XgtLa1zvc-OSp65lF0lwo1JiHPgGSCWprNz2XTbJaEw3-Ci6ghU7a8JKl8bguc7f1LuxR5sGHQ0BunXjWANGqybRrWnHr-ujAjZhs5kkCME4F28n60nxwhlw_D3hadU4oZjhE5BfPxBT-jd_E2QEN9xOVyk18jMD1UCJPb3lSmKIMeTKbp-QH-eU4MOSpQhVOj9DQneJj4s8disQcSfG32aI7KhhIkgjpllOyXdvQ9rD0Jh5FkSACWd-7uMRYt4R3LWDIXa7lWCxN1oZxBz9u_SKWKa64XYYOrAZiW22CL_y6sqvM-yCj2QP6bJwaN7aQC1Cn4Z5TmHI0bz-0nKhZlMHx_tJjcsZOytMdUZ_49rFeGkwTkza1GYhQ7z3_JsyAKxmB7sE5A9Ih2niGFxjx6quWn74FSQizSQeNcDRYuFJwF_4sMd-0Frbn9t0knhmzGQ56Z-60DteKjyrn_WFYgHTVCI3iFRTlaK4nJzwbAVI8F1Ip4mfCMvYb66iZEMUkFma3A67MUUEm0vBm1dea4vk_9tkSaHwq0F95-TExzmtkVuQWW01GtawtLjy7RAjTAWNJLb4PRuQQdroO_HHjLyuipKgO3E1YLkjHBFRlu9Sqi0jIvrFwvTZJWoYPKhGSo_jjlvZH7l2_NXS9cADWE6osRLjdqlc3hfS7Jx7TI0YnnFhq7zTzX4f0kPL8SVvzlj8RI6GrnZM-yN8ijmvfEay0YtK2f0JtIQCeTszRQxJOb6dN1UAe1XTTMowYmg9pMEdelTBUcjm2xDcFPOkKinqPthvRwdVfdM4LjMGok9AiaPyyz2EIc9qsZNHSRFRUweg8RBnXzKpjOqjxKpJzfTcsc3dlYwF1GP8XFv23bS8iuq39f0mXR6TfTxy20T6eyjRwGC9EJ4FnVoG2DhhnENEcEOLg4Jnsw5edrWnoAK3U3Yf18edJIQkiH6SKo_hDpn7V697KK3G3ru-ERfRmiqLRQ9cEqPyjp1DC7oOJzkpkSfsaMghTvCtajStFPVshyiMbuWqsLHnCguj_mcHvzT0wxMMPKyqVI-RcBNKYFDhg-YMkptiBf317tEK1Rg5_OdriGBMaWkiAumOl6kVhWdnGa9jo_yDmRmPsix4HSqqxyIp7VUExbXX5UM3SU-IqLYOmrMqbdxnpMuM2OAA3Uz1BoE-9B87N9-Ax6X2ceL65OBTVciSJinIHi9R0IVXRmpVXoAR_aIHpxtEJmtMeybeojLC52OMjE6t1ihpcaDGBBMSNwXAFGfKlCqorHlqn5h-JuAlxQ2kU2h37Vec_VK1rLOJ6sS3GMzw2VvnszJgqwuJOt0cni5fdDZYgapd2OYg_zmq15W0PNwlHeg&cid=CAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240
Frame ID: F67F8B4FB4C944A79505CA6726ADBB89
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: CD60CFB928486FCC601F5D20812CDCB7
Requests: 3 HTTP requests in this frame

Frame: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Frame ID: 839A7A3F508E14F7988249514EEB980D
Requests: 1 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Frame ID: D6979210527453A93FBAED8FD652CCA0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

127
Requests

97 %
HTTPS

53 %
IPv6

28
Domains

39
Subdomains

35
IPs

6
Countries

1520 kB
Transfer

2879 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Request Chain 59

https://p1.ntvk1.ru/nps HTTP 302
https://optinder.com/cro

Request Chain 61

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1&C=1

Request Chain 62

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5sCfIDrIpr3KxFFtEYZQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

Request Chain 63

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEKih4__VjAubBnARAlB6lPg&google_cver=1

Request Chain 64

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

Request Chain 96

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

Request Chain 97

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5sCkPBmkA-GT5E8b0HJQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

Request Chain 98

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMDwjrY_C6JpZBWR8VeNSs&google_cver=1

Request Chain 99

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

Request Chain 108

https://dmg.digitaltarget.ru/1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc HTTP 302
https://dmg.digitaltarget.ru/1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc&q=scc

Request Chain 109

https://dmg.digitaltarget.ru/1/6534/i/i?i=538319423591140.628043966834028&c=tg:adcm_pc HTTP 307
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=538319423591140.628043966834028&c=tg:adcm_pc HTTP 307
https://fnc.rt.ru/1/6532/i/i?i=Xh21WyKXlWKYmgO7knUf&c=tg:rds_6534 HTTP 302
https://fnc.rt.ru/1/6532/i/i?i=Xh21WyKXlWKYmgO7knUf&c=tg:rds_6534&q=scc HTTP 302
https://dmg.digitaltarget.ru/1/6533/i/i?i=715571001618453762141000000003192196&a=774&e=588FxJUwBF3D5555nkGf

Request Chain 110

https://dmg.digitaltarget.ru/1/1086/i/i?i=538319423591140.651826983739081&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.xps:xps_9K3yJ3cZNP8XhaFCzbP1h.xga:GA1_2_1583700586_1623092233.xgid:GA1_2_658246857_1623092233.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=538319423591140.651826983739081&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.xps:xps_9K3yJ3cZNP8XhaFCzbP1h.xga:GA1_2_1583700586_1623092233.xgid:GA1_2_658246857_1623092233.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-518563-fDktK

Request Chain 111

https://dmg.digitaltarget.ru/1/1086/i/i?i=538319423591140.24651396570107&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.xps:xps_9K3yJ3cZNP8XhaFCzbP1h.xga:GA1_2_1583700586_1623092233.xgid:GA1_2_658246857_1623092233.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=538319423591140.24651396570107&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.xps:xps_9K3yJ3cZNP8XhaFCzbP1h.xga:GA1_2_1583700586_1623092233.xgid:GA1_2_658246857_1623092233.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-953909-hMgly

Request Chain 112

https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0 HTTP 302
https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1

Request Chain 113

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=41553200193780600510390011618030&t=html HTTP 302
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

Request Chain 116

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=41553200193780600510390011618030&pv=1 HTTP 302
https://www.zenaps.com/cshow.php?pvr=2c868b90-c7c2-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=41553200193780600510390011618030&pv=1

Request Chain 126

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=41553200193780600510390011618030&t=html HTTP 302
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

127 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

29 KB
6 KB

554ms
534ms

Document
text/html

2606:4700:3033::6815:35c2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:35c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab

Request headers

:method: GET
:authority: sci-hub.mksa.top
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
expires: Tue, 08 Jun 2021 06:57:12 GMT
cache-control: max-age=43200 no-cache
x-cache: MISS MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a896f15fe00009766c79f4000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0Gi7gN8dznlecJ1V6Q2qNADwVnMIgFGhA20pFEAPiYipTLb6TEhOv9jMyhsfNSpBmKpb3veXxZ37IYd0dw67a3apAfr6BkWxs2vpmuaZOaeijn83xhfp5VQraYn6HCe3mnMKSiwuQ6xzQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65bc1acffe0f9766-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date: Mon, 07 Jun 2021 18:57:11 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 07 Jun 2021 19:57:11 GMT
Location: https://sci-hub.mksa.top/
cf-request-id: 0a896f15b700004db25131b000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KT7EAfRFeuxuAV6hqlIJF8vRN2PFHfsnY0Ku59GVe%2BKJnk5mWL4ePDnhouDJxRvt2Pl2tZymwuilihczJ6jMu394DO3XpyCRcJv%2FGNMPTRGqPF%2BGfByMdMZ3UA3U%2FhHAa31BOWFX%2FT18eg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65bc1acf8b3d4db2-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
29 KB 303ms
282ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213796
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a896f182d0000c2d63e214000000001
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
etag: W/"5c00bb7c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=1RjWuKSBE4w9ih3N4vPcg6wV5oo2n%2BgBpEF3DXEkxhWv%2B1B86HBDmShGuwxoYRuZbORJ0XHnduleCmQSp1cT%2FG9%2FzJRp40Cm%2BKyKPYjFuruq1zY4Svyxp1gvoV2F%2BXMik7UkeyIYiGiTUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc1ad37fd5c2d6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
63 KB 291ms
270ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213796
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a896f182e0000c2d60422d000000001
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
etag: W/"5c13665c-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NxHuttzojgzABOAtqjpSamQR414wktVOsEEkbzm%2BogX2M%2FO05bjtofHQEWNMA66bcWR1r7w5iEQ62eRo0vbcpA5LU1UZm9U58gC07FbvmEoJ79LCHyZoyiVtpk64NpyVb6u%2FGO35T4nrYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc1ad37fdbc2d6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
22 KB 279ms
258ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213796
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a896f18310000c2d61c981000000001
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
etag: W/"5c00bb8c-1798d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=A0Pb3VDE9UBD81om7NkPALzcAjSD89zyqNTJ%2BjAXij8msrNKMlBE6qp%2BHDP%2F26aXesBNwanBAlnD%2B0NW0ljydlx83HEuJX8ZaVr6ZWr3jfWdijUWxS0QM%2B%2FvuOqRo5kqC%2FP8%2FNFejWuiDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc1ad37fdec2d6-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 51ms
31ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213796
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22275
cf-request-id: 0a896f197500004eaa0d020000000001
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=0hSKH%2FO%2FpNXxrMZVZtsDciCdVobuwIGE6q846qOOn8OqxpBxPF9AT2BR0LK40tMqfQ6jEmcb6lacGGcPt1WQPVOFNKNcxsUXAs3dZca9pfu615Wbdpnv7uwiciIAINAQ0gaimgmfUgmrQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad58df04eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 43ms
39ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213796
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8428
cf-request-id: 0a896f197500004eaa39af7000000001
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=xa%2FaDdVe92%2B22Ojhma3G4XrcaMwKjsypf7ntAX%2FDAVcapWq%2BdEwrHpBTJP1QTPVGOYjV5hG3GwrlGA96zK48H6weu%2FHpvn6IWE7f0gbNO5F2PqWi2DFcLI0%2FxwqySuK6DqqI0x0jNZeh2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad58df24eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 174ms
61ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

031de2ba14934fe6c993c486fe0a30a18a8fc69066cf1efbcc4162adf6f32edc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "896 / 804 of 1000 / last-modified: 1623064273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21372
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
36 KB 41ms
20ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5793d110bf1958d3744be8d2dfb9b83e056bd01d7162813bf63aa6483c08bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35965
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:13:48 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 18:57:12 GMT

GET
H3-29 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 25ms
25ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 188646
cf-request-id: 0a896f198600004eaaef1bc000000001
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=V846xyu8ZySvaZ5Zm59se260bXTCsIGnDL9Y6iqTldzJa6muZ%2F%2BSVMyKERdKJNc3KVfFdNvXKBad9AqwwX25Aet6Cc2AB4d1BekTTO7J31DVtnBBH5G6vuuJo8co3GDSUE1eIXlF5upIFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ae394eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 43ms
42ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 14556
cf-request-id: 0a896f198d00004eaa180b9000000001
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=P5%2BKvoGNlNGmD32GaiI1TzZbh6mYYWbdqI67eoeY7s8HRKL%2FOFEJgP%2FFW0dolVNMo7rp7PA9I1ZMYyul90lDBdk0voxA29A1n7SQyRdpeCktYm0DvRu%2BIonRhz8THiI%2BiB9JrLPiUfLxSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ae5c4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 43ms
42ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 60144
cf-request-id: 0a896f198d00004eaaf7a87000000001
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=5x4xjWjEGvDd5aDTsVkAXBQnRNGB13pzkif067mIhv8NsXl9DdVA6%2FXmciDA2A%2FgkbdekO%2F4fMN6ANBdbVxPA7IWRhl1cwLQC594YnDoUeb88JEng1Eh484dljSAfBik7ctptTMksuR2Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ae604eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 44ms
43ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 55605
cf-request-id: 0a896f198d00004eaa07062000000001
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2pqcvh7CEBKo%2FbS5%2BTZ5Gz9Sfx99495z6HYRhlmm%2FwTt%2Bn0bb8CfQIDzJCttxtUvUrxSAHyaXZ4mamtZ4yHOXc%2FiI5IVQhjgX4sD21uYXZSD4lPZY1H0vjKxb9nPEKqnNs2u%2F023QA2ANw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ae614eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 66ms
65ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3361
cf-request-id: 0a896f19a000004eaa122c4000000001
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=V1qArsm6KD1XgxvFqUbbwqYO%2BgDrGBiytRUVObwqIi7jwL7L%2BV%2FhgYfMt%2F%2BEZdCl3iTcnMfC3KtkGsnU9U1XJ0Gbs%2BKzF2wks8E7v6s%2Bh4wUgGFYe%2ByDahBoWyF5SWw%2FWm%2BrniMIhzrwxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5cebe4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3-29 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 43ms
40ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1068
cf-request-id: 0a896f19bc00004eaa23172000000001
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=XGaAyhyLgnUvtabZKnfkm6M8IaTa76%2BviP6c7o6KR4nZjrM572qL5fOkFpFfoo4SLMHHFcLg28IAk1Q1yRnzup%2Fma5T9YAxi0rFsgRDlJ7UgwatmS1T1DAwzApuu0aWZZ3LUcQsWZY72rw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff5d4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 43ms
40ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1087
cf-request-id: 0a896f19bb00004eaaeb39c000000001
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=I31loKFDJVUr7m1bkQFITkPBnybeY7o3E6WQ2msGDmtzhDA59R6ksXxQxDth6HZ3NrGSA20pwO%2Fn4iMJMhRBPd%2FBP9uA0xY7QXpQbjm5BGnWwYahpbln7%2Bm5%2BOB7DqnMCWvz6n4TgxnBuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff624eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 43ms
40ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1637
cf-request-id: 0a896f19bb00004eaa153b7000000001
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=AgehURps9w57qGV%2B2tX1DOSF%2FBViqCG7eFryJBEGhS3vcaa4WSQ7tqow4CI2BWQ5Shy3moFceY8TeCxg3SuyfJYca2NETmDcPBIPALrQRvbUdHUJr0GJbYiVa56QnhOb3D%2BXNmYyq7Ai%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff654eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 43ms
40ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3907
cf-request-id: 0a896f19bc00004eaa122ca000000001
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=WmRWbVhbZQyNvnNVt3nUxqcqICBBocp%2BN10KyLQXePgaRioltXjMfwc9WnJ2fs6whvy8mdVCIDZDcD6mzgPhw7VJZMxev97%2BdBxLqjFz%2B7vF7Gxs8NEhgOYlp0WRhufNUOwy291r8wl6mg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff664eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 43ms
41ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4278
cf-request-id: 0a896f19bc00004eaa44b8e000000001
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=B67wYTxAY%2BoyiE6ixQ8r55P%2Fooo9ndeAhJqbWYKtlzIp34jsZ7uDBvouTpJ9IqxGJtqaRVyPF%2BywKG6ybn1Ak5vME1KtKUiyTz%2FXBlYX9%2FbOq99CHBtG3L1dRCca%2Bujo%2FD1CBj1JJvHTcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff6a4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 43ms
41ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51212
cf-request-id: 0a896f19bc00004eaa1388e000000001
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=scjYJwMYijoPWZnz2a6s8EvSq8Q1cKhODfKOVq3qtLC9PpJUuLq2XVEaqfZvTHP1fvdE8SD0bZ4HVrbI%2BQmRrtL4BXH9VXV3%2Bpng9KM4vjNrhKJBdUfuVg%2FnrMGnirBJWyqImxTaGAe4vA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff6c4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 45ms
44ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6197
cf-request-id: 0a896f19bc00004eaa270a1000000001
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Di8rOTh8mMbuQoirANVNHsYN%2BWyjlK1q%2BUTZkY4ej22B6EHAqy%2FOivIdC6BkIs3e%2BOUFHcuVQThONr9TByBBvGcH%2BRGg1p0ctx9cRRcquzpiaYZ%2FONzZIQrMI9BRgm9Lbe4Y3bstyNeIPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff6f4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 45ms
44ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17834
cf-request-id: 0a896f19bd00004eaa301f8000000001
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JJpY07OMDP5yWqoUgENXbvTvWnUYFYDyW78DVlI45V10Ki%2BoqisJAVK%2F5MXKhXB9C4j93sbc%2Fetiz4D1Ux%2F3dP5fr4mkr%2B4WrFCy%2F3Vz%2FZByr%2B53ESIdCgsfm7mQHBfj1XD4R7zNl6rIUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff704eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 45ms
44ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5751
cf-request-id: 0a896f19bd00004eaa1a0d0000000001
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=cXrNuwENQ3n5NwC1ZKePqTWPXT7O3Tk%2Fzpb%2Fze1SMxWFUr9UT7Wajn8kQRITGRcLQAC9eUevYEUvjfQXVOFgKHmJ4sGbw25KcVpqLXyqo%2FxFPv6wSrUu4GcT7j%2FuS%2FnFCli%2FxLzMaONFtg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff744eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 46ms
45ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4152
cf-request-id: 0a896f19cb00004eaaef1c8000000001
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pVHgxFrQYeL0Y%2FGXUYBzINTl%2FaTkb%2B5SOXFIrU0kaLL7F%2BsvPh3x5MPTFf9zeTloPjy6FRjJXqQM%2F8abqVQ%2FjzPrTGTHJX2sQj8JyNGXEM96n9FXrfov1LOfxaW2xBiWUC%2BKYBXI2dsuew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc1ad5ff774eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
12 KB 17ms
16ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 213795
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a896f19d800004eaa2829a000000001
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
etag: W/"5c00bef8-a5cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SwrfRn0oIeGwT3C0SLXpR%2B6pMdA95%2BtC78Tm4eQIY13bAozbALV8zN3GPeJ9asGNluvjiF37NGUa76fRmnHbwfgJzIVNXfapsybmY1fuK%2BodJXqyVcSUt6LBi5iGI4FqkhylsBTlU9k1lw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc1ad62fee4eaa-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6349
date: Mon, 07 Jun 2021 17:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 07 Jun 2021 19:11:23 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
13ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=599346101&t=pageview&_s=1&dl=https%3A%2F%2Fsci-hub.mksa.top%2F&ul=en-us&de=UTF-8&dt=Sci-Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=746274121&gjid=584765530&cid=1583700586.1623092233&tid=UA-193456449-1&_gid=658246857.1623092233&_r=1&gtm=2ou621&z=122785020

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pubads_impl_2021052601.js Show response
securepubads.g.doubleclick.net/gpt/ 311 KB
109 KB 119ms
58ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 May 2021 08:37:30 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111649
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:12 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
443 B 41ms
14ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-193456449-1&cid=1583700586.1623092233&jid=746274121&gjid=584765530&_gid=658246857.1623092233&_u=YEBAAUAAAAAAAC~&z=279462204

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 18:57:12 GMT
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.se/adsid/ 107 B
853 B 35ms
15ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.se/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 35ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 12 KB
7 KB 612ms
612ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2105307156058736&correlator=1354185950393595&output=ldjh&impl=fifs&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C970X90-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1623092233&dt=1623092233055&dlt=1623092232212&idt=818&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=900&adks=1836978441&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=970x-1&ga_vid=1583700586.1623092233&ga_sid=1623092233&ga_hid=599346101&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

84f35581e15993da7bdd7c27c722cf44e985f9be89f2f17f991925b110a5920d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7566
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 49ms
14ms Other
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 984ms
984ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2105307156058736&correlator=1354185950393595&output=ldjh&impl=fifs&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C336X280-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280&cookie_enabled=1&bc=31&abxe=1&lmt=1623092233&dt=1623092233059&dlt=1623092232212&idt=818&frm=20&biw=1600&bih=1200&oid=3&adxs=632&adys=1552&adks=2992418410&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=528x334&msz=336x-1&ga_vid=1583700586.1623092233&ga_sid=1623092233&ga_hid=599346101&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4227199aadb66477eeda5d0cfb8514978a0e43a3ead42ddcb139e4e1ce29d697

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:14 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9157
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 472 B
279 B 167ms
166ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2105307156058736&correlator=1354185950393595&output=ldjh&impl=fifs&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623092233&dt=1623092233061&dlt=1623092232212&idt=818&frm=20&biw=1600&bih=1200&oid=3&adxs=426&adys=2192&adks=1528813087&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1583700586.1623092233&ga_sid=1623092233&ga_hid=599346101&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c70ebf883e629d2d0011893d6c1d2e42ff832f681493495b5d1f8ccbf6f05ef1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 249
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 477 B
286 B 722ms
722ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2105307156058736&correlator=1354185950393595&output=ldjh&impl=fifs&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-youtu01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623092233&dt=1623092233062&dlt=1623092232212&idt=818&frm=20&biw=1600&bih=1200&oid=3&adxs=430&adys=2192&adks=3809152490&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=1583700586.1623092233&ga_sid=1623092233&ga_hid=599346101&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

59aad03e2d3404d92ba396e826636c2859210fa7db2a7710cd291313c97116c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 282ms
71ms Script
application/javascript 31.131.252.90
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=mz3xVVm3yxvveECk&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.90 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 10 Jun 2021 18:57:13 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 282ms
72ms Script
application/javascript 31.131.252.90
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=FSpOV2KHQC1VBqQh

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.90 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 10 Jun 2021 18:57:13 GMT

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
496 B

96ms
96ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:13 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 06 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:13 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 06 Jun 2020 21:00:00 GMT

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 319ms
108ms Image
image/png 31.131.252.90
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.90 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:13 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 281ms
69ms Image
image/png 31.131.252.90
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.90 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:13 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kb.js Show response
kitbit.net/ 1 KB
2 KB 655ms
70ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/kb.js

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

f232aa2f117eb04ac54ab9a5cd04823573edbd473cfa6d41e8e9b4a32d9973dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:55:40 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+a6yE5wstTy2wAg==
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=21600, private
Connection: keep-alive
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 00:55:40 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 40ms
20ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1d46d4322013ba1805b8b6dc3c7ce459c51ef7f202999f21304d9a5b5c7d09f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8209
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 32ms
13ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:13 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame A0CD 12 KB
5 KB 20ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 07 Jun 2021 18:40:16 GMT
expires: Tue, 07 Jun 2022 18:40:16 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1017
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CB64 783 B
1012 B 39ms
18ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ddbf8e3f69236abf4ff1c752de2d95d4133eb7122c51402f3e8879c4a633743b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7agDo7Y6RQCOAfBzF2lQtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

expires: Mon, 07 Jun 2021 18:57:13 GMT
date: Mon, 07 Jun 2021 18:57:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7agDo7Y6RQCOAfBzF2lQtw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame A0CD 14 KB
6 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052601&jk=2105307156058736&bg=!ZGelZyPNAAY6sG-_OrA7ACkAdvg8Wuf-RzdIXgKJeABIm2Cle6r-eLt2B5yZqbhkQzO9PXssJDhzXwIAAABUUgAAAAxoAQcKAGkofaK1w8GpITMdPtP6w9zZRg8JlP4Zt85DhhV-WAkVWLaLTiVvxassclo5ZO7BlRiYZonzA8DBoVuJ-NkMbZ4ZQvMN7STlxSWyh-QDKN6u8zdQOFn9HjuAeJcvMEdnuEH6-3N910nWddOZAlDbdkZAtyBTFdtFTot52G3b_g_sVyIINkR-HGdxZmYletxp6HnIQzX4TQO8TQYbNd8s_ZmJ71JZkkUUZyWMlJc385EYMVKR-ueSVTWtx7mDXyFGt892T2-Hu7RPRgKo1Sz0Fu5jSGoftoyZvB3kcLQEbWQMNEYCZJnQ3tGwOxhnKnULO0bORdJv_D4Cwab56c3I5iBpJeJKisbmq8Yiza20AKhZt_eL6H4DiFVnLtiLGSmQOjDgs1NLC_sH8OY7R1cE4rDQrNuIBdhOxpiKm01nnt4e2JPXNaZgBe77kSm21dDIzGgkrlKHrHeIHLRierjqcyOq0tAL9q9IxK2NKl1UW-3IRHAhKSR-x0NS_u_2-tAfsprVoytK350VakcJlGrkQsvPyan8c-Ar6x5EzeFe-ypTADN1WwlH0paNTwElY80CDPRCerEZVK6Gcujfz66DLjeeKuj6EyMtz1VFgqKiQwglrT8vFYzmAhev_i10TtHbjFT4rKZ-MIkfGLueegRO8ykwQvFTHzG3cxam8rF7KvfjNJmiusbRoVvZgYVYjgyIywcm7v7OOJ48fbrO8c2sAIJ8wZbVYQCbWuSfmCUY4wqyojAjXhfFf4lVFCJm3ek0TnNfGEO9TmUOqWg0XodfhAHH-2UAZB4OX1GyIe7QEe0Jrjx5u4vwhf_kwenlP56rE7Se9pXqQHOk6uO9jc8riHX8KJN0SxZkzhaxO35xD_VL4PxkdEkSaIOJOXj-wWQ7v0oYc7FgLy26UAKOEB-uvEXmhAdYOYAbEPGixVpR

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 25D1 6 KB
3 KB 20ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 18:57:13 GMT
expires: Tue, 07 Jun 2022 18:57:13 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:13 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6486 624 B
979 B 40ms
16ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 18:57:13 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnateGj8ETJiPYDIh7l5B7jc2iLbIS61V2GTEsUKEDqRnbv3hgxzk8k9QEW; expires=Sat, 02-Jul-2022 18:57:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 18:57:13 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 25D1 57 KB
24 KB 58ms
36ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-UX3-1ObItFGWXxWXnySoS_PTYqpMJ64QrB0VImylfbWQmIhLHOXhPdNLGsr_k_bkeNgUya07Ofno2KoKaqrCMHFcUQXxd7olrB6hVFGYXZWwM1YtaYHPWhNUaB-CE492XZqRtFDi3rlIQVdeOb2CNoiTJg&dbm_d=AKAmf-DTuJbqlmw2M0ukkcwXcCFVNWOUQecC-2DkaF8g3czhGkEqmqtluwKUXO4UVv-hw1tox7OiRaXSaj8oJiNa57fdg7uc9fS_keI9l5ZXFv6Kii2nlu9YEDio2ikBV16ymQehYWxqI3gI4KFM7iiuzvS4FoqvH796K7ZcDV-71Hnu-KZjFvxZWtP0WOxgO2gqCihnoDg351Hyb-LHkTpu0Ea50aPZgqN0ciKt5oPgWG_JaBWqSbFguzNlQDMHDswhu0fYIE_o0xOnuojqsHhzx1n19alUJ8tWMOnANqtB8OuIA8lHwIyZp05_8BveM-MBayqdflGYte0tZLn45BcFjXm1m3IZ7kACHVFBijaXFgUxHRvQZnmld_TywkNhf2G0bMgHL83SRuS-xJFXf4fCB7WblMlwTczcqKFb5yiqUpwoKotuhTdzFgVDQfvCNJGya31ZbXJ-ac_XYwfv6l_XZ20bE1YZjQvqQNCcSW_IPh4ZW1qp2YK_MAM5O4azI-Uw1s7Rj3CGBUv54cZDTKI4JTm3lf1ZsQyV19bNT1ADaZGEV79aDtKArrUaHhLW48zYqkGuh3WDQ6bCAiS1bxAu51ILDbLqjorugWj1evyd1iVdSzilQN5r25UZr1gK3Xd8uZu20MIHpVVcWf5vtwInZtj9qDwNdty6qZuvtcH57ba_jim4zvZ8HhgDICDPnvSNO9IogYaP-TPB9aUxhp3OTKGQ1fsz6y_T6aWHIawosyuP2M1p8mullk0sXSPQ70DkZ0G7CvY2iepf8c4alTlcFRLBJHHf_wqqv2DBPx8JfGv0y_HVm6M-xHVqZPuNMqPIfizWEXmbOejU_9n0htbxT-vQgXKWMUMIWeiRLQwiscc-d7OBJsNAv0dOD2aOvZt5Y02Hyn5va_FR7wQWRVxX5WlyBsKSzCzR8wkUirl3XNGR5Wds_EMwNZqnPouN76nDqzTr2wyAQqYlwFO7LgieVVDs8qvBslP4ot38h9a3yWm_d2SRfrPuJnHJz6ypaLVJeVpbHrDK1xi9yrE1S008RVa4tSwPTmJayeas4xKiHJebjE4A2ZzeC0NPENg53l0Jue4oDTtg6U9laYG0oNJagaiJcUFNRTg0oM78Zk_CrcEXS0SbRbERLPfP_RvSe8dtb19VJEvJ1GlS6qHVxQIWfEXSNc8BYkNcNVOz5IV2TWmG_bOXTS12UEd38cXX263F0g5ugr4RL1fmsWn0mL7fIjGjinkejLoJgldzr0B_hr8IaU5Vcyu0soMJAZmTYRQtbz171lpkQxgxS2m0a1Gr_57YbhyWCLgq3wWfY5sHAnAaHaeU75fkLXKwfYZ-lljEjKrZnOtCfhSsUweKsjgHlpV-m__ExD_75CPww9wznc77JCRxiZs1yrDk067o1Hw_vKIGd3Lg9ynhDsfh-SY9MxMU_ShLxA3LUdP2xdbevILpzzqmXlnc0n9TGFhXDB3eVhPRgWY4SPhM7q6DiaXn9Cr-mSPviGtJTUMsDt30aKfaWlHAN2DXe7hmtdTGWeMyH8eGiUcCKj_aP3R4TeV7uKLRcLBWtcdW6YrTCNopoxjq9gAJhe_I6k-OCvT15_eMk1QYZ6j9buMyIOslFnPw-xS6dDpOX418E3JgR-2ItlJSO3rsC3Gl9tr7IYO0ltqY9ASz8iTRc6wZt01nPIXLspxeLLoBNCR3tYfIUj9kFvIy2FLFiemPRNcXylaRzNayVgg2JkxDdfgEs8F9wNCbzWDb6gY6F6A7oUMGnF9xjE0zqCJvBZ4ysDhTBUKJrHuY8L0bKd162zBmaDSh2k_SdKWBJ5SEaFKbgIaYxXuBS79NyuFL-rV8Fs3sa6mtqwrHTbGwsikOsrMoYIhdzoM8WBfl0JPoqWIgI6ilJzz8NGPrE7HtJF-wUNqVr_KBWOLgLF3J3cw9ZcDkdeoxThiIFr3zzWG5tiLsh-mMxnUCIEYjUSSTnRtbAo8uku3-fym8ohivNezfe3NvFf_8EXsKHdY6Wr1FKZW0gWf0Wzq_cIRgwrLxLqW2YIf90F8I6NM4wE4zvWnewFr4NmaWPPLoNP4o0C3RZanNvFlc-tbnwEYOx0F3-EvjKYY-C9j9wjApiF-uyzAQMjCKB2XvQGki8F0KQ55PaexFvl5-xzIaE9QOcnM5AWc0XWehjWK5bdTqJPp1V7yuPb9Xx61Yh4K2eAsfhyUOxsUVz9Ylo9CXtrCfYdMWc9_OJ7kxLBXf_LWN9MthR6lKIXgtD_LwRoGGuWr5dDTUBLrmmmKqdGiWWhArWFF3QqZxBSV3ZbKyLzQXP9ZIg8GHMMze1tmuQUZfqDZRSnnH45os3L82ZpEf1zTaxs6PJjyaI4mFp7zwpmwLXty6iJkaxVieu2tEj8P748ssZyyWJfWbBZ9CeKWktROKAdno6uLrQQ4GhnHn8dTzOqem4sWHWR3w3e5kDzr8aLx4vGudluZv-PeqwUf2vWMnBK-t3UcpVCX-_nfrgsk9YRvLoOj11eAkhgUqjg3rujc1TjHNc2SV1uGoFCf5mHlxpmoc9fBVXYIhy9IQ2fNdOSjDt_HILJ_6Wjsh06UPigX9daltp0shDsMH5NG53ybMZIg5g6EF20cf8XvTF3LW7h-tD1Q6P-AqJ9MZHkkk2XS2VcnOW3jvsBsmxEDQb3ivS4Q2mVPnsVHidsigrgAp57x6TDgpoGqlf1_K2tywxiF1Z1KURr3ZJySR1uw2BFULHq9TEIwJpX9DWjhTrukegUQkn9bMuBsPHsDJTHEefdMNIea3mqSw8vWPlLP9Ev4uOquoSIGU-GrKOnxmXOGSlS6LWEblJIz2nT_mRm8xXr12qX_3yKVpv-S_yAqdiPODjJgahBtsGWK3k02An4xTRoHIkaR-PtJlVwcPa15H5w445K9Z7KClHeZ5frAunIzLJ1CLncpn3AxEewLybn5tvuZWAN4_5iwsRq11OXQZfTN1yzH51wrXgIzZBgxqHF8PP2OxORtGGyvqhxTgSeaJ3xGeQG2l&cid=CAASPeRot4vgd4HAW3WKmFvnzygAtHUC5zvfHPbek7PtAuAHI-xlb7H8i-D46RZefSI3SBXYYjynR65sXZ0NZy8&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7c2c177ebdd51b8307397a23f48b86a268a4cebf16927781c2dbae1f6d23868a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23894
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 25D1 42 B
63 B 40ms
39ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CIptzR3Kc807YO4JfLvXANAeQ1T0z5KvIRqjEpi_YKi6T4eGKRFiA7ehTntmd25eG0FQ4FwKPgoMO9U5YiU1mkjLBM245VGAvOmvkmgP-IK1txNWw

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 25D1 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:56:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25D1 122 KB
37 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:13 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 25D1 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 87
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:55:46 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 25D1 0
0 29ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRIL7Km3F45uFcypEmyiZZcjBmG96b1W3kyIMW1dzIkwBfrtiJUUjQ3o_Agg-r7QoxNzqx3
Requested by: Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ 3 KB
3 KB 285ms
93ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: kitbit.net
URL: https://kitbit.net/kb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H/1.1 200
OK s.js Show response
kitbit.net/ 1 B
303 B 73ms
72ms Script
application/javascript 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/s.js?u=https%3A%2F%2Fsci-hub.mksa.top%2F

Requested by

Host: kitbit.net
URL: https://kitbit.net/kb.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:55:40 GMT
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 18:55:39 GMT

GET
H/1.1 200
OK h.gif
kitbit.net/ 43 B
537 B 143ms
70ms Image
image/gif 31.131.252.94
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kitbit.net/h.gif?r=&s=1600*1200*24&u=https%3A//sci-hub.mksa.top/&h=Sci-Hub%26kbuid%3D5EFC831FAC6BBE602D0BE78402B02D4F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:55:40 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+a6yE5wstTy2xAg==
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 18:55:40 GMT

GET
H2

200

cro
optinder.com/
Redirect Chain

https://p1.ntvk1.ru/nps
https://optinder.com/cro

0
562 B

61ms
44ms

Image
application/octet-stream

2606:4700:3036::6815:15dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optinder.com/cro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:15dc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ZBZlfrUEvmqQ2KCwoFOLKkLiJ4vjfNhNLxy9NOvGcHU%2FADJVbiN9LAKr22KgsAn9u22yQww%2F9Ygsi3DGlxcfeZtmmk%2Fi%2BZiwFtOBMj9EeBGYfqLRfGsds7F1Pr2DIMfqc8N%2Ba%2BfW"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cf-ray: 65bc1addfdf34a67-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
cf-request-id: 0a896f1ebe00004a67f0843000000001

Redirect headers

x-77-nzt: AcO1rzLZm/GB
date: Mon, 07 Jun 2021 18:57:13 GMT
last-modified: Mon, 07 Jun 2021 18:57:12 GMT
server: CDN77-Turbo
x-77-nzt-ray: ggN2S4rcfsI=
x-77-cache: MISS
content-type: text/html; charset=UTF-8
location: //optinder.com/cro
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
x-cache: MISS
x-77-pop: frankfurtDE
content-length: 0
x-request-id: 1231329431-1-1623092233.869
expires: Mon, 07 Jun 2021 18:57:12 GMT

GET
H/1.1 200
OK sud
ut9.rktch.com/ 88 B
88 B 164ms
54ms Image
image/png 89.108.97.2
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ut9.rktch.com/sud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 89.108.97.2 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d50603.reg.regrucolo.ru
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:13 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 88
Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6486
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1&C=1

43 B
1012 B

133ms
116ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:57:14 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOoDHtH8tzl3wd2akC-Ys8A&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Mon, 07 Jun 2021 18:57:14 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6486
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5sCfIDrIpr3KxFFtEYZQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

43 B
892 B

82ms
81ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:57:14 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6486
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEKih4__VjAubBnARAlB6lPg&google_cver=1

43 B
1021 B

126ms
57ms

Image
image/gif

185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEKih4__VjAubBnARAlB6lPg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLnGIxD8scwBGM-12qkBMAE&v=APEucNVbn6uZR1EoVCRNjZahw0KdwHlE0TbR6qXeWAwl3wR0SJAdXMeKkSsp9oexGpUzAd2gAwY6utAhWHZdGOChrIVXhmxZsidfalKeYSIwGr4hvbThD8L5vhC2iJr0ZD49Ga8EfgK-nSzkov66bn0udKGHt65Jps_zjlUgnBEErQt8Ks9KoC8

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.147:80
AN-X-Request-Uuid: f15a1dd6-1196-40b1-8f5f-b461ce79d3c6
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:13 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEKih4__VjAubBnARAlB6lPg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6486
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

170 B
188 B

122ms
62ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:13 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.7:80
AN-X-Request-Uuid: 48a8a73f-40c2-440b-a0de-f0272367ac7a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 25D1 111 KB
39 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85928
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 07 Jun 2021 19:05:05 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame 25D1 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A-UX3-1ObItFGWXxWXnySoS_PTYqpMJ64QrB0VImylfbWQmIhLHOXhPdNLGsr_k_bkeNgUya07Ofno2KoKaqrCMHFcUQXxd7olrB6hVFGYXZWwM1YtaYHPWhNUaB-CE492XZqRtFDi3rlIQVdeOb2CNoiTJg&dbm_d=AKAmf-DTuJbqlmw2M0ukkcwXcCFVNWOUQecC-2DkaF8g3czhGkEqmqtluwKUXO4UVv-hw1tox7OiRaXSaj8oJiNa57fdg7uc9fS_keI9l5ZXFv6Kii2nlu9YEDio2ikBV16ymQehYWxqI3gI4KFM7iiuzvS4FoqvH796K7ZcDV-71Hnu-KZjFvxZWtP0WOxgO2gqCihnoDg351Hyb-LHkTpu0Ea50aPZgqN0ciKt5oPgWG_JaBWqSbFguzNlQDMHDswhu0fYIE_o0xOnuojqsHhzx1n19alUJ8tWMOnANqtB8OuIA8lHwIyZp05_8BveM-MBayqdflGYte0tZLn45BcFjXm1m3IZ7kACHVFBijaXFgUxHRvQZnmld_TywkNhf2G0bMgHL83SRuS-xJFXf4fCB7WblMlwTczcqKFb5yiqUpwoKotuhTdzFgVDQfvCNJGya31ZbXJ-ac_XYwfv6l_XZ20bE1YZjQvqQNCcSW_IPh4ZW1qp2YK_MAM5O4azI-Uw1s7Rj3CGBUv54cZDTKI4JTm3lf1ZsQyV19bNT1ADaZGEV79aDtKArrUaHhLW48zYqkGuh3WDQ6bCAiS1bxAu51ILDbLqjorugWj1evyd1iVdSzilQN5r25UZr1gK3Xd8uZu20MIHpVVcWf5vtwInZtj9qDwNdty6qZuvtcH57ba_jim4zvZ8HhgDICDPnvSNO9IogYaP-TPB9aUxhp3OTKGQ1fsz6y_T6aWHIawosyuP2M1p8mullk0sXSPQ70DkZ0G7CvY2iepf8c4alTlcFRLBJHHf_wqqv2DBPx8JfGv0y_HVm6M-xHVqZPuNMqPIfizWEXmbOejU_9n0htbxT-vQgXKWMUMIWeiRLQwiscc-d7OBJsNAv0dOD2aOvZt5Y02Hyn5va_FR7wQWRVxX5WlyBsKSzCzR8wkUirl3XNGR5Wds_EMwNZqnPouN76nDqzTr2wyAQqYlwFO7LgieVVDs8qvBslP4ot38h9a3yWm_d2SRfrPuJnHJz6ypaLVJeVpbHrDK1xi9yrE1S008RVa4tSwPTmJayeas4xKiHJebjE4A2ZzeC0NPENg53l0Jue4oDTtg6U9laYG0oNJagaiJcUFNRTg0oM78Zk_CrcEXS0SbRbERLPfP_RvSe8dtb19VJEvJ1GlS6qHVxQIWfEXSNc8BYkNcNVOz5IV2TWmG_bOXTS12UEd38cXX263F0g5ugr4RL1fmsWn0mL7fIjGjinkejLoJgldzr0B_hr8IaU5Vcyu0soMJAZmTYRQtbz171lpkQxgxS2m0a1Gr_57YbhyWCLgq3wWfY5sHAnAaHaeU75fkLXKwfYZ-lljEjKrZnOtCfhSsUweKsjgHlpV-m__ExD_75CPww9wznc77JCRxiZs1yrDk067o1Hw_vKIGd3Lg9ynhDsfh-SY9MxMU_ShLxA3LUdP2xdbevILpzzqmXlnc0n9TGFhXDB3eVhPRgWY4SPhM7q6DiaXn9Cr-mSPviGtJTUMsDt30aKfaWlHAN2DXe7hmtdTGWeMyH8eGiUcCKj_aP3R4TeV7uKLRcLBWtcdW6YrTCNopoxjq9gAJhe_I6k-OCvT15_eMk1QYZ6j9buMyIOslFnPw-xS6dDpOX418E3JgR-2ItlJSO3rsC3Gl9tr7IYO0ltqY9ASz8iTRc6wZt01nPIXLspxeLLoBNCR3tYfIUj9kFvIy2FLFiemPRNcXylaRzNayVgg2JkxDdfgEs8F9wNCbzWDb6gY6F6A7oUMGnF9xjE0zqCJvBZ4ysDhTBUKJrHuY8L0bKd162zBmaDSh2k_SdKWBJ5SEaFKbgIaYxXuBS79NyuFL-rV8Fs3sa6mtqwrHTbGwsikOsrMoYIhdzoM8WBfl0JPoqWIgI6ilJzz8NGPrE7HtJF-wUNqVr_KBWOLgLF3J3cw9ZcDkdeoxThiIFr3zzWG5tiLsh-mMxnUCIEYjUSSTnRtbAo8uku3-fym8ohivNezfe3NvFf_8EXsKHdY6Wr1FKZW0gWf0Wzq_cIRgwrLxLqW2YIf90F8I6NM4wE4zvWnewFr4NmaWPPLoNP4o0C3RZanNvFlc-tbnwEYOx0F3-EvjKYY-C9j9wjApiF-uyzAQMjCKB2XvQGki8F0KQ55PaexFvl5-xzIaE9QOcnM5AWc0XWehjWK5bdTqJPp1V7yuPb9Xx61Yh4K2eAsfhyUOxsUVz9Ylo9CXtrCfYdMWc9_OJ7kxLBXf_LWN9MthR6lKIXgtD_LwRoGGuWr5dDTUBLrmmmKqdGiWWhArWFF3QqZxBSV3ZbKyLzQXP9ZIg8GHMMze1tmuQUZfqDZRSnnH45os3L82ZpEf1zTaxs6PJjyaI4mFp7zwpmwLXty6iJkaxVieu2tEj8P748ssZyyWJfWbBZ9CeKWktROKAdno6uLrQQ4GhnHn8dTzOqem4sWHWR3w3e5kDzr8aLx4vGudluZv-PeqwUf2vWMnBK-t3UcpVCX-_nfrgsk9YRvLoOj11eAkhgUqjg3rujc1TjHNc2SV1uGoFCf5mHlxpmoc9fBVXYIhy9IQ2fNdOSjDt_HILJ_6Wjsh06UPigX9daltp0shDsMH5NG53ybMZIg5g6EF20cf8XvTF3LW7h-tD1Q6P-AqJ9MZHkkk2XS2VcnOW3jvsBsmxEDQb3ivS4Q2mVPnsVHidsigrgAp57x6TDgpoGqlf1_K2tywxiF1Z1KURr3ZJySR1uw2BFULHq9TEIwJpX9DWjhTrukegUQkn9bMuBsPHsDJTHEefdMNIea3mqSw8vWPlLP9Ev4uOquoSIGU-GrKOnxmXOGSlS6LWEblJIz2nT_mRm8xXr12qX_3yKVpv-S_yAqdiPODjJgahBtsGWK3k02An4xTRoHIkaR-PtJlVwcPa15H5w445K9Z7KClHeZ5frAunIzLJ1CLncpn3AxEewLybn5tvuZWAN4_5iwsRq11OXQZfTN1yzH51wrXgIzZBgxqHF8PP2OxORtGGyvqhxTgSeaJ3xGeQG2l&cid=CAASPeRot4vgd4HAW3WKmFvnzygAtHUC5zvfHPbek7PtAuAHI-xlb7H8i-D46RZefSI3SBXYYjynR65sXZ0NZy8&rfl=1%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:53:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 210
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:53:43 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 25D1 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:54:06 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 25D1 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100097
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
DATA 200
OK truncated
/ Frame 25D1 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5abae6dce2107a48f5179acfcea9741cf0b5925a19aca47f1389618d40725467

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E8B1 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 94497
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 index.html Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 1EB3 6 KB
2 KB 21ms
7ms Document
text/html 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /8956534/1621239267390/728x90/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2292
date: Mon, 07 Jun 2021 12:50:25 GMT
expires: Tue, 08 Jun 2021 12:50:25 GMT
last-modified: Mon, 17 May 2021 08:14:27 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 22008
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 25D1 0
107 B 208ms
95ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu0f0IW4RFIhSHeGIdNOcG2-oM92xMB4mP7LKRzxxgqcx3jlWTu90yYpIii4gwgC14YHhupEYm99xdz3TV_g9e0RmtIQmj5yjlruGEBpDt80MWXl4665hVjJp8XeodDPJeZ2nC0zyuKCwH_HlQTzrvnwcpo7i8SeRZbdIZJ-EkMkNPpvUp_a47tZr3S3rSO-FI-DqbHQlkvG1OHEY26ahHOgz4_jmUdBTSIfQTRRy3vRtsjDHDNyJVh7WzQrvXPTK9ELiyRmSJGDEQM6Cf-Ixcz9hpjEYn7LXCyIYjgvDaGubO7lqbtQMVze6ApVE0EuSaPN85F5AS5C3BkrP5KZv0yyM1K0YQChwtD5efjR1EDV7iVRAea3vFNc3TdsTaJnl17yEnWvTHVxl_OA0XzPSjDDGmeH1_O5qYDsaQOMKLtfCbAUdh1iGUx_GZcufmFWndbTo_OmbgdSRZfOL1TTGTBKqo4Bz0MMavw7184VBGA24Hr7WSF-LBXM2t_Vvymn_54GFaEVw-H1w6WEG2xmFuLSUleshNfJPzgn9YmZisZMT8ejHLHPtjI0xIMPlmNp3TqBQoEub_R1bczPur75r0kjkoWNTD3oZbOg2m9mtbtZR9saCN0rtTETUJQ3ypNdP3gs6y5Fa1awnuPqyLxLeYZA6IR9TKFMPRDHjl8sBNjwKZqQIq59cgIzcl014TNlXjTZ1sIW2MSz_OOmMI87gs9DZ8xICyGXtKjcV3ztZUwzplqV3h1Z1zJBd5eeWj6_9gwCd_WJNtnc74q4U_CyZApYP-Kmu1LSwqeyjjRuGPZ_ZAk7AFu3kyAJkCwsG7dJuqKUY2pxU3ZLwDXzbDOidmGremCpicYe1u_jf7htJXZmyooNpYYslFnvJMKKySKImac47J_jssjiim4TJicCYxxSrz7tL4lL33OHZi9Zo7REd67F-Hyl17iXJ-w2ubGcZxGwUEXQEXkhgh3dgNGHgN55jhIrWNlmEQP3TKXALe7phoRgmEkX_s-xghJqVF7RyKHJDP9MZKuTdWyovvKZ20dJQdSXOj5Em3scrMGQ5WvEww7q8Ssmvsu-VK8TknmbYal9OwzLV6pTQHqVL-pB20lQcCDdYLkfJ9PqE8YTYNRbgRtkZH1zL-yiVQRRnmk6WrIkMYNwiGVksBZHjMaO44aBXGiwKqktnbtDaRkrIuWAZ8&sai=AMfl-YQQLG3-eRw8reDp6f-A8-HuIPdKsAFGyU6dzwLe5-9EfaXZvToEGAV1ZFqS7fld9LYi90Mvq0cXt0i1NXomxUThMabV_GIRLFV9HYj09YkJ67cKTJNs724uydGVkSo8S13K69emrly3pjN8WrWlq_g1IeAfck6wqIwjGiXDpTm_eAnen7CkvE3gbr3VDCLdUnZoONHWIMQG8H6SOnrJIX1SmeJ6SOL02NujzhuGeQ&sig=Cg0ArKJSzCj4_eCxnXv0EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=99&cbvp=1&cstd=95&cisv=r20210601.40123&adurl=

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 07 Jun 2021 18:57:14 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame E8B1 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2644
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H2 200 createjs-2015.11.26.min.js Show response
code.createjs.com/ Frame 1EB3 186 KB
48 KB 46ms
28ms Script
text/javascript 2a02:26f0:6c00::210:ba18
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/createjs-2015.11.26.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00::210:ba18 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: 575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:13 GMT
content-encoding: gzip
server: Apache
cache-control: max-age=900
vary: Accept-Encoding
content-type: text/javascript
x-n: S
accept-ranges: bytes
expires: Mon, 07 Jun 2021 19:12:13 GMT

GET
H3-29 200 728x90.js Show response
s0.2mdn.net/8956534/1621239267390/728x90/ Frame 1EB3 16 KB
2 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/728x90.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22008
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2476
x-xss-protection: 0
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 08 Jun 2021 12:50:25 GMT

GET
H3-29 200 bg1.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 19 KB
19 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg1.jpg

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22007
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19268
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 25D1 0
528 B 89ms
89ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 18:57:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 bg2.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 10 KB
10 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg2.jpg

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:27 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22007
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10700
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:27 GMT

GET
H3-29 200 bg3.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 22 KB
22 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg3.jpg

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22006
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22696
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 bg4.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 786 B
808 B 7ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg4.jpg

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22006
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 786
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 container.html Show response
b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D2AB 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 18:57:13 GMT
expires: Tue, 07 Jun 2022 18:57:13 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E8B1 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdDBiCWy-YNGiLuqNjuwPksuuCAAAAAA4AeAEAg&bg=!0dKl0pbNAAY6sG-_OrA7ACkAdvg8Wv4cOEw6W7GbdD6FQOKdjrChqYYSX8ThIb3cw8y2s3eLO3rKOQIAAABtUgAAAAxoAQcKABUwqySoBTcVmqvm78TJbaa61RacOgSZAppAdnbbFSb_l5Z88uPx5rE1Fa2swrzXN5GPAvykqvqTaVTenOQLxVlqZWCD7eLqkLT-mzwnw4vU9GT-eoXDfSuRObfyNW5rq4zomusE6ubAFiZ9mnPy23UJxbFS2juM7RalKm_cNdEKOOR_6s2Ag-xhz-_8ZeXhfx-GNdJtO9N6dSTTFH24d-_EzRK5WFqyhzBZ6KKuoadzZyzL8dPHw3dooN_wAUFDDnrTWJd4-37wExdwqLkFjoqgejAFtTEl2dHjqXPc5Yu9pb4FLPUU0dP7hAGIUN6LI5dakAqB1L86G7kV7zM-SPDeg-nppCV3GdHKo0Tu0iALSdl64yOQussVz5dq0WFL9qXD92Hjf9lOAAnK4PREgoZk4eo5NTvtZ5RIKNAWOESIMbaPSeYAcAvnM6qOAED-EOX2FzMrkIJFqnsq8KHdN5Pr0k1N6ou0Z8mBO_AovzhmyQ6DrQVOnOpu3ZjSpjvRYbOUuCSR0tmR7396rURxa0gr2HiFHUm73Brv7q26wjdYMRDj8JzQCAMjA-9Q6PLiJj_nSCOubfL2BbwJXf1Yf23ffQYtoMwPPtyPVZrCS7PSPGDyVkZz7zh_m44OaLy1do7LWW9pD3RJGIycAjbOZd7Y4rOaku2e1xvoeKCdZRNy2LXUscE2BLqRajOUmoIZovyGclS_DrsgCI0TL82W4ZgnFn7o0LMjhqfd_iu8wsVjwaGYZ_THloEhUKvWHcb7-cUytW1Udomd7ubUHPNxFP07zsiv5RNdZitr41N8FGKesAlJNvHfyAdd75J_vt8-4ZWvR1CEnI_ELFsBbX3nvL6kQ32WpX6i8GM0Nfd-c0qET0TPYYDVuzshVzRR4lANQ3awmEoy-KQxvISFOm6HMnipl9I

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 bg5.jpg
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 17 KB
17 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/bg5.jpg

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22006
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17109
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ 15 KB
16 KB 155ms
155ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=593150146475878
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BB32 624 B
299 B 33ms
18ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlvbGgyywZvi-zZHrwI38n8Cow4EGm0j2QyEDzb9BSx4kSllQM4GuP99ZpdL_Q; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 18:57:14 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 18:57:14 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F67F 24 KB
12 KB 52ms
37ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BgnbPxKrHvHD4Fc_yN9Tpid6zb5-gXKjCCW0LThGnPFNGaI-1m8lt2xWnRTKlWeeGnPYqdR2am2AQuW87jRW5fn3cWzoPL7mQ8y9u73uP15NH448TE9vlk2bxVwuVN_7Z72_ioHnyvW8ASv1z-Po7dK4wG3Q&cry=1&dbm_d=AKAmf-D5ifnx7vLbd8M29cREeqAlsyEEunlvjD9VncW0RtqLrVSztHWtmepzFLeivfkgPHWYp4HsJdZclN0EN9fZWezbTl_5f5Aw8tn6kAl9m-2HeHIPmWFuKMq9WkhrFOC4SVnih49CCOS-9QWHhrxHAofhWN-kN4KO57bUwKgwVCHdW5-9xpDvWTUOz6pyZZqJ8UFHatJ0tt89wDatrxODyw0ihRIFCNW_RJ_1ox9PCLqmt3TaNMKzSuP8T5RuUsYM-LuIiGbAVEaU9_0wjFk58m4HaKsyYaphcowfKhJ9OeZMv7RO593aHB3J-I5kzjnWIGHmqWKggbjIjzX-IpvIXLoqAOFiF9RDgzEanCf-brDG1O_rDcQKz3OGjBeYkU6_M3SsaTcoIlh3w1nFw6ZQXY4k4Ys3aYqwMv366m8nhFdVMEyz4AFcJ3jPbPYDvS-zzZwodQ2buwbJ_Edh39X3gA1M1_mEEMrovodap62yvjGSXjvgpGM6te01q3kWTbx9dV42FWWtflauI00JF3MUYdoDAlD51psS-_p30Fwux00TulBLWGTgSCcd2YVXHKWJuFt8wDfx1OMltmyf9K33UNIRti4d0uWj04RJkOnX1H72EEKH4AjKWmFKo9WaVr9USi_aXEEtFf-rR2SsAEZ0Dap2Mv-IhHI4Hl2AcGN4p8qLoxCiw3dWNKlj6QssYDbRx4rcfOV0PEYroy7e2XT6An7su5Okhn8MhSF6y7iSaW8KnRB7tZWEJ8LM1WBVSsUv6mdnWrGNuVZlrtyBv5J1QtgSP5Y-dohqSJrQayxCRbA17GWXEdL_FwrqwSckNiTNv9SMCenei1xd_CdGZzV97baXyaeFKgs_3kte4dLPJ7GbVDoOLuqjWzegfHfVYByrZi9QvU1CxrD9LkLF1kboRfeOeYFQSUahIu6lx01OzanEdN-l7TlVZBuAKU_IrJnrf6iCyQJOeGmJvV6HlUOWlN89jDf5YjEYjDTzv6XmV1r4L7bd4UepxPOdlQjc-II21D5g6dxI26U3QSxbEHKMFZNFFjLf7g-YQ2akaStTPLXPNQbvkwJXj-UmcJzzvurHvMXULCMAFztJX2cv2b8lkYjevl0bhme1L6vfC6H7U9KzQ5QK-PbrIXjOvk7UR5MNCjoBNOGFricGswD0sjrvtVs_e1D3pG6-Ib9Jq8S2PM_FVjwWLVDcSQNpfP_gmHE-2zq5E2KPeQN6Pua7hc-gi2L5jg5Lx_DmtlbSvR8f5PbGHkzuG8AqKAAJISEW2C9leA8R9w_Z8CKud4rwI51Sa03C_dAQXPK-FI1U6a9kqVeWNtqTQymgOeOQcwcC0ar3n84p9uvr1nI9H_7TKQIxBmIdp3K8P1DkLb-EpAk2XC2ZsHANVhEIdZxDJUId1kDQH-JVgHAPiTC2Nvb97GwvUuEs9s058VrAO91LMUUgrr8qSAUbKSTvwK7o2PSKr4pVX0eWzP78AZZIu6bFJo1xHe7RShNVcoD30-WDmb-m_8Sz4MYeq-jhm3YAoPrTSd3bDH8vYB9iU8SmUuRI4589gL73K1yAqW7m_aS93RkfhWlurSzSE-9X4ZIMhBcYnIcM8ZzDXKaHlt_CIgIjprS2Jh0UOTbDiHAwsgvV5d2Sixka-JuHE1WMg0J8VZsL0cwlTaknLvdkxUGPwKPNaawCpzuxTs3kLdcxirf8aecQFENqf7_GrRbV60ABkEm7yT-z4SfbO1rFQgMMxL3_dw4ZUDIPwuYHSo9x8ZGbFMInVsWTNCC3IkQMFPI8StuHPk-Ka8-gUmCYNpGvePJMVD4mv28ZO8khfpu544GsI0kh0n-kc81P4beSPykkpCLSUg8PIPPmgy20rN7ZhnJSWr_qKAl9Y-499ewKzdjXqA9C6BrjUxzQZjdJJGjTRnc9HV45zU4Rkpe2z-2XgtLa1zvc-OSp65lF0lwo1JiHPgGSCWprNz2XTbJaEw3-Ci6ghU7a8JKl8bguc7f1LuxR5sGHQ0BunXjWANGqybRrWnHr-ujAjZhs5kkCME4F28n60nxwhlw_D3hadU4oZjhE5BfPxBT-jd_E2QEN9xOVyk18jMD1UCJPb3lSmKIMeTKbp-QH-eU4MOSpQhVOj9DQneJj4s8disQcSfG32aI7KhhIkgjpllOyXdvQ9rD0Jh5FkSACWd-7uMRYt4R3LWDIXa7lWCxN1oZxBz9u_SKWKa64XYYOrAZiW22CL_y6sqvM-yCj2QP6bJwaN7aQC1Cn4Z5TmHI0bz-0nKhZlMHx_tJjcsZOytMdUZ_49rFeGkwTkza1GYhQ7z3_JsyAKxmB7sE5A9Ih2niGFxjx6quWn74FSQizSQeNcDRYuFJwF_4sMd-0Frbn9t0knhmzGQ56Z-60DteKjyrn_WFYgHTVCI3iFRTlaK4nJzwbAVI8F1Ip4mfCMvYb66iZEMUkFma3A67MUUEm0vBm1dea4vk_9tkSaHwq0F95-TExzmtkVuQWW01GtawtLjy7RAjTAWNJLb4PRuQQdroO_HHjLyuipKgO3E1YLkjHBFRlu9Sqi0jIvrFwvTZJWoYPKhGSo_jjlvZH7l2_NXS9cADWE6osRLjdqlc3hfS7Jx7TI0YnnFhq7zTzX4f0kPL8SVvzlj8RI6GrnZM-yN8ijmvfEay0YtK2f0JtIQCeTszRQxJOb6dN1UAe1XTTMowYmg9pMEdelTBUcjm2xDcFPOkKinqPthvRwdVfdM4LjMGok9AiaPyyz2EIc9qsZNHSRFRUweg8RBnXzKpjOqjxKpJzfTcsc3dlYwF1GP8XFv23bS8iuq39f0mXR6TfTxy20T6eyjRwGC9EJ4FnVoG2DhhnENEcEOLg4Jnsw5edrWnoAK3U3Yf18edJIQkiH6SKo_hDpn7V697KK3G3ru-ERfRmiqLRQ9cEqPyjp1DC7oOJzkpkSfsaMghTvCtajStFPVshyiMbuWqsLHnCguj_mcHvzT0wxMMPKyqVI-RcBNKYFDhg-YMkptiBf317tEK1Rg5_OdriGBMaWkiAumOl6kVhWdnGa9jo_yDmRmPsix4HSqqxyIp7VUExbXX5UM3SU-IqLYOmrMqbdxnpMuM2OAA3Uz1BoE-9B87N9-Ax6X2ceL65OBTVciSJinIHi9R0IVXRmpVXoAR_aIHpxtEJmtMeybeojLC52OMjE6t1ihpcaDGBBMSNwXAFGfKlCqorHlqn5h-JuAlxQ2kU2h37Vec_VK1rLOJ6sS3GMzw2VvnszJgqwuJOt0cni5fdDZYgapd2OYg_zmq15W0PNwlHeg&cid=CAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bafd0348b39274c3ef4da62d6b36a07fee7758dd97f3d6c2f16b6d24a6712bea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12591
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame F67F 2 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 56
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:56:18 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F67F 122 KB
37 KB 29ms
14ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:14 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 18:57:14 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame F67F 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 88
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:55:46 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame F67F 0
0 15ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQajkJBUFxDSHVxYMg3xRGpt5AP7ERfW6vxOpOqOKpZRZXhGPgn4Xbu6Orm1Kmh-_JO_UzG
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F67F 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AV6CKI0wBbyrlqb8SEnZvVVzxSPEzgkR0Snmors33fBHY0M4tZ58_x29_7lLczH7O8Hy622shVmoBl9hY5XHzVhbIUk4vQ2483xTnzPiqHRMaxCFU

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 copy1.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 5 KB
5 KB 8ms
7ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy1.png

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22006
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4879
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 copy2.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 4 KB
4 KB 7ms
6ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy2.png

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:28 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22006
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4267
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:28 GMT

GET
H3-29 200 copy3.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 3 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy3.png

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22005
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3308
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 200 copy4.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy4.png

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22005
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2480
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BB32
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

43 B
892 B

95ms
94ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:57:14 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame BB32
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL5sCkPBmkA-GT5E8b0HJQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1

43 B
892 B

84ms
84ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 18:57:14 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPXx0VaEMSQV_mHr9C0n9E8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame BB32
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMDwjrY_C6JpZBWR8VeNSs&google_cver=1

43 B
1020 B

64ms
64ms

Image
image/gif

185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIMDwjrY_C6JpZBWR8VeNSs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYj6qGJzAB&v=APEucNUvvurQimFNKvbIzjsroymRXxuQfuT07YxOGoVhi1qlXpeTI-EqMvoHrs2TFiur3kYEEPPt9kSm-5nxEpLHlMm2yCngvsu2rj-SvMmG8jnp30J0dl448QC7oMUMrmy9QnMwwslYxTvJV2vyXTuFlnPUNRv1IUV6_Q6lvjjRshsg7QJepDE

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.75:80
AN-X-Request-Uuid: 32c24d3d-e874-4978-aff8-03e5620d8339
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIMDwjrY_C6JpZBWR8VeNSs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BB32
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

170 B
188 B

62ms
62ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
X-Proxy-Origin: 185.76.9.107; 185.76.9.107; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.132:80
AN-X-Request-Uuid: 744a037d-07e6-4183-bca7-20cc9a10c66d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Nzg0NDAwNTU1MTQwMzI2Nzk4NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 copy5.png
s0.2mdn.net/8956534/1621239267390/728x90/images/ Frame 1EB3 35 KB
35 KB 7ms
7ms Image
image/png 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/8956534/1621239267390/728x90/images/copy5.png

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/8956534/1621239267390/728x90/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 12:50:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 17 May 2021 08:14:27 GMT
server: sffe
age: 22005
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35930
x-xss-protection: 0
expires: Tue, 08 Jun 2021 12:50:29 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame F67F 22 KB
8 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BgnbPxKrHvHD4Fc_yN9Tpid6zb5-gXKjCCW0LThGnPFNGaI-1m8lt2xWnRTKlWeeGnPYqdR2am2AQuW87jRW5fn3cWzoPL7mQ8y9u73uP15NH448TE9vlk2bxVwuVN_7Z72_ioHnyvW8ASv1z-Po7dK4wG3Q&cry=1&dbm_d=AKAmf-D5ifnx7vLbd8M29cREeqAlsyEEunlvjD9VncW0RtqLrVSztHWtmepzFLeivfkgPHWYp4HsJdZclN0EN9fZWezbTl_5f5Aw8tn6kAl9m-2HeHIPmWFuKMq9WkhrFOC4SVnih49CCOS-9QWHhrxHAofhWN-kN4KO57bUwKgwVCHdW5-9xpDvWTUOz6pyZZqJ8UFHatJ0tt89wDatrxODyw0ihRIFCNW_RJ_1ox9PCLqmt3TaNMKzSuP8T5RuUsYM-LuIiGbAVEaU9_0wjFk58m4HaKsyYaphcowfKhJ9OeZMv7RO593aHB3J-I5kzjnWIGHmqWKggbjIjzX-IpvIXLoqAOFiF9RDgzEanCf-brDG1O_rDcQKz3OGjBeYkU6_M3SsaTcoIlh3w1nFw6ZQXY4k4Ys3aYqwMv366m8nhFdVMEyz4AFcJ3jPbPYDvS-zzZwodQ2buwbJ_Edh39X3gA1M1_mEEMrovodap62yvjGSXjvgpGM6te01q3kWTbx9dV42FWWtflauI00JF3MUYdoDAlD51psS-_p30Fwux00TulBLWGTgSCcd2YVXHKWJuFt8wDfx1OMltmyf9K33UNIRti4d0uWj04RJkOnX1H72EEKH4AjKWmFKo9WaVr9USi_aXEEtFf-rR2SsAEZ0Dap2Mv-IhHI4Hl2AcGN4p8qLoxCiw3dWNKlj6QssYDbRx4rcfOV0PEYroy7e2XT6An7su5Okhn8MhSF6y7iSaW8KnRB7tZWEJ8LM1WBVSsUv6mdnWrGNuVZlrtyBv5J1QtgSP5Y-dohqSJrQayxCRbA17GWXEdL_FwrqwSckNiTNv9SMCenei1xd_CdGZzV97baXyaeFKgs_3kte4dLPJ7GbVDoOLuqjWzegfHfVYByrZi9QvU1CxrD9LkLF1kboRfeOeYFQSUahIu6lx01OzanEdN-l7TlVZBuAKU_IrJnrf6iCyQJOeGmJvV6HlUOWlN89jDf5YjEYjDTzv6XmV1r4L7bd4UepxPOdlQjc-II21D5g6dxI26U3QSxbEHKMFZNFFjLf7g-YQ2akaStTPLXPNQbvkwJXj-UmcJzzvurHvMXULCMAFztJX2cv2b8lkYjevl0bhme1L6vfC6H7U9KzQ5QK-PbrIXjOvk7UR5MNCjoBNOGFricGswD0sjrvtVs_e1D3pG6-Ib9Jq8S2PM_FVjwWLVDcSQNpfP_gmHE-2zq5E2KPeQN6Pua7hc-gi2L5jg5Lx_DmtlbSvR8f5PbGHkzuG8AqKAAJISEW2C9leA8R9w_Z8CKud4rwI51Sa03C_dAQXPK-FI1U6a9kqVeWNtqTQymgOeOQcwcC0ar3n84p9uvr1nI9H_7TKQIxBmIdp3K8P1DkLb-EpAk2XC2ZsHANVhEIdZxDJUId1kDQH-JVgHAPiTC2Nvb97GwvUuEs9s058VrAO91LMUUgrr8qSAUbKSTvwK7o2PSKr4pVX0eWzP78AZZIu6bFJo1xHe7RShNVcoD30-WDmb-m_8Sz4MYeq-jhm3YAoPrTSd3bDH8vYB9iU8SmUuRI4589gL73K1yAqW7m_aS93RkfhWlurSzSE-9X4ZIMhBcYnIcM8ZzDXKaHlt_CIgIjprS2Jh0UOTbDiHAwsgvV5d2Sixka-JuHE1WMg0J8VZsL0cwlTaknLvdkxUGPwKPNaawCpzuxTs3kLdcxirf8aecQFENqf7_GrRbV60ABkEm7yT-z4SfbO1rFQgMMxL3_dw4ZUDIPwuYHSo9x8ZGbFMInVsWTNCC3IkQMFPI8StuHPk-Ka8-gUmCYNpGvePJMVD4mv28ZO8khfpu544GsI0kh0n-kc81P4beSPykkpCLSUg8PIPPmgy20rN7ZhnJSWr_qKAl9Y-499ewKzdjXqA9C6BrjUxzQZjdJJGjTRnc9HV45zU4Rkpe2z-2XgtLa1zvc-OSp65lF0lwo1JiHPgGSCWprNz2XTbJaEw3-Ci6ghU7a8JKl8bguc7f1LuxR5sGHQ0BunXjWANGqybRrWnHr-ujAjZhs5kkCME4F28n60nxwhlw_D3hadU4oZjhE5BfPxBT-jd_E2QEN9xOVyk18jMD1UCJPb3lSmKIMeTKbp-QH-eU4MOSpQhVOj9DQneJj4s8disQcSfG32aI7KhhIkgjpllOyXdvQ9rD0Jh5FkSACWd-7uMRYt4R3LWDIXa7lWCxN1oZxBz9u_SKWKa64XYYOrAZiW22CL_y6sqvM-yCj2QP6bJwaN7aQC1Cn4Z5TmHI0bz-0nKhZlMHx_tJjcsZOytMdUZ_49rFeGkwTkza1GYhQ7z3_JsyAKxmB7sE5A9Ih2niGFxjx6quWn74FSQizSQeNcDRYuFJwF_4sMd-0Frbn9t0knhmzGQ56Z-60DteKjyrn_WFYgHTVCI3iFRTlaK4nJzwbAVI8F1Ip4mfCMvYb66iZEMUkFma3A67MUUEm0vBm1dea4vk_9tkSaHwq0F95-TExzmtkVuQWW01GtawtLjy7RAjTAWNJLb4PRuQQdroO_HHjLyuipKgO3E1YLkjHBFRlu9Sqi0jIvrFwvTZJWoYPKhGSo_jjlvZH7l2_NXS9cADWE6osRLjdqlc3hfS7Jx7TI0YnnFhq7zTzX4f0kPL8SVvzlj8RI6GrnZM-yN8ijmvfEay0YtK2f0JtIQCeTszRQxJOb6dN1UAe1XTTMowYmg9pMEdelTBUcjm2xDcFPOkKinqPthvRwdVfdM4LjMGok9AiaPyyz2EIc9qsZNHSRFRUweg8RBnXzKpjOqjxKpJzfTcsc3dlYwF1GP8XFv23bS8iuq39f0mXR6TfTxy20T6eyjRwGC9EJ4FnVoG2DhhnENEcEOLg4Jnsw5edrWnoAK3U3Yf18edJIQkiH6SKo_hDpn7V697KK3G3ru-ERfRmiqLRQ9cEqPyjp1DC7oOJzkpkSfsaMghTvCtajStFPVshyiMbuWqsLHnCguj_mcHvzT0wxMMPKyqVI-RcBNKYFDhg-YMkptiBf317tEK1Rg5_OdriGBMaWkiAumOl6kVhWdnGa9jo_yDmRmPsix4HSqqxyIp7VUExbXX5UM3SU-IqLYOmrMqbdxnpMuM2OAA3Uz1BoE-9B87N9-Ax6X2ceL65OBTVciSJinIHi9R0IVXRmpVXoAR_aIHpxtEJmtMeybeojLC52OMjE6t1ihpcaDGBBMSNwXAFGfKlCqorHlqn5h-JuAlxQ2kU2h37Vec_VK1rLOJ6sS3GMzw2VvnszJgqwuJOt0cni5fdDZYgapd2OYg_zmq15W0PNwlHeg&cid=CAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:54:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 188
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8594
x-xss-protection: 0
server: cafe
etag: 7958287194716579593
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 18:54:06 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F67F 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 15:08:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100098
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 06 Jun 2022 15:08:56 GMT

GET
H/1.1 200
OK i0be04j7xi0r Show response
hal9000.redintelligence.net/zone/ Frame F67F 11 KB
4 KB 188ms
62ms Script
text/html 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/i0be04j7xi0r?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D
Requested by: Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 4779e8fe52dfb5587279ad15977ded12447085d94c6b2cdb7fc1e2bea0f3874d

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3945
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame CD60 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Sun, 06 Jun 2021 16:42:16 GMT
expires: Mon, 06 Jun 2022 16:42:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 94498
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame CD60 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2645
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 18:13:09 GMT

GET
H/1.1 200
OK extension_1086.js Show response
tag.digitaltarget.ru/extensions/ 732 B
976 B 93ms
93ms Script
application/javascript 185.15.175.157
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/extensions/extension_1086.js?i=878744524373143
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.157 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-2dc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 732

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD60 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BR18-Cmy-YL-zBouT7_UP5vyAsAQAAAAAOAHgBAI&bg=!3d6l3prNAAY6sG-_OrA7ACkAdvg8Wrjq-Ej07Woimq38f0EHsf0tbb8JxXUGo_yNomy-gCTAx7uKvwIAAABlUgAAAAloAQeZAuAIBsfAL8osXqDfJCSgFpGBeBzP75bfzMSS5xjAXjW9MFchcXCo-2VMBWr8-yOU8lqFU2APO3Y2P0wJS_sZwxtbU81crv9InIKavVIx5OJNFpf4nhE-t6P_IiESGLa9QVFO0-0eZ_Dn5g2DcyG-ks2PvzMI70v6mj5Y_4_PURnkVUeTvPmE8hZ0u-59hyOcfPSgY4CC_kHK7o6bZqnOROfLrJYQvxtjb6Fle1q9ds6auGoSPH1Ey6b9q_XuKVwLxg6p5_RKbNlK3fQ4wmHKFoTMs6hpZb62PxLDmqXGML5EV_kYHj2Y-zy8YyYVc8ENijHF0wdqc5GKRbZJseG3xASDdZXHNqlIRlbe0UY3p-IzB12-rOwo3GqkV737wKvGtpqGcn9w_VJsKh1F6xkNZeTyfzD1IfQAl4ylKG0vUSOMwjJufJiLCVOrYTEzl8NlHziyBFWeEIyHsEvMFnodNDV751hpQ1fWeCa5wf6DPfsK4-9L4PzUb2WP1cGJAROEtAQexans-Fl75DFvJ-f9LmHPql9LfwosNikjVhlBCUxinNq0-C00fsfCyk1YHBDgm2upirAEhmFAK9fvJOo7pHrqkCF42aw5MM7aSZEht78ksSqIQ4x3KnxFcFggI_76FEnDpTR9UJp6pqAZDwG5V6ypXBJYuz-bK7HeUoBQ9A7O3GW1Cl5n21gugiOEEGUHI6DkQ_odBeNx-gDsViwxD2GM6KeK3fN5TefGCnmRcdAyNpR-HJIvpVgBAIQWHQ93SZQn0QQu9hxGH1CqRsj6ZOVdcmZS_O5ELKhTQHHK_pFNGxl8SovauUgwm3seHhOFgh3V57k_j6SoqmhLTrw1kL3BtFzBo567XPqy9TRCeOpTroeRhnY7p0Ha2XMx2fPpIavlnI75gzr0QGMlwQnyiRcdaq84nHs0PMP2K1iQsG5a2OYuULeZve1t_FGO77pjmy_mJmhfowIxOCzYrVMe2wWA

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

i
dmg.digitaltarget.ru/1/7086/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc
https://dmg.digitaltarget.ru/1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc&q=scc

0
228 B

94ms
94ms

Image
text/plain

185.15.175.131
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc&q=scc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.131 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

Redirect headers

Location: /1/7086/i/i?i=538319423591140.814722753913986&c=tg:adcm_pc&q=scc
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

i
dmg.digitaltarget.ru/1/6533/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/6534/i/i?i=538319423591140.628043966834028&c=tg:adcm_pc
https://dmg.digitaltarget.ru/awg/custom/6534/i/i?call_source=awg&i=538319423591140.628043966834028&c=tg:adcm_pc
https://fnc.rt.ru/1/6532/i/i?i=Xh21WyKXlWKYmgO7knUf&c=tg:rds_6534
https://fnc.rt.ru/1/6532/i/i?i=Xh21WyKXlWKYmgO7knUf&c=tg:rds_6534&q=scc
https://dmg.digitaltarget.ru/1/6533/i/i?i=715571001618453762141000000003192196&a=774&e=588FxJUwBF3D5555nkGf

49 B
603 B

108ms
105ms

Image
image/gif

185.15.175.131
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmg.digitaltarget.ru/1/6533/i/i?i=715571001618453762141000000003192196&a=774&e=588FxJUwBF3D5555nkGf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.15.175.131 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),

Reverse DNS

Software

nginx /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Request-Time: 11
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 64
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Credentials: true

Redirect headers

Location: https://dmg.digitaltarget.ru/1/6533/i/i?i=715571001618453762141000000003192196&a=774&e=588FxJUwBF3D5555nkGf
Date: Mon, 07 Jun 2021 18:57:15 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://fnc.rt.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=538319423591140.651826983739081&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=538319423591140.651826983739081&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:d...
https://vk.com/rtrg?p=VK-RTRG-518563-fDktK

49 B
445 B

143ms
52ms

Image
image/gif

87.240.190.67
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-518563-fDktK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv67-190-240-87.vk.com

Software

kittenx / KPHP/7.4.107424

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:14 GMT
content-encoding: gzip
x-frontend: front220007
server: kittenx
x-powered-by: KPHP/7.4.107424
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-518563-fDktK
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 7
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=538319423591140.24651396570107&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:duUBi5H5FNEm9y2ElsWekhOZ.xp...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=538319423591140.24651396570107&a=86&e=5EFC831FAC6BBE602D0BE78402B02D4F&c=ss:86.up:5EFC831FAC6BBE602D0BE78402B02D4F.sync:up.xdua:du...
https://vk.com/rtrg?p=VK-RTRG-953909-hMgly

49 B
446 B

124ms
51ms

Image
image/gif

87.240.190.67
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-953909-hMgly

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.67 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

srv67-190-240-87.vk.com

Software

kittenx / KPHP/7.4.107424

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:14 GMT
content-encoding: gzip
x-frontend: front220007
server: kittenx
x-powered-by: KPHP/7.4.107424
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-953909-hMgly
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 13
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H/1.1

200
OK

request.php Show response
hal900030.redintelligence.net/ Frame F67F
Redirect Chain

https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

3 KB
2 KB

255ms
129ms

Script
application/x-javascript

136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Requested by: Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: f72c3857fdbaa22f4f40a1bc54c6fe1bb33d94d33d45abc2d912c5a72ef10c82

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 41553200193780600510390011618030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1076
Expires: Mon, 07 Jun 2021 19:57:14 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 07 Jun 2021 19:57:14 +0200

GET
H2

200

dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg Show response
static.tradetracker.net/se/material_image/02/ Frame 839A
Redirect Chain

https://ti.tradetracker.net/?c=31577&m=1646244&a=157788&r=41553200193780600510390011618030&t=html
https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg

39 KB
39 KB

71ms
21ms

Document
image/jpeg

2600:9000:2050:b000:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2050:b000:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91

Request headers

:method: GET
:authority: static.tradetracker.net
:scheme: https
:path: /se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; uf=nBTT7%2BfO0AoUWWrGJJGLnzFjYVRZMTQ1UDJlUmUvZDlFVEhpOHh1OGNlV0o5NEdxdmNRYnBpakxoUlo5K0U0OEtkQXIvOFhvZGdtbjhKOFhwdTJzUUFLUWp4aVRlMy95d0wzektRPT0%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

content-type: image/jpeg
content-length: 39656
accept-ranges: bytes
last-modified: Mon, 04 Nov 2019 09:13:22 GMT
server: nginx
date: Mon, 07 Jun 2021 18:56:23 GMT
etag: "5dbfebb2-9ae8"
x-cache: Hit from cloudfront
via: 1.1 d78805a0dcdbb4f0c955095c7c1a0fb6.cloudfront.net (CloudFront)
x-amz-cf-pop: BUD50-C1
x-amz-cf-id: 5U4VcVX2jToz6_BTCklZaEEb5lU2nyeCZFKF6zBUTt6DWDnDfjlRXA==
age: 142

Redirect headers

date: Mon, 07 Jun 2021 18:57:15 GMT
content-type: text/html; charset=utf-8
location: https://static.tradetracker.net/se/material_image/02/dc09e91cfcfaf1c41b38aa8dfb43cbb2546ceb.jpg
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-cache, must-revalidate
set-cookie: uf=nBTT7%2BfO0AoUWWrGJJGLnzFjYVRZMTQ1UDJlUmUvZDlFVEhpOHh1OGNlV0o5NEdxdmNRYnBpakxoUlo5K0U0OEtkQXIvOFhvZGdtbjhKOFhwdTJzUUFLUWp4aVRlMy95d0wzektRPT0%3D; expires=Tue, 07-Jun-2022 18:57:14 GMT; Max-Age=31536000; path=/; SameSite=None; domain=.tradetracker.net; secure pi=d0bf8ba1ffb26f7d9154d0fe7f3359bb; expires=Wed, 15-Sep-2021 18:57:15 GMT; Max-Age=8640000; path=/; SameSite=None; domain=.tradetracker.net; secure

GET
H2 200 / Show response
ti.tradetracker.net/ Frame F67F 454 B
1 KB 255ms
108ms Script
text/javascript 108.128.9.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=41553200193780600510390011618030&t=js&wid=tt-55ccfc
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.9.52 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-9-52.eu-west-1.compute.amazonaws.com
Software: nginx / PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
Resource Hash: ab3c091c2540eb67c2a574645cd49a8f6be37c6598eb9a1b1478924acc3806dd

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:57:15 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=utf8
server: nginx
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame D697 6 KB
2 KB 181ms
61ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=i0be04j7xi0r&nw=20&renderingType=javascript&namespace=5cb4a0fd5c&subid=&uid=892a2522cd61f998&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x18&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCpOa1CWy-YLuyLp6U7_UPi7S88AeVsMG4XPzDzobUCvAuEAEgtKPufmDxrfyFpB_IAQmpAuFKq_HKbbQ-qAMBqgTjAU_QN0nCkj7wAUfGvP2QDgomAHP43zW-YTR48eg_98MIyHP9URXvOaIQqM7qdrNPZ_jfqROHmhTWZoiyjrdRKcToLrASbXRyXZE3AmOYnurDwUAu-yZsEkiiJoJtJEIYl0g503AX_wivjBhhGirZ4pBm82lNX9jyqFhlj1_t3vwhW1jR2KgoItrNkjIojNINluUj9EzmNRzKXHrLWFfs0x5NeaauBmTnpCM5cIrSk8ycaLSrLCd66bjE7tKTmUm__tDS4foiamj8UaMbdMSCR97JiNG5iA2xY8lWBWDKCd8H8SVzwAS40oGXyQHgBAOQBgGgBk2AB-vn6F6oB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7NUbqAfulrECqAemvhuoB-zVG6gH89EbqAeW2BvYBwDSCAkIgOGAUBABGB2ACgOYCwHICwGADAGwE5HlsgrQEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASPeRoSX9zhfvDSfyHzBvpgp-Ndp-jqv6PSaqJvxajjECGOOHbO3V7eqJEA4e6fDY91BonmBYT7xGM9QihOJ0%26sig%3DAOD64_2KScVe_SBOS0SNBw9DO-YlPa7_8w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BeGiCk1xLlB6gWweIQGVx_p2BKinRfqaMCYJif9uVWGte8aOxHwoDDeHKYUFbnqYW5bqNQcJsup-GfIKcFY2Gsp3gVCt6itIVS-j326hAiqqU05GKdT5nt7NrZAgujoC_HrAhpsbp39KGLbkkgesDBAFuiIg%26cry%3D1%26dbm_d%3DAKAmf-A2saHdTf6E4-N0n6WDEuECFXynabkVAjhtrSuRC5vw2zpNURsZpHgdA6ZohaqscMuhsupzEhSBRyn2mYbSO0VQkjUPBUGiu44H_9_yswiPazFIvqZ2lTghX_wbqHeTPYijveE1Oht4a0QAZCJ-eNVINXG7SgHbajuY2HoX-OB0Gf0ARrq539_wDEWVvEv1-0m-SSH7AhXnR5MxyVZYTVtuK0Ga7EFH18nOc3n923z5e_rnpRSR5Cp_2QsCSAENfswZI5Os74zBLL-cgbrkVsZmXR4o2GOTZeaMnWElQYhuDUhtfohm_HjcuVxfYBlrav3Uh9nVHAK0D2PUvBgnvqnc4fuS-q5kM5Q7VDk4G8EldTBKX8PtDg0wMASCiNppvzON7a9HK-dbi_fKjILzTAijNpAL4PqJdBAxrkZ67adEQU4fK8LzUdGcwNIuyXAVQWQNg9o6%26adurl%3D&documentReferer=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fb6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fsci-hub.mksa.top&random=6400308245603&isIframe=1&container=&adPos=0x14&adPosCheck=1x15&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 20d7a22a99716ce806da96196905c4785fe30dedc66d19f76d57910be26113a0

Request headers

Host: hal900030.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=eea9ff4a2d6c3901
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/

Response headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 07 Jun 2021 19:57:14 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1827
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

cshow.php
www.zenaps.com/ Frame F67F
Redirect Chain

https://www.awin1.com/cshow.php?s=2636829&v=12846&q=389131&r=566725&pref1=41553200193780600510390011618030&pv=1
https://www.zenaps.com/cshow.php?pvr=2c868b90-c7c2-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=41553200193780600510390011618030&pv=1

43 B
704 B

204ms
93ms

Image
image/gif

104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.zenaps.com/cshow.php?pvr=2c868b90-c7c2-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=41553200193780600510390011618030&pv=1

Requested by

Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 18:57:15 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

Redirect headers

Date: Mon, 07 Jun 2021 18:57:14 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.zenaps.com/cshow.php?pvr=2c868b90-c7c2-11eb-9ae5-692d08e93505&v=12846&r=566725&q=389131&s=2636829&viewref=41553200193780600510390011618030&pv=1
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
DATA 200
OK truncated
/ Frame F67F 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6385960930ccfbb91d83a549550c5ddfba9ff29a7e5a0508e55a60548363443

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 25D1 42 B
64 B 54ms
41ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsud_k4SWrfEZFfWBmcf3eQVhZovpNYoO_D4cDsRB9jvgRiPTcezqk6d294Qz5fFYn2mYzGI8NLqAXmoOLXvas41P_exFqMY7yPIYwqQcIPLS1zh&sai=AMfl-YQmkmH6nqXhbRLnZEGhy_8VRAbUCaX3FpnUPgpSNOGbpeeXM7ttzM0F33VYIYZ50k6du84VoWRmZXENb96ArGug-1XibAQqhCvUJ7Jtn84T0sD39ZyNYVQHvO96ehE&sig=Cg0ArKJSzNcTo6By3lP5EAE&cid=CAASPeRot4vgd4HAW3WKmFvnzygAtHUC5zvfHPbek7PtAuAHI-xlb7H8i-D46RZefSI3SBXYYjynR65sXZ0NZy8&id=lidar2&mcvt=1000&p=900,315,990,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210604&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1836978441&rs=4&met=ce&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&rst=1623092233693&dlt=21&rpt=165&isd=0&msd=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D697 4 KB
1 KB 35ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:34:36 GMT
server: ESF
date: Mon, 07 Jun 2021 18:57:15 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 18:57:15 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D697 18 KB
17 KB 178ms
60ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55483/creativesup/Teknikproffset-SE-1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 67e9757d82f807a40f5d5083ce4298f9fdf6ab50ce13e312b5dea2c8171541d8

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 17603
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D697 13 KB
13 KB 181ms
61ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/53597/creativesup/Native1-1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: 5b5d3e87b0ed7eaf429f2503cd9ee334f7c75fad8252c8d8f5a07e95181388e8

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13535
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D697 16 KB
16 KB 187ms
63ms Image
image/png 159.69.70.9
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55313/creativesup/native_1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 159.69.70.9 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.9.70.69.159.clients.your-server.de
Software: Apache /
Resource Hash: bd7f2d470fe0485644ac6f83a76c92921a35d72a179bfccbf1689fbef8baa44e

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:15 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15842
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame D697 0
150 B 186ms
62ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=41553200193780600510390011618030&a=8586231e&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900030.redintelligence.net/request_content.php?s=41553200193780600510390011618030&a=1d959d1d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 18:57:15 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame D697 16 KB
16 KB 27ms
7ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900030.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 23:39:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
age: 587876
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
expires: Tue, 31 May 2022 23:39:19 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame D697 16 KB
16 KB 32ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900030.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 31 May 2021 23:39:18 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
age: 587877
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
expires: Tue, 31 May 2022 23:39:18 GMT

GET
H2

200

5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
static.tradetracker.net/se/material_image/35/ Frame F67F
Redirect Chain

https://ti.tradetracker.net/?c=33102&m=1783943&a=157788&r=41553200193780600510390011618030&t=html
https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png

72 KB
72 KB

20ms
20ms

Image
image/png

2600:9000:2050:b000:1a:7c92:efc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
Requested by: Host: b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
URL: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2050:b000:1a:7c92:efc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:56:23 GMT
via: 1.1 d78805a0dcdbb4f0c955095c7c1a0fb6.cloudfront.net (CloudFront)
last-modified: Tue, 01 Sep 2020 12:05:20 GMT
server: nginx
age: 258
etag: "5f4e3900-11e3e"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: BUD50-C1
accept-ranges: bytes
content-length: 73278
x-amz-cf-id: l4Vya9AXkc7wJM-UL2SLgYqU9SqBYIV6XvRVpuWh2yRdWoPg-r7BSg==

Redirect headers

date: Mon, 07 Jun 2021 18:57:15 GMT
server: nginx
x-powered-by: PHP/7.1.33-24+ubuntu18.04.1+deb.sury.org+1
p3p: CP="ALL PUR DSP CUR ADMi DEVi CONi OUR COR IND", policyref="https://ti.tradetracker.net/public/w3c/p3p.xml"
location: https://static.tradetracker.net/se/material_image/35/5a0f5218ee2dad558ebed56f97a5bb2b45316d.png
cache-control: no-cache, must-revalidate
content-type: text/html; charset=utf-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_oe=ChMIkcuf4JmG8QIV6oaDBx2SpQsBEAAYACDHg4ZIQhMIwfT935mG8QIVdFblCh35kwB_;met=1;&timestamp=1623092244313;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 25D1 42 B
251 B 88ms
87ms Image
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIkcuf4JmG8QIV6oaDBx2SpQsBEAAYACDHg4ZIQhMIwfT935mG8QIVdFblCh35kwB_;met=1;&timestamp=1623092244313;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 18:57:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mksa.top/	1970-01-19 18:52:58	Name: _gid Value: GA1.2.658246857.1623092233
.mksa.top/	1970-01-19 18:51:32	Name: _gat_gtag_UA_193456449_1 Value: 1
.mksa.top/	1970-01-20 12:22:44	Name: _ga Value: GA1.2.1583700586.1623092233

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
adservice.google.com
adservice.google.se
b6b448441250850e2ac992fba380aa12.safeframe.googlesyndication.com
cm.g.doubleclick.net
code.createjs.com
counter.yadro.ru
dmg.digitaltarget.ru
dsum-sec.casalemedia.com
fnc.rt.ru
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900030.redintelligence.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
optinder.com
p1.ntvk1.ru
pagead2.googlesyndication.com
s0.2mdn.net
sci-hub.mksa.top
securepubads.g.doubleclick.net
share.pluso.ru
static.tradetracker.net
stats.g.doubleclick.net
tag.digitaltarget.ru
ti.tradetracker.net
tpc.googlesyndication.com
ut9.rktch.com
vk.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.zenaps.com
img.sci-hub.shop
104.111.239.217
108.128.9.52
136.243.149.243
142.250.181.226
142.250.185.162
142.250.185.226
159.69.70.9
185.15.175.131
185.15.175.137
185.15.175.157
185.33.223.178
2.18.234.21
2600:9000:2050:b000:1a:7c92:efc0:93a1
2606:4700:3033::6815:35c2
2606:4700:3034::6815:9e6
2606:4700:3036::6815:15dc
2a00:1450:4001:802::2006
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:4001:831::200e
2a00:1450:400c:c07::9b
2a02:26f0:6c00::210:ba18
2a02:6ea0:c700::3
31.131.252.90
31.131.252.94
87.240.190.67
88.212.201.198
89.108.97.2
026d14fce3742ffee1d7b5e7014d6a324f0a01512cfcae4e62f1b7a37c930ae5
031de2ba14934fe6c993c486fe0a30a18a8fc69066cf1efbcc4162adf6f32edc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1bc3b38eb7bc79fcfc4b432ff72a486b5b39ae7a934f898dd803ed7cd5cbbcf6
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
20d7a22a99716ce806da96196905c4785fe30dedc66d19f76d57910be26113a0
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
288f23118b902dea7eec0280385ae7c5d971218e3d257e3a28f7a03989ee152a
2b48111477d715e7b5f7680ad5fb0bd9417445b78b863594dd6bab5b50fb1c0a
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3216ef1b9e7e4bc6e627f6813ae735c4b5c3fc9a2491b0f7c26c69ca26aaa0a2
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
4227199aadb66477eeda5d0cfb8514978a0e43a3ead42ddcb139e4e1ce29d697
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4779e8fe52dfb5587279ad15977ded12447085d94c6b2cdb7fc1e2bea0f3874d
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
5793d110bf1958d3744be8d2dfb9b83e056bd01d7162813bf63aa6483c08bdc7
59aad03e2d3404d92ba396e826636c2859210fa7db2a7710cd291313c97116c3
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5abae6dce2107a48f5179acfcea9741cf0b5925a19aca47f1389618d40725467
5b02d4c3687457ff762f830bbe51f5897b428906bf57f0aa15f185d5024c0f91
5b5d3e87b0ed7eaf429f2503cd9ee334f7c75fad8252c8d8f5a07e95181388e8
64fce9d17c5101524a6ee73191a1c97a2e47ddc83aed06b5bd22d5c898efd52b
67e9757d82f807a40f5d5083ce4298f9fdf6ab50ce13e312b5dea2c8171541d8
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d33ce6ac84e10177e75fd86427eee28779321f1152efa1fa10312c528f5824e
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
7c2c177ebdd51b8307397a23f48b86a268a4cebf16927781c2dbae1f6d23868a
7dbf97b6099ff5065e80e953b6dbabcf5414f25a93a6a44fde07059a0a962dce
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
819a84dfb7bf1f9d3f26937c5b579852aba8195de98ccacb9cf3722562622996
84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab
84f35581e15993da7bdd7c27c722cf44e985f9be89f2f17f991925b110a5920d
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a19047bcd78489751c2b002a69dea8bb9320c2cabc479e71a7b929ad80f56863
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
a8a4f8c0b1171203ab4a51169be29fec9eeac0bb0b94794cfb7b6af992c69482
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
ab3c091c2540eb67c2a574645cd49a8f6be37c6598eb9a1b1478924acc3806dd
acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1d46d4322013ba1805b8b6dc3c7ce459c51ef7f202999f21304d9a5b5c7d09f
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bafd0348b39274c3ef4da62d6b36a07fee7758dd97f3d6c2f16b6d24a6712bea
bd7f2d470fe0485644ac6f83a76c92921a35d72a179bfccbf1689fbef8baa44e
bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a
bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c70ebf883e629d2d0011893d6c1d2e42ff832f681493495b5d1f8ccbf6f05ef1
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
cae39b858a82013e7f07d26dd6675aff60f2f8e8cb01efa44f134a29344ed596
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d6385960930ccfbb91d83a549550c5ddfba9ff29a7e5a0508e55a60548363443
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
ddbf8e3f69236abf4ff1c752de2d95d4133eb7122c51402f3e8879c4a633743b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee362599ddb7ce1c32f8173e1d2255cda3d6ae960afa16d71a6bd617f2154aa6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f232aa2f117eb04ac54ab9a5cd04823573edbd473cfa6d41e8e9b4a32d9973dd
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f57092bb84b3b7ab8ca3766e0f5b873b5307847ee1b9084e9c858bdd6e2b636c
f72c3857fdbaa22f4f40a1bc54c6fe1bb33d94d33d45abc2d912c5a72ef10c82
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

127 Requests

97 %HTTPS

53 %IPv6

28 Domains

39 Subdomains

35 IPs

6 Countries

1520 kBTransfer

2879 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

127 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3033::6815:35c2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

127
Requests

97 %
HTTPS

53 %
IPv6

28
Domains

39
Subdomains

35
IPs

6
Countries

1520 kB
Transfer

2879 kB
Size

3
Cookies

127 HTTP transactions
2 data transactions