sci-hub.mksa.top Open in urlscan Pro
2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On June 07 via api (June 7th 2021, 7:33:20 pm UTC) from NL

Summary HTTP 113 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 34 IPs in 5 countries across 27 domains to perform 113 HTTP transactions. The main IP is 2606:4700:3031::ac43:d9f7, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 3rd 2021. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3031::ac43:d9f7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3034::6815:9e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
4	31.131.252.91 31.131.252.91	50340 (SELECTEL-MSK) (SELECTEL-MSK)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
3	31.131.252.94 31.131.252.94	49505 (SELECTEL) (SELECTEL)
3	185.15.175.130 185.15.175.130	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1 1	2a02:6ea0:c70... 2a02:6ea0:c700::11	60068 (CDN77 (^_^)/) (CDN77 (^_^)/)
1	2606:4700:303... 2606:4700:3036::6815:15dc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	89.108.97.2 89.108.97.2	197695 (AS-REG) (AS-REG)
5 7	185.15.175.145 185.15.175.145	43226 (SAFEDATA ...) (SAFEDATA Uplinks)
1	87.240.190.72 87.240.190.72	47541 (VKONTAKTE...) (VKONTAKTE-SPB-AS http://vk.com)
5 5	31.172.81.159 31.172.81.159	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	31.172.81.158 31.172.81.158	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
5 6	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 2	2a02:6b8::90 2a02:6b8::90	13238 (YANDEX) (YANDEX)
5	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.221.91 185.33.221.91	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	130.211.47.109 130.211.47.109	15169 (GOOGLE) (GOOGLE)
3	34.107.167.126 34.107.167.126	15169 (GOOGLE) (GOOGLE)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
113	34

2 2606:4700:3031::ac43:d9f7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3034::6815:9e6 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.131.252.91 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.131.252.94 (Russian Federation)

ASN49505 (SELECTEL, RU)

kitbit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.15.175.130 (Russian Federation)

ASN43226 (SAFEDATA Uplinks, RU)

tag.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::11 (Frankfurt am Main, Germany) 1 redirects

ASN60068 (CDN77 (^_^)/, GB)

p1.ntvk1.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:15dc (United States)

ASN13335 (CLOUDFLARENET, US)

optinder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.108.97.2 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: d50603.reg.regrucolo.ru

ut9.rktch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.15.175.145 (Russian Federation) 5 redirects

ASN43226 (SAFEDATA Uplinks, RU)

dmg.digitaltarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.240.190.72 (Russian Federation)

ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU)

vk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 31.172.81.159 (Germany) 5 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.172.81.158 (Germany) 2 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.adsniper.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.184.194 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8::90 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.91 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.47.109 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

nxtck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.167.126 (Kansas City, United States)

ASN15169 (GOOGLE, US)

cdn-ssl-as.nxtck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	googlesyndication.com 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	99 KB
21	sci-hub.shop img.sci-hub.shop	576 KB
20	doubleclick.net 5 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	181 KB
10	2mdn.net s0.2mdn.net	79 KB
10	digitaltarget.ru 5 redirects tag.digitaltarget.ru dmg.digitaltarget.ru	24 KB
5	nxtck.com 1 redirects nxtck.com cdn-ssl-as.nxtck.com	14 KB
5	googletagservices.com www.googletagservices.com	121 KB
5	ampproject.org cdn.ampproject.org	101 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	bumlam.com 4 redirects sync.bumlam.com	2 KB
4	pluso.ru share.pluso.ru	27 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	google.com 1 redirects www.google.com	551 B
3	kitbit.net kitbit.net	2 KB
2	gstatic.com fonts.gstatic.com	42 KB
2	yandex.ru 1 redirects an.yandex.ru	671 B
2	adsniper.ru 2 redirects sync3.adsniper.ru	1 KB
2	yadro.ru 1 redirects counter.yadro.ru	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
2	mksa.top 1 redirects sci-hub.mksa.top	7 KB
1	googleapis.com fonts.googleapis.com	578 B
1	sniperlog.ru 1 redirects sync3.sniperlog.ru	305 B
1	vk.com vk.com	446 B
1	rktch.com ut9.rktch.com	88 B
1	optinder.com optinder.com	565 B
1	ntvk1.ru 1 redirects p1.ntvk1.ru	381 B
1	googletagmanager.com www.googletagmanager.com	35 KB
113	27

	Domain	Requested by
21	img.sci-hub.shop	sci-hub.mksa.top
10	s0.2mdn.net	ad.doubleclick.net s0.2mdn.net
10	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com sci-hub.mksa.top ad.doubleclick.net 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
10	tpc.googlesyndication.com	sci-hub.mksa.top securepubads.g.doubleclick.net tpc.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net
7	dmg.digitaltarget.ru	5 redirects
7	securepubads.g.doubleclick.net	sci-hub.mksa.top securepubads.g.doubleclick.net
6	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	securepubads.g.doubleclick.net sci-hub.mksa.top nxtck.com www.googletagservices.com s0.2mdn.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	sync.bumlam.com	4 redirects
4	share.pluso.ru	img.sci-hub.shop sci-hub.mksa.top
3	cdn-ssl-as.nxtck.com	nxtck.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	googleads.g.doubleclick.net	sci-hub.mksa.top
3	www.google.com	1 redirects sci-hub.mksa.top tpc.googlesyndication.com
3	tag.digitaltarget.ru	kitbit.net tag.digitaltarget.ru
3	kitbit.net	img.sci-hub.shop kitbit.net
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	nxtck.com	1 redirects 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	an.yandex.ru	1 redirects
2	sync3.adsniper.ru	2 redirects
2	counter.yadro.ru	1 redirects
2	9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	sci-hub.mksa.top	1 redirects
1	ade.googlesyndication.com
1	ad.doubleclick.net	www.googletagservices.com
1	fonts.googleapis.com	securepubads.g.doubleclick.net
1	sync3.sniperlog.ru	1 redirects
1	vk.com
1	ut9.rktch.com
1	optinder.com
1	p1.ntvk1.ru	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googletagmanager.com	sci-hub.mksa.top
113	37

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2021-03-03` - `2022-03-02`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
counter.yadro.ru R3	`2021-05-29` - `2021-08-27`	3 months	crt.sh
*.kitbit.net Let's Encrypt Authority X3	`2018-11-05` - `2019-02-03`	3 months	crt.sh
tag.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-06` - `2021-07-06`	a year	crt.sh
ut9.rktch.com R3	`2021-04-19` - `2021-07-18`	3 months	crt.sh
dmg.digitaltarget.ru R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.vk.com GlobalSign Organization Validation CA - SHA256 - G2	`2020-06-09` - `2022-06-10`	2 years	crt.sh
bs.yandex.ru Yandex CA	`2020-12-17` - `2021-06-17`	6 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.nxtck.com Thawte RSA CA 2018	`2020-11-05` - `2021-11-07`	a year	crt.sh
cdn-raw.nxtck.com GTS CA 1D4	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 55CB24069BF1792E203CC34C028AA208
Requests: 55 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs
Frame ID: 05C985F79BBDFFCFE84BAA2CDFD9C809
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 98AC5B99F166524B72652FD826119E2B
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 898BE992DA495CC7544E40F1868E345B
Requests: 1 HTTP requests in this frame

Frame: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E0814F6D8DBA617D41F23152DF806212
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok
Frame ID: 6F21842AFF5BA22C5A68E8E4D2F160F1
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CP8OVsHqfJZ05GKDVfj5Dy7MXV7QlPQVntG9eoT6gOhgAT1F-jbEVvnGEnFv2REE4Do774YHLkTrvUfc30BDS7K2V1U6Sl5IhRarWG_BesgbDjJ9C4pBwfUIGwYg2BEv0Iqw8Sgs7qGY3Xoj1QXImgpYhcrw&dbm_d=AKAmf-AWWUmqs12PtxQ1D6k_v_PejDo61Ctth4gOoXsGpW9sUaDX6TMg3UillimeOCSoiopFKDcLCADmAqyGUCziG4lOkgifgiltFhDXb003-XdXvWkYfHcKMuBZHyAZ8KEH4R2tUSv5qD2_P16BcFyT3KCsFQY9Z3Qrc3Zm5Asx8jnIx3H_eK80T1D7cFD5HqlTOgeI_cyyrkUBfUb9sCVDX7sXqZjrvW1qGJ83YqfZIW1Jjm31Alnk9nMZ4bIkvPdFS5sczcX_uzo5fqGFTkLP9h4MZBhXrq8ERp9Mk1nPTst4aVAIM3XRkXIPnr_X-CfTkxGAfSsyV-0hF68WgyGbKeuWSFWjEQUq_kpSvXoXiF1uBk4UzAhFk-ZWAYyovhAGSVzqFp3foGa0f6mMgIsbjEmFYjeqM3wHE_4J9tB-cAD-fNLwyS50CgjRHMYxhTqTH9cSkO2KEL_0y5KIfTUiru_fsxun3whCTvOdcsU4PQNpGKuRpiL0lYmqEl887QlV6f-Xvnw84gyfxxXTTK50pNSrmJ_feosRh0k5bxvOEOXGJwIjp3VzxxUKpHjzzfeKXC3no9WIptdpTvblixL-7y0IR-PvS7i-fuFQTw8sh-Vx9F3M6XAB2tvdz2Fs2Mc7ig9hmqqskOF3GB7aaVRhJYMHwbvFbLsu7ptnxOEzZcqHXXsDhx6YescHCnqDgozdwqtv7g0y-P8UPeOXil9WIWItXWuzd_TPUi6uCj5ynwRvAledIUY4Bjx-_y7ZTGnpIS3kng0i_Mk27slaForyWuS_7a0nQ63NJ188yabemyQJfl_JhPwI25dkqfsRJktXXd2s9TWu_g0NFTAaFFc6j1SlxAqOnRxSVOWSJX5LRr5Y-HIY5wCXzdEtUXECN2oVDL7Op5z2ByLP-q7aozHsrblFL6ubbIpGJ0pzHLNG8kNu90BcA-9p0zSPrcywur5AQsxZ5VVTFBRwh6-zEMpFHc-NYAhkJVN1uQHqUCX94CYcGrfHvniefDmwpHaM3EP0fWjss2fliN7dCytj0CLednSIPCG-y3SHEm9Z2ZEXidouulLCF_GAqgTV_bo37t-tjNGYXa6NUBIaWPi6xttw6tHN3A8klOzRMbpNoDdpDAbZPlusjJHnp5maitLA6ooJqH5UxZriQUqc-dMSdjKrVY2hSsTwYvnM2rWCrN5MJ10y4TLYHtXlqQOD1AzhTGQwKwHSr-U5T1wTbUl8Ul2thXQWrWY0i2BdiTBRE4oc2Xn7dKw3Z0mZRfth7Zxyx1kW--86gEZLkukkKRccxzYDcxDKUJgfH2_gH6NETnVA9NZrGhWc2GkRhvTj4mkQ0DDM0nkRZHV-yb-wM2TbDw8w-cotvgiGSnmVbNqCn_KRVd3HEUU-fvqeYrm-KrxB5C3HozMIFC7XENiMyGsa6sFb-gUbG3UfsFT6B49y6riNENl2lEr-_aLS9BHCKgXGf4laYyKtBB-wE9J7W16V0eqOVFdx8WNouwnw8JMUadXK_Z23g77qLhQqr7LPyRO_hWSgtHz2NI47DpNCi9KtOAqgxNSmf2zMFw8l4KSrwLjC8Ndik_urkaz7o3VHSq6OgdEvn3K2FsFUJXrGjEb4xlsajXC6uCez2TL5bDDFPCjvJDYkALZZpnwaps5J3pyMKcfl7W6jXpVKaGP1flCol80GYsxqWQDeO24qivs3KbVjU1ra14NGC1HRyJu6d2xR-303flFXo43EGxlBaJblb55u1wrX7FaJWgp_BVCuwSvVzlZlJbGWXJEivpewNV3XIe_-9hYNqyFaMQPjgMZNRvw_i5jdVXNFGA-RWOtN5GBYquUjQQ7D30JPKZOdTgSDC-NqGjIY0FQ9rllFanzSzphbzoe0KidR--VyH0wa_lx2eNQhFFhUXRDqRSd78zsEDhy9-4ZUn51U7wKbWKQWRgdo6lElIt0VefZcn8uo8r0SzARHGbRxlmwyuhSi8bUJizjJuaM7_CeP5tzh_qCFUhvhvWNzw_sXQrf2Afmn5WOWmvkHI0h3Cdi4oZ782nv3hkl6aBSZtK2_sa55mx2cG1H7No4z8gm35WGJ5rmXfvOIQ2LxjY72t3D5RA84yeT1_B-hpycT-l92Ehz84XCE3hOyYnmntAk6UGRK-CF1TVQuWhckanWwqt5N04aWNUnwZjz9mfEjnpyZVm3P7RjJLglmROKO6C_BTOSp8a3RGGuzwNLAoMT4Sgyp6AgrN-eGhFwJWY5M94Xu1ZDnK2BPaEVqfzkCdqO4obD1v7BhC9dVi3ltky2sEWWAwr26MLa5kYsYgGptntGx2PGc4t9ugcpijTW6zFK_mnUVRpirNqnJujwxb0UX9kzuOFkQXP7X24s5k70JkAMOGZaPgjSSUj_nRtCwMxGhyMwA5beFlgdOGhw4t5gPXHHPuMhE_VWi-iU9UdkpycziTqb0_Ipz1Szp1n2OSY6piAjveyylSz5nfexD-rCoOgZo3tOz_ps0fQXBfE1c3kXZDb9TdDqTT8VnCp_Zs7JjsNaprgOG7PLmOYunIN_lBnDHqrXQFi82KEY5qk-lKLQ0IJSsUrUrhtiPkLVXDx_wXNL7vjoV4lT29wKSE7bIJ4o-jt7RWedwQ2QL93N6Q0a-sOS0-Q8cdk94zwnPzAKxqoixKYDErL-7B7NL00j4mIL8CNN4epiMn6y-RbxX3QOJr5E0DlfwYPPGhBm7Ei2S0SkF_vaqoMQM1wS656u_QFJLndAkmwTQNX0mEptBLD6HK4LbekIpl3e-UeyZaC-tDhtjMN_vn2GXuYMUFJhqNvVLdcJa2hrzehhgAqwqVtTFOkV9PLn6RBe8OqNRugG6ARonC5a2pHUsYGk9GJ-l_ghbgiJaNlMmAno1w65xqk_azypC-OytHPUz8N-3ynND0i7fIQTg8hSEYbhYIfueteqO0b8uKvvXt5v3xuWtvjNvyj2SRPvXdnzsty13MsMQZPMf9YL_8HF0m9mwyP6nBfC32Sl22GolgrBIEtpeTybuCvqiM9KdqwGecZ6H1GI7tDH7bFM1sp5qQcEelklDOGgZw5E2fhCYq3FUqyZoS5s_pFbe_b9LZx2FQSf21TbMrH8TcQTKl5_oGIjl-Vm8vT_WE9lX3vzRjQV1D34l-ny-&cid=CAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240
Frame ID: C763B14C36D52374E48AF467ED9FF238
Requests: 7 HTTP requests in this frame

Frame: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
Frame ID: 0549B1076402826A88DFBCEA27623F21
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BE9B1B8888F5C32376BCF9C06491A2A5
Requests: 3 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1119185.152785NEXTPERFORMANCE/B25214695.300129124;dc_ver=75.217;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3858002728;ord=ur0iug;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D582450%26ev%3D75873%26rid%3DxaR5whJGNJHMGl2Y%26sid%3D576870572%26uuid%3De31acd1c-0998-4d09-a3a2-7a0691172020%26ecr%3D%26referer%3Dhttps%253A%252F%252F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=MMHuB_ltGd;osda=2;sttr=32;prcl=n
Frame ID: 6B708F275E8336CCC4AFCFE2EC9B66C2
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4024F0F15CCDBC1E8BC616C5E5F96154
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9693237/1617090691098/index.html
Frame ID: AE44B0A98D720260958760001BBA37DA
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery-ui.*\.js/i

Page Statistics

113
Requests

96 %
HTTPS

50 %
IPv6

27
Domains

37
Subdomains

34
IPs

5
Countries

1328 kB
Transfer

2785 kB
Size

3
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Request Chain 42

https://p1.ntvk1.ru/nps HTTP 302
https://optinder.com/cro

Request Chain 46

https://dmg.digitaltarget.ru/1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc HTTP 302
https://dmg.digitaltarget.ru/1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc&q=scc

Request Chain 48

https://dmg.digitaltarget.ru/1/1086/i/i?i=496259331352934.827582134622589&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.xps:xpstSD9p9RScmjbrmSOi4oiUF.xga:GA1_2_117819993_1623094380.xgid:GA1_2_889128395_1623094380.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=496259331352934.827582134622589&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.xps:xpstSD9p9RScmjbrmSOi4oiUF.xga:GA1_2_117819993_1623094380.xgid:GA1_2_889128395_1623094380.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_init%20adcmjs_noorient HTTP 307
https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

Request Chain 49

https://dmg.digitaltarget.ru/1/1086/i/i?i=496259331352934.278372085693219&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.xps:xpstSD9p9RScmjbrmSOi4oiUF.xga:GA1_2_117819993_1623094380.xgid:GA1_2_889128395_1623094380.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=496259331352934.278372085693219&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.xps:xpstSD9p9RScmjbrmSOi4oiUF.xga:GA1_2_117819993_1623094380.xgid:GA1_2_889128395_1623094380.dn:sci_hub__mksa__top.dn:mksa__top.adcm:hit.tg:adcmjs_noorient HTTP 307
https://sync.bumlam.com/?src=amb2&uid=aSS2GfxXM20qvWn7HJ3y HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABjz6PmFBlIF4-CkuQViFGFTUzJHZnhYTTIwcXZXbjdISjN5 HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARjz6PmFBlIF4-CkuQViFGFTUzJHZnhYTTIwcXZXbjdISjN5ogEQL3ZbRsfHEeum6QAlkMgkNw** HTTP 302
https://sync.bumlam.com/?src=amb2&s_data=CAIQABjz6PmFBmIUYVNTMkdmeFhNMjBxdlduN0hKM3miARAvdltGx8cR66bpACWQyCQ3 HTTP 302
https://sync.bumlam.com/?src=amb2&s_data=CAIQARjz6PmFBmIUYVNTMkdmeFhNMjBxdlduN0hKM3miARAvdltGx8cR66bpACWQyCQ3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm=&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_tc= HTTP 302
https://sync3.sniperlog.ru/?src=ggl&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_gid=CAESEALFoAxE93gfUS5nCCrjTtg&google_cver=1 HTTP 301
https://sync.bumlam.com/?src=ggl&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_gid=CAESEALFoAxE93gfUS5nCCrjTtg&google_cver=1 HTTP 302
https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?sign=1589973058 HTTP 302
https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?redir-setuniq=1&sign=1589973058

Request Chain 64

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 78

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1

Request Chain 79

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL50bU8uSMvUlmBj9-QfLAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1

Request Chain 80

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIuF8-e4cOUBYhFCAxrnT8A&google_cver=1

Request Chain 81

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU0NzM3Njc0MDQ0MDk4OTA5NA%3D%3D

Request Chain 83

https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D HTTP 302
https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1

113 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

29 KB
6 KB

563ms
533ms

Document
text/html

2606:4700:3031::ac43:d9f7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:d9f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab

Request headers

:method: GET
:authority: sci-hub.mksa.top
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding Accept-Encoding
expires: Tue, 08 Jun 2021 07:32:59 GMT
cache-control: max-age=43200 no-cache
x-cache: MISS MISS
cf-cache-status: DYNAMIC
cf-request-id: 0a898fdb4100002bf2bebf8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hGtXsgtV0lf5Erthqllp7R1vFSX4R374nrqj%2FZzNU65rrCqDC0eWCLeMAnr0ceB910IjDD7yad%2FqFWgB%2BflqIoi0vfShEvagFAE%2BExzuF6rffJpUqTpXHHKDJ2LCRpeFd6A%2FUqncWIbc1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65bc4f3ecf592bf2-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

Date: Mon, 07 Jun 2021 19:32:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 07 Jun 2021 20:32:59 GMT
Location: https://sci-hub.mksa.top/
cf-request-id: 0a898fdb0b00004e4465a52000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ymcYbsXkrY1UJ2XPH8pVKWAQDjvnDq7PX6Tzr2sa%2FR1QUSH%2F9AWHneI3U1lqaL%2BBKjlr%2B25MCAb1Izyigp1yXL6e4GFaOHnEmMq2Toa6sOLnj8BE%2BKABRTqqmnn4FA%2FL5ds%2FYJgaTTwocA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 65bc4f3e7da74e44-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
29 KB 45ms
24ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a898fdd6f0000c2f96c25d000000001
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
etag: W/"5c00bb7c-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=CngSUA578sFl7ZE3AJfhx1U3vwvJ0dxFMKygyK8RzzhsxqqpsXF5UYYupiv23kmH1%2F7JegJEXhunhEcbRqtuT%2B4fp9aPyh06wMHFRgQTmb6nD%2FaRQsjiaz5ssZA0RJsNPCyUAYEsiXdm0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc4f424b0fc2f9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
63 KB 59ms
38ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a898fdd6f0000c2f965123000000001
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
etag: W/"5c13665c-3dee4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=UBSrO8oZrFLWaYB7QlA5GbhpX04bs7b5g5tPhVqZNXlReyMENfayjgkREY3G%2FtbQ7cUcD%2B%2BkHL6MAT55P5vtvk4g%2Fh85tKj5U%2Fr0QpYrPBvlI984hk9Kft%2B%2F0LS6ftdPWHqZcicGO6E4Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc4f424b11c2f9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
22 KB 53ms
32ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a898fdd700000c2f9189c1000000001
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
etag: W/"5c00bb8c-1798d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OKqJEA0IVS7U6BJROHzoEmvpM0L2fYM5o9unq0IWQ8EtDL5VtXCUv4rSTGr66Y3AAFxxPbmEt7lipku6YDbtXrW8AltESAz3EBtQJXK0EhCYjbhNqIwOvQlNjybp6PCa8GtoPT9mlACB1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc4f424b14c2f9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 70ms
47ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 22275
cf-request-id: 0a898fddb600004e1f77006000000001
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=k9GuEo1RYTbv8IR6lv2TR3Ot5TN73xKxAwOKuUOESfVkBRWvuN1S8zvhEy8gkpAgfk9fj1pCJ50u4mX39vrHA9gpm5ddlqI7kF53E2h%2BnQnpVYJ1d4EgYES1YN%2FIpa3XcTUK09VE7W0WcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bf9c4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 98ms
79ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8428
cf-request-id: 0a898fddbb00004e1f7010e000000001
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=OPgNzyRboBtfPeTMAeaKBr9Rl3nMuEwqph%2Fa4DhfZEwhZTVEZGa4uWFErm%2BF5qrhLubd9lVGkPnILQFxiY2iO%2FiuMjwmHZcKka%2FjJB4yHaeKGoQ99AVv1Qmzx%2FMZCLn8S9Ed%2F59KtJcpdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bfa24e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 62 KB
21 KB 89ms
33ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

ed278a9d54dfbc20ad0290a87a8df475efee8bce2e04c40dbac18b8ef2118b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "896 / 675 of 1000 / last-modified: 1623064273"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21372
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 89 KB
35 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e0b6d42ec0a4e5b30e5c24a17566d60aa1c222b642d34f39a45bdf40db45e818

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35966
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:48:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 07 Jun 2021 19:32:59 GMT

GET
H3-29 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 61ms
55ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215942
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 188646
cf-request-id: 0a898fddba00004e1f65926000000001
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VDFBi8lVSSh%2FludagVFKVzil7Mdrjjn8%2F34i3ilwd9HFfpNRTiv5nnZicXq%2BKiXQia10KiVD67FFVk2V%2BkiGtS91RMUePAKm5xclnT78vlJhnrJyUCpnrc7SOhzhQpa4Ft0kaip%2FRtqlJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bf954e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 78ms
77ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215942
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 14556
cf-request-id: 0a898fddb800004e1ffb9b0000000001
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=xAaLL7D7O3wNOcl94qtBDStDdVefDtFmjJh2jTgB%2Flnq0O8C6O7doCt9bIzLrlygTezmNgx3%2B%2BelQs185ab1jx3Fnnz7%2BRo3eBwdmKzTtzzPK%2FIdX7McQZ1ahVqr6s7ke4sIu0sYg3m9zA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bfb24e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 80ms
79ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215942
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 60144
cf-request-id: 0a898fddba00004e1f29b0b000000001
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Qf0gi7b%2F%2Fvmoa46baj%2BhKvdSZ%2FNMPS7uffOQO6JDrSCP0NT0Rmef7%2Fe%2Fw0%2BzMLTqjlw%2BJEjTOwjIAkVhqeq%2BJHhtkIlOJf7Ae71gW7M56cJ6T9%2BuQnx%2BCUKc4oAuOh02p%2FlAKCTdyS33NA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bfb74e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 82ms
80ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215942
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 55605
cf-request-id: 0a898fddb900004e1f40bf4000000001
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=65zM8n%2FVqsHUho855PWCYWILnzobMHrI9sHOCOv3WBlDJ5yGoVl2sTTK0mlur9qfQvWQE8WqmNtTSh0%2F9CyWP5APnGvGAXTQS4a3uiGM0rEVjfH%2FhKx0v4acwrkDgwDDh1KEXY7%2Fce7GfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bfbd4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 86ms
84ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:32:59 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215942
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3361
cf-request-id: 0a898fddba00004e1f5f14a000000001
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=SCahQ8dyOXsjvAIkLX1AovmYlefOdSpOpuLFssdQDTG%2BQ6MNTCR7rnDH2y9Fr6qecQAJAaY2%2FpBBd3%2BDeXJa9scVL8CfWTHizWgWo18RimPyE%2FlryEnhKg3XPMQpsqGQjJfxPnMQtdmMNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42bfc44e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3-29 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1068
cf-request-id: 0a898fdddd00004e1f7700d000000001
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Q00O6fE8CzD1jrUi5Rmk%2BZRvcGpVw2H5VqE%2BW5V9IcCUrDUjCP42gvwWyVEfnuUcVCf8Zk3II0qSwkjsopmcqFmf5TJY2dWIO4%2FBDF3%2BVhv45A6iCfSp%2FH%2BhEHehnum4ifEcMIZPuCZqQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8a84e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1087
cf-request-id: 0a898fddde00004e1f682cf000000001
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=G%2BGTh%2Fesj9uIN64YACxPn%2FYXXOZglf%2BcRDQRRVy7m%2FiLX50SUNWKNLcBlA81l%2Fn%2FHEq95bXoi9lMitIANvSkqEI14BFYB8PDxudIJwMB%2FWfYLpy3mowTQFi%2BemsUpbLjd2PBodVL34h6lA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8aa4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1637
cf-request-id: 0a898fdddf00004e1f70116000000001
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mYDi2F6L99LKZ%2Fp%2Fmb3DO3l2ni%2Ba%2BxhJ2kuMrRCLo0LrF7XdvsybooEkwWb5SWpEaIVD3FNDWMy%2BROmy41Myh8w631srCKWVsFC2hJfvRKJoqJihP79p2napkg%2FBghh6sZZTkqT55NCOjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8ae4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 49ms
47ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3907
cf-request-id: 0a898fdddf00004e1f62309000000001
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2Jfmx6iNqdV%2BJyXLIK6NOvjpEQR5iRjtM1pDbFYR2T4NwApUtP04yfCbpW8PBwDIanf%2B4fo%2FHIZoqQElbBmsob8KzyU7B5YzxB%2Fh562%2BGiHla6iYNmIdYVxG%2B7zlcFS1r%2FJadcVosYGYHg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8b14e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 49ms
47ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4278
cf-request-id: 0a898fdde000004e1f17385000000001
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=p2g%2FsBS6azFJPXDsOfMx9%2FWXrgetORY%2FeHMrbC9EFnR9mTn6JrJAbRem0hqJWFB0L40Ba1JTDKkMOcR9n6jNASZkndGMuFxyQoY8oZ0%2FpmSEXATo8ato8gIV6ZIree1B6bXXpYPd%2Buh6KA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8b34e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 49ms
48ms Image
image/jpeg 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51212
cf-request-id: 0a898fdde400004e1f3304c000000001
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qZ0sUEk5lJvl3ec6HLuwUYcCx%2FPIkmj7IufGb0BHfd4i8F%2F5wE%2BzbgbyYOalDcGyc0moKff3Cke4BOIYxQci1oYTNf9aPITlSB6m0Zs3CIKSfaOccNivPmTAhFW2jd93KT4jU1G%2BzUvYdw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8b94e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6197
cf-request-id: 0a898fdde100004e1f24345000000001
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=D87Yi490%2F4k8GW6UmkQzj86oRxOoWau1PJmli2Z89N9BJQwlMBLClBW%2FIOS32Jk5Mfxd%2BxK8qxrQXf3tCeDeT8ka9ZeISr3ptOjfyNxkaiqNWyztiXzrtNaBKrBg2BaiO6uP7GqI8r7UXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8bc4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 49ms
48ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 17834
cf-request-id: 0a898fdde200004e1f36a7a000000001
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NwAeSUpa3p8roqMzhJV%2BWeD340m0JMR90Uugm3Z1hDfV%2Ft17P%2Fy3PjSOX9jZoPnjPFe46g%2Bz5uXBVHUOKvyvPq%2BbdXCqt65%2BvNx85i%2FtIc%2BvObchTX3ubJqCdt4VZ1Kyr5sRessNhHLVcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8c14e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 51ms
50ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 5751
cf-request-id: 0a898fdde200004e1f5f151000000001
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KiP1cVEsjcJjCpyV7akEmIsCjTlZ%2FXG6mpoow5Uz6bhNMcaAPQ0QSmw7FUf4aa3tb5yIo2zFlr%2FFd16wIqrXaVsMOyZ3kdzsZRuyrwN0LPF4nlOXuZYdv4LNL2vPQvd4gf75eqd%2BqsW3KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8c74e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 52ms
51ms Image
image/png 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 4152
cf-request-id: 0a898fdde300004e1f6592c000000001
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Zr4509kJoHzZdjyAZ2ug5qGw4l9%2BFm7jEHVAhfkadBXrWF8VqWKtcyLdZL5%2FYXNZkbx8n7AA5NS%2FTaKMKHwoaUrCY5SLatm4ciAezsEi5vbMH9S%2BKHkwsNrAfCtvuxHwaFkRQJfxGbb1%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 65bc4f42f8cc4e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3-29 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
12 KB 37ms
37ms Script
application/javascript 2606:4700:3034::6815:9e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3034::6815:9e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 215943
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a898fdded00004e1f6230a000000001
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
etag: W/"5c00bef8-a5cc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rSK1wVp9n0LK4Rd8Zx079kMNcIopyO3Byc5OL4OrMIdRTaWEAiHtbHu0Q7pJSS68B0Z3C6Ww4hCF%2BbzLfwIoEqReTc0NT7r8XV42nnXyDJwuuPGJrqD4jbxtnSlnEk0YIetqZmfiXGympQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
cf-ray: 65bc4f4319154e1f-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-193456449-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 1297
date: Mon, 07 Jun 2021 19:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Mon, 07 Jun 2021 21:11:23 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
13ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1693199789&t=pageview&_s=1&dl=https%3A%2F%2Fsci-hub.mksa.top%2F&ul=en-us&de=UTF-8&dt=Sci-Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1745921639&gjid=1225340555&cid=117819993.1623094380&tid=UA-193456449-1&_gid=889128395.1623094380&_r=1&gtm=2ou621&z=1137177486

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:00 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pubads_impl_2021052601.js Show response
securepubads.g.doubleclick.net/gpt/ 311 KB
109 KB 63ms
32ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 26 May 2021 08:37:30 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111649
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
87 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c04::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-193456449-1&cid=117819993.1623094380&jid=1745921639&gjid=1225340555&_gid=889128395.1623094380&_u=YEBAAUAAAAAAAC~&z=377642607

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c04::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 07 Jun 2021 19:33:00 GMT
content-type: text/plain
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 47 KB
12 KB 588ms
588ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1204855662230895&correlator=721272949072587&output=ldjh&impl=fifs&eid=31060438%2C31060790%2C31061224%2C31061329&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C970X90-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&cookie_enabled=1&bc=31&abxe=1&lmt=1623094380&dt=1623094380285&dlt=1623094379860&idt=400&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=900&adks=1836978441&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0&msz=970x-1&ga_vid=117819993.1623094380&ga_sid=1623094380&ga_hid=1693199789&ga_fc=false&fws=0&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

40e3c69523b089d3b6ab2d730e6104565b7c2785ec047d2557744c7b02b31415

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11822
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 51ms
15ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
9 KB 912ms
912ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1204855662230895&correlator=721272949072587&output=ldjh&impl=fifs&eid=31060438%2C31060790%2C31061224%2C31061329&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2C336X280-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=336x280&cookie_enabled=1&bc=31&abxe=1&lmt=1623094380&dt=1623094380290&dlt=1623094379860&idt=400&frm=20&biw=1600&bih=1200&oid=3&adxs=632&adys=1552&adks=2992418410&ucis=2&ifi=2&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=528x334&msz=336x-1&ga_vid=117819993.1623094380&ga_sid=1623094380&ga_hid=1693199789&ga_fc=false&fws=0&ohw=0&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

f017fef39ea0471bbe4f0d4e1a98729c07a73a2daf2cd394f97fcc708cd850ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8773
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 472 B
283 B 1078ms
1078ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1204855662230895&correlator=721272949072587&output=ldjh&impl=fifs&eid=31060438%2C31060790%2C31061224%2C31061329&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623094380&dt=1623094380292&dlt=1623094379860&idt=400&frm=20&biw=1600&bih=1200&oid=3&adxs=426&adys=2192&adks=1528813087&ucis=3&ifi=3&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=117819993.1623094380&ga_sid=1623094380&ga_hid=1693199789&ga_fc=false&fws=0&ohw=0&btvi=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

83048dcaa947f41bdd4f947cb600838714aa598f230e16bad6778c43aed33c30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 477 B
288 B 1295ms
1294ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1204855662230895&correlator=721272949072587&output=ldjh&impl=fifs&eid=31060438%2C31060790%2C31061224%2C31061329&vrg=2021052601&ptt=17&sc=1&sfv=1-0-38&ecs=20210607&iu_parts=22149012983%2Cycykh-ndd%2Czsy-youtu01-sci-hub.mksa-ndd-ycykh&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50&fluid=height&cookie_enabled=1&bc=31&abxe=1&lmt=1623094380&dt=1623094380294&dlt=1623094379860&idt=400&frm=20&biw=1600&bih=1200&oid=3&adxs=430&adys=2192&adks=3809152490&ucis=4&ifi=4&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=748x120&msz=0x0&ga_vid=117819993.1623094380&ga_sid=1623094380&ga_hid=1693199789&ga_fc=false&fws=0&ohw=0&btvi=3&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

967ded0d130284e1ff29e436c09b00353a665be569ba07b4b3895cf67a3189a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 258
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://sci-hub.mksa.top
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 256ms
64ms Script
application/javascript 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=9S0ZpBcGIpcdHkhn&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 10 Jun 2021 19:33:00 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 119 B
590 B 263ms
71ms Script
application/javascript 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=p9pruLGao1RxsvwQ

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 10 Jun 2021 19:33:00 GMT

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
496 B

70ms
69ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:00 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 06 Jun 2020 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:00 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 06 Jun 2020 21:00:00 GMT

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 302ms
108ms Image
image/png 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 262ms
66ms Image
image/png 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK kb.js Show response
kitbit.net/ 1 KB
2 KB 187ms
61ms Script
application/javascript 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/kb.js

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

5920c7fd52c5ba4ced039fab3123a567c3e5e81a537477d3ee8f9decbd61714f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:31:27 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+dA+EggssTNEaAg==
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=21600, private
Connection: keep-alive
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Expires: Tue, 08 Jun 2021 01:31:27 GMT

GET
H/1.1 200
OK adcm.js Show response
tag.digitaltarget.ru/ 3 KB
3 KB 187ms
62ms Script
application/javascript 185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/adcm.js
Requested by: Host: kitbit.net
URL: https://kitbit.net/kb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Last-Modified: Thu, 13 May 2021 10:40:41 GMT
Server: nginx
ETag: "609d0229-c11"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3089

GET
H/1.1 200
OK s.js Show response
kitbit.net/ 1 B
303 B 68ms
68ms Script
application/javascript 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to

Full URL

https://kitbit.net/s.js?u=https%3A%2F%2Fsci-hub.mksa.top%2F

Requested by

Host: kitbit.net
URL: https://kitbit.net/kb.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:31:27 GMT
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 19:31:26 GMT

GET
H/1.1 200
OK h.gif
kitbit.net/ 43 B
537 B 138ms
69ms Image
image/gif 31.131.252.94
SELECTEL

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kitbit.net/h.gif?r=&s=1600*1200*24&u=https%3A//sci-hub.mksa.top/&h=Sci-Hub%26kbuid%3D5EFC831F0F74BE602C0B8284021AD14C

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.94 , Russian Federation, ASN49505 (SELECTEL, RU),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:31:27 GMT
X-Content-Type-Options: nosniff
Server: nginx
ETag: H4P8XmC+dA+EggssTNEcAg==
P3P: CP="NOI DSP COR NID CUR PSA OUR NOR"
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 1; mode=block
Expires: Mon, 07 Jun 2021 19:31:27 GMT

GET
H2

200

cro
optinder.com/
Redirect Chain

https://p1.ntvk1.ru/nps
https://optinder.com/cro

0
565 B

46ms
30ms

Image
application/octet-stream

2606:4700:3036::6815:15dc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optinder.com/cro
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:15dc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:00 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=e28gXZSAWGAxqtviovzmtPERkWnwfnZ018afY3TM2FJ%2BLOF83HRpY6GV33Ehinf%2B9l%2F%2FF0N%2BY54SAwxKnQmDj3%2Bs73TRO2IyysyRZNUUq%2Fd1OmgQpruzadAMfdCuBIMakw%2FYg17O"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cf-ray: 65bc4f46ca579736-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
cf-request-id: 0a898fe03e0000973692154000000001

Redirect headers

x-77-nzt: AcO1rgXbBaqB
date: Mon, 07 Jun 2021 19:33:00 GMT
last-modified: Mon, 07 Jun 2021 19:32:59 GMT
server: CDN77-Turbo
x-77-nzt-ray: 4HCGO8T0Fe4=
x-77-cache: MISS
content-type: text/html; charset=UTF-8
location: //optinder.com/cro
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
x-cache: MISS
x-77-pop: frankfurtDE
content-length: 0
x-request-id: 1231587852-3-1623094380.555
expires: Mon, 07 Jun 2021 19:32:59 GMT

GET
H/1.1 200
OK sud
ut9.rktch.com/ 88 B
88 B 193ms
65ms Image
image/png 89.108.97.2
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ut9.rktch.com/sud
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 89.108.97.2 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: d50603.reg.regrucolo.ru
Software: nginx/1.18.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Server: nginx/1.18.0
Connection: keep-alive
Content-Length: 88
Content-Type: image/png

GET
H/1.1 200
OK processor.js Show response
tag.digitaltarget.ru/ 15 KB
16 KB 110ms
110ms Script
application/javascript 185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/processor.js?i=424901067356015
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: 5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-3da5"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15781

GET
H/1.1 200
OK extension_1086.js Show response
tag.digitaltarget.ru/extensions/ 732 B
976 B 61ms
61ms Script
application/javascript 185.15.175.130
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.digitaltarget.ru/extensions/extension_1086.js?i=778485013078424
Requested by: Host: tag.digitaltarget.ru
URL: https://tag.digitaltarget.ru/adcm.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.130 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:00 GMT
Last-Modified: Thu, 13 May 2021 10:40:42 GMT
Server: nginx
ETag: "609d022a-2dc"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 732

GET
H/1.1

204
No Content

i
dmg.digitaltarget.ru/1/7200/i/
Redirect Chain

https://dmg.digitaltarget.ru/1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc
https://dmg.digitaltarget.ru/1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc&q=scc

0
398 B

65ms
65ms

Image
text/plain

185.15.175.145
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc&q=scc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.145 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:01 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

Redirect headers

Location: /1/7200/i/i?i=496259331352934.932818723460789&c=tg:adcm_pc&q=scc
Date: Mon, 07 Jun 2021 19:33:01 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: policyref="http://dmg.digitaltarget.ru/p3p.xml", CP="NON NID PSAa PSDa OUR BUS COM NAV DEM STA PRE"

GET
H/1.1 200
OK i
dmg.digitaltarget.ru/1/6534/i/ 52 B
192 B 189ms
63ms Image
image/gif 185.15.175.145
SAFEDATA Uplinks

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmg.digitaltarget.ru/1/6534/i/i?i=496259331352934.62539851479227&c=tg:adcm_pc
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.15.175.145 , Russian Federation, ASN43226 (SAFEDATA Uplinks, RU),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 07 Jun 2021 19:33:01 GMT
Server: nginx
Connection: keep-alive
Content-Length: 52
Content-Type: image/gif

GET
H2

200

rtrg
vk.com/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=496259331352934.827582134622589&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=496259331352934.827582134622589&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:d...
https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

49 B
446 B

185ms
62ms

Image
image/gif

87.240.190.72
VKONTAKTE-SPB-AS ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

87.240.190.72 , Russian Federation, ASN47541 (VKONTAKTE-SPB-AS http://vk.com, RU),

Reverse DNS

Software

kittenx / KPHP/7.4.107424

Resource Hash

2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: gzip
x-frontend: front224207
server: kittenx
x-powered-by: KPHP/7.4.107424
strict-transport-security: max-age=15768000
content-type: image/gif
access-control-expose-headers: X-Frontend
cache-control: no-store
content-length: 65

Redirect headers

Date: Mon, 07 Jun 2021 19:33:01 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Server: nginx
X-Frame-Options: DENY
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://vk.com/rtrg?p=VK-RTRG-980316-aHyIm
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: master-only
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Connection: keep-alive
Request-Time: 205
Content-Length: 0
X-Content-Type-Options: nosniff

GET
H2

404

A855F48AB7A45ED
an.yandex.ru/setud/adsniper/
Redirect Chain

https://dmg.digitaltarget.ru/1/1086/i/i?i=496259331352934.278372085693219&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:duKSi3APRezuX9UgfgVSFAxR.x...
https://dmg.digitaltarget.ru/awg/custom/1086/i/i?call_source=awg&i=496259331352934.278372085693219&a=86&e=5EFC831F0F74BE602C0B8284021AD14C&c=ss:86.up:5EFC831F0F74BE602C0B8284021AD14C.sync:up.xdua:d...
https://sync.bumlam.com/?src=amb2&uid=aSS2GfxXM20qvWn7HJ3y
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABjz6PmFBlIF4-CkuQViFGFTUzJHZnhYTTIwcXZXbjdISjN5
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARjz6PmFBlIF4-CkuQViFGFTUzJHZnhYTTIwcXZXbjdISjN5ogEQL3ZbRsfHEeum6QAlkMgkNw**
https://sync.bumlam.com/?src=amb2&s_data=CAIQABjz6PmFBmIUYVNTMkdmeFhNMjBxdlduN0hKM3miARAvdltGx8cR66bpACWQyCQ3
https://sync.bumlam.com/?src=amb2&s_data=CAIQARjz6PmFBmIUYVNTMkdmeFhNMjBxdlduN0hKM3miARAvdltGx8cR66bpACWQyCQ3
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm=&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_tc=
https://sync3.sniperlog.ru/?src=ggl&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_gid=CAESEALFoAxE93gfUS5nCCrjTtg&google_cver=1
https://sync.bumlam.com/?src=ggl&extra1=aSS2GfxXM20qvWn7HJ3y&extra2=amber&extra3=ext&google_gid=CAESEALFoAxE93gfUS5nCCrjTtg&google_cver=1
https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?sign=1589973058
https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?redir-setuniq=1&sign=1589973058

43 B
113 B

82ms
81ms

Image
image/gif

2a02:6b8::90
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?redir-setuniq=1&sign=1589973058

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::90 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

ccb150b1878d5aa777543222f9e47636d4258687e3dd57e625988f09a96bda64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:07 GMT
content-encoding: gzip
last-modified: Mon, 07 Jun 2021 19:33:07 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
content-type: image/gif; charset=windows-1251
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Mon, 07 Jun 2021 19:33:07 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:07 GMT
content-encoding: gzip
last-modified: Mon, 07 Jun 2021 19:33:07 GMT
strict-transport-security: max-age=31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://an.yandex.ru/setud/adsniper/A855F48AB7A45ED?redir-setuniq=1&sign=1589973058
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Mon, 07 Jun 2021 19:33:07 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012105242203000/ Frame 05C9 191 KB
55 KB 32ms
6ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 305212
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55246
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e9907e100ee706e0"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:08 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 05C9 12 KB
5 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 305214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4568
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b435c2fa80137a0e"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 05C9 87 KB
27 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 305214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27371
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "6687a81702b10306"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 05C9 4 KB
2 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 305214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1521
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5a9e085610d63d0a"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012105242203000/v0/ Frame 05C9 41 KB
13 KB 45ms
20ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012105242203000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 305214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13132
x-xss-protection: 0
server: sffe
date: Fri, 04 Jun 2021 06:46:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1bd5431ac5ac76b7"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 04 Jun 2022 06:46:06 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 05C9 3 KB
578 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 19:29:50 GMT
server: ESF
date: Mon, 07 Jun 2021 19:33:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 07 Jun 2021 19:33:00 GMT

GET
DATA 200
OK truncated
/ Frame 05C9 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cf6ca1b6af2b8e2afac175a1ef8c85056c60c39f00f2878e95daed3eac2a74d

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 05C9 2 KB
3 KB 27ms
5ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 06:09:32 GMT
x-content-type-options: nosniff
server: cafe
age: 48208
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 08 Jun 2021 06:09:32 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 05C9 295 B
399 B 27ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 20:37:24 GMT
x-content-type-options: nosniff
server: cafe
age: 82536
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 07 Jun 2021 20:37:24 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 05C9 0
0 16ms
15ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRbUGh28NmMHcQe3RSvqaXXX5FuIXaC_-S9b9KS5nZhR56mziu_TZIv84YEZIpZTOw-beKg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 05C9 0
0 59ms
58ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5q02bHS-YNW-FMTH3gOJ7YegAbv5n4ljw865ruoM4ZP27ZAXEAEgtKPufmD7gYCAiAqgAZPUuOQDyAEB4AIAqAMByAMKqgTlAU_Q6rNY_n60C7celi_6FbbLqBEXxshZGlEY1T4P99zVcOccv-5Ko0u5U2O3ryMP3vpkANpYJixqMxHa0zqLxH3Xg5vXrsfrlfXYiis6kdPRXcobtPtC4WreYiOqKyo7NaAwiXYCiwc-pKl2kaeP0bCHQm5R52gndFQQw_iiyWCoBgALD6f6IWuDpGn4IkmyczTWc30UHf9ehjlbFjPfwHsRdgrp-miFNqSstpUYHNbZCW1Gs5nx_i5Ka89xFUCzxCRwpn2m3aY1IlS5i2Gx2dRAvJHKWq7h2CBwSwbEafdQcJIdG7fABOyM5tKuA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAZRgAfVq8cbqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEOzRFNIICQiA4YBQEAEYHYAKA8gLAdgTDYgUA9AVAYAXAbIXGgoYCAASFHB1Yi03MDE1MjM1MTIwOTE1NzY5&sigh=bBCR2C_jsFU
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s56-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 45ms
24ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021052601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0cc00d50da7cf940f1f5efe332ee8c22d5896775aa6da2cd0abb4cd94b3b13ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 19:33:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7730
x-xss-protection: 0

GET
H2 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 05C9 21 KB
21 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 21:07:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 512701
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Wed, 01 Jun 2022 21:07:59 GMT

GET
H2 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 05C9 21 KB
21 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://sci-hub.mksa.top
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 17:27:26 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 525934
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Wed, 01 Jun 2022 17:27:26 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 05C9
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

58ms
39ms

Image
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Mon, 07 Jun 2021 19:33:01 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:01 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 98AC 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Mon, 07 Jun 2021 19:13:50 GMT
expires: Tue, 07 Jun 2022 19:13:50 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1151
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 898B 783 B
533 B 15ms
14ms Document
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

aa9c1b8fdebe6aa9db43da76c6b1a562481ba321e8bbdc4f67371baa475fdbf5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hoGlQQZxZ5X+zXZuN3qeRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

expires: Mon, 07 Jun 2021 19:33:01 GMT
date: Mon, 07 Jun 2021 19:33:01 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-hoGlQQZxZ5X+zXZuN3qeRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame 98AC 14 KB
6 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 13:15:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 13:15:38 GMT

GET
H3-29 200 container.html Show response
9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E081 6 KB
3 KB 24ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sci-hub.mksa.top/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sci-hub.mksa.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Mon, 07 Jun 2021 19:33:00 GMT
expires: Tue, 07 Jun 2022 19:33:00 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 36ms
13ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021052601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:01 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021052601&jk=1204855662230895&bg=!1dal1pLNAAY6sG-_OrA7ACkAdvg8WnZoIQvvG3tueEYp0cDb6ZRylbYfdX7-jKM8t-nXRx5MSwe9QgIAAACbUgAAAAtoAQcKACwkKWRUGnhXK21ai5VffCgZSHHHv2YQ-jEKU934OkgwvSRbpxdluM2DpeIbUZkCT0M43qe9sWIpV0sIx_6qVrzKYU3LEwOmLCXEtwC6yFYUBRMOMlcduo1b4xIFKuw2uZUd9zWgsFbZXy6JAQQRVjgUGjeCbj0qdw-m232w81OunWOEZPjkb7G92Fsyg8s6RlWWzv9UxhSEXqex97vYDj6NhFPqCWulzGIlPIijD_-fkzmVhNpYGmmCLb3Gq3XvTe9ypNFozQI4_baczxoRpUAfC2EZl1f-2mtlMJFxP86i2GVtfAZNG3M-_pA0ypRV0XtDBkgow99rRdU0BOIMYGl78R-p2sLtq_AjwWPJKVXCxjG2KDoAvxixVXJN7eaci6XEo0PpXka0Q8REeNPeGV5sbD4MRKYUu0HzhP1vWyhX0vnsu8cknUS4mJPiFuAUMqhovQNssMki36r9cgrA4f-b7ECfG8pcVklKP42gr2xLXy01JRkdxPK90wUPHoydaDFCXQ4GJIGJHHTnetAsyE6BjNzz90rEpl1uCWNWsIYqdzvltV6ue3bNNuChqkjZ_5WLtFWiINtvNMBhGRQhGj8OinILR0vLOniQGGxmTeeqmhhaTI5YPatbBHFHTfmWiq9e9sv2Y1_lEzQpxT5B4dfX0VF5PL5Ob4l2GQfa_TVTN9UMR1OU8U3m9iAR0R-Y45SEtmn3nsOAdzQrDRv9v-njqNOnd3tFXEvck191fSXFLm-yuKcvYJWDAoXOBnnC1rTaj3Fs-R963faRAlhwXYJ45FbGzEj165MvkKxttJ2jOirZPSjOCxlJlDvifPU55OthkV9u15hdzPYbci26vw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6F21 624 B
299 B 28ms
25ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk2eJPeL54zn3YzgLlpf49KdGRl6-R1JCrtiYUeMg8iD8p1I5KYki460BkTYRU; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 07 Jun 2021 19:33:01 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 07 Jun 2021 19:33:01 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C763 11 KB
8 KB 44ms
41ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CP8OVsHqfJZ05GKDVfj5Dy7MXV7QlPQVntG9eoT6gOhgAT1F-jbEVvnGEnFv2REE4Do774YHLkTrvUfc30BDS7K2V1U6Sl5IhRarWG_BesgbDjJ9C4pBwfUIGwYg2BEv0Iqw8Sgs7qGY3Xoj1QXImgpYhcrw&dbm_d=AKAmf-AWWUmqs12PtxQ1D6k_v_PejDo61Ctth4gOoXsGpW9sUaDX6TMg3UillimeOCSoiopFKDcLCADmAqyGUCziG4lOkgifgiltFhDXb003-XdXvWkYfHcKMuBZHyAZ8KEH4R2tUSv5qD2_P16BcFyT3KCsFQY9Z3Qrc3Zm5Asx8jnIx3H_eK80T1D7cFD5HqlTOgeI_cyyrkUBfUb9sCVDX7sXqZjrvW1qGJ83YqfZIW1Jjm31Alnk9nMZ4bIkvPdFS5sczcX_uzo5fqGFTkLP9h4MZBhXrq8ERp9Mk1nPTst4aVAIM3XRkXIPnr_X-CfTkxGAfSsyV-0hF68WgyGbKeuWSFWjEQUq_kpSvXoXiF1uBk4UzAhFk-ZWAYyovhAGSVzqFp3foGa0f6mMgIsbjEmFYjeqM3wHE_4J9tB-cAD-fNLwyS50CgjRHMYxhTqTH9cSkO2KEL_0y5KIfTUiru_fsxun3whCTvOdcsU4PQNpGKuRpiL0lYmqEl887QlV6f-Xvnw84gyfxxXTTK50pNSrmJ_feosRh0k5bxvOEOXGJwIjp3VzxxUKpHjzzfeKXC3no9WIptdpTvblixL-7y0IR-PvS7i-fuFQTw8sh-Vx9F3M6XAB2tvdz2Fs2Mc7ig9hmqqskOF3GB7aaVRhJYMHwbvFbLsu7ptnxOEzZcqHXXsDhx6YescHCnqDgozdwqtv7g0y-P8UPeOXil9WIWItXWuzd_TPUi6uCj5ynwRvAledIUY4Bjx-_y7ZTGnpIS3kng0i_Mk27slaForyWuS_7a0nQ63NJ188yabemyQJfl_JhPwI25dkqfsRJktXXd2s9TWu_g0NFTAaFFc6j1SlxAqOnRxSVOWSJX5LRr5Y-HIY5wCXzdEtUXECN2oVDL7Op5z2ByLP-q7aozHsrblFL6ubbIpGJ0pzHLNG8kNu90BcA-9p0zSPrcywur5AQsxZ5VVTFBRwh6-zEMpFHc-NYAhkJVN1uQHqUCX94CYcGrfHvniefDmwpHaM3EP0fWjss2fliN7dCytj0CLednSIPCG-y3SHEm9Z2ZEXidouulLCF_GAqgTV_bo37t-tjNGYXa6NUBIaWPi6xttw6tHN3A8klOzRMbpNoDdpDAbZPlusjJHnp5maitLA6ooJqH5UxZriQUqc-dMSdjKrVY2hSsTwYvnM2rWCrN5MJ10y4TLYHtXlqQOD1AzhTGQwKwHSr-U5T1wTbUl8Ul2thXQWrWY0i2BdiTBRE4oc2Xn7dKw3Z0mZRfth7Zxyx1kW--86gEZLkukkKRccxzYDcxDKUJgfH2_gH6NETnVA9NZrGhWc2GkRhvTj4mkQ0DDM0nkRZHV-yb-wM2TbDw8w-cotvgiGSnmVbNqCn_KRVd3HEUU-fvqeYrm-KrxB5C3HozMIFC7XENiMyGsa6sFb-gUbG3UfsFT6B49y6riNENl2lEr-_aLS9BHCKgXGf4laYyKtBB-wE9J7W16V0eqOVFdx8WNouwnw8JMUadXK_Z23g77qLhQqr7LPyRO_hWSgtHz2NI47DpNCi9KtOAqgxNSmf2zMFw8l4KSrwLjC8Ndik_urkaz7o3VHSq6OgdEvn3K2FsFUJXrGjEb4xlsajXC6uCez2TL5bDDFPCjvJDYkALZZpnwaps5J3pyMKcfl7W6jXpVKaGP1flCol80GYsxqWQDeO24qivs3KbVjU1ra14NGC1HRyJu6d2xR-303flFXo43EGxlBaJblb55u1wrX7FaJWgp_BVCuwSvVzlZlJbGWXJEivpewNV3XIe_-9hYNqyFaMQPjgMZNRvw_i5jdVXNFGA-RWOtN5GBYquUjQQ7D30JPKZOdTgSDC-NqGjIY0FQ9rllFanzSzphbzoe0KidR--VyH0wa_lx2eNQhFFhUXRDqRSd78zsEDhy9-4ZUn51U7wKbWKQWRgdo6lElIt0VefZcn8uo8r0SzARHGbRxlmwyuhSi8bUJizjJuaM7_CeP5tzh_qCFUhvhvWNzw_sXQrf2Afmn5WOWmvkHI0h3Cdi4oZ782nv3hkl6aBSZtK2_sa55mx2cG1H7No4z8gm35WGJ5rmXfvOIQ2LxjY72t3D5RA84yeT1_B-hpycT-l92Ehz84XCE3hOyYnmntAk6UGRK-CF1TVQuWhckanWwqt5N04aWNUnwZjz9mfEjnpyZVm3P7RjJLglmROKO6C_BTOSp8a3RGGuzwNLAoMT4Sgyp6AgrN-eGhFwJWY5M94Xu1ZDnK2BPaEVqfzkCdqO4obD1v7BhC9dVi3ltky2sEWWAwr26MLa5kYsYgGptntGx2PGc4t9ugcpijTW6zFK_mnUVRpirNqnJujwxb0UX9kzuOFkQXP7X24s5k70JkAMOGZaPgjSSUj_nRtCwMxGhyMwA5beFlgdOGhw4t5gPXHHPuMhE_VWi-iU9UdkpycziTqb0_Ipz1Szp1n2OSY6piAjveyylSz5nfexD-rCoOgZo3tOz_ps0fQXBfE1c3kXZDb9TdDqTT8VnCp_Zs7JjsNaprgOG7PLmOYunIN_lBnDHqrXQFi82KEY5qk-lKLQ0IJSsUrUrhtiPkLVXDx_wXNL7vjoV4lT29wKSE7bIJ4o-jt7RWedwQ2QL93N6Q0a-sOS0-Q8cdk94zwnPzAKxqoixKYDErL-7B7NL00j4mIL8CNN4epiMn6y-RbxX3QOJr5E0DlfwYPPGhBm7Ei2S0SkF_vaqoMQM1wS656u_QFJLndAkmwTQNX0mEptBLD6HK4LbekIpl3e-UeyZaC-tDhtjMN_vn2GXuYMUFJhqNvVLdcJa2hrzehhgAqwqVtTFOkV9PLn6RBe8OqNRugG6ARonC5a2pHUsYGk9GJ-l_ghbgiJaNlMmAno1w65xqk_azypC-OytHPUz8N-3ynND0i7fIQTg8hSEYbhYIfueteqO0b8uKvvXt5v3xuWtvjNvyj2SRPvXdnzsty13MsMQZPMf9YL_8HF0m9mwyP6nBfC32Sl22GolgrBIEtpeTybuCvqiM9KdqwGecZ6H1GI7tDH7bFM1sp5qQcEelklDOGgZw5E2fhCYq3FUqyZoS5s_pFbe_b9LZx2FQSf21TbMrH8TcQTKl5_oGIjl-Vm8vT_WE9lX3vzRjQV1D34l-ny-&cid=CAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afd6daac8fa7cd3b9ff50868ebc40cea300572b9317e12e7ee3795f2e79984e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8597
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame C763 2 KB
1 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 19:31:13 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C763 122 KB
37 KB 32ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:01 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame C763 13 KB
6 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:28:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 19:28:44 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C763 42 B
63 B 49ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AX3ds_DMoBOkptWWgBCQnni4ZNLCxmshw4-yG6OlxcNO_eNSVNk81YdWZ6YRHxsyNpk4XYvUO4gY6KKD7kPKAq6_Gc13p0pEsFPo-thU9OJl96kP0

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6F21
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1

43 B
1014 B

45ms
39ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:01 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 19:33:01 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6F21
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YL50bU8uSMvUlmBj9-QfLAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1

43 B
894 B

48ms
48ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:01 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 07 Jun 2021 19:33:01 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFCDP-aWPoyFFYeTJMuLpZo&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6F21
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIuF8-e4cOUBYhFCAxrnT8A&google_cver=1

43 B
1021 B

38ms
24ms

Image
image/gif

185.33.221.91
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIuF8-e4cOUBYhFCAxrnT8A&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJnsxgIQrePsnQIY1-_clgEwAQ&v=APEucNXVzDnPpd-8d7tzWe-7wOM4dDSSXL1i3bXr9mz3uIChLFEcXhijBVT021gIUDB6ffWRhQjS6VIKXs53nzWvGWnjZUCzDhSfBR5nJNV01z_PYH2_D5JFSIJXoiHDdnmkz3nyvT6ODyyCeX7amV-He5-6i3Q-0hvD3l3CfcW2GwVTyJBUdok

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.91 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:01 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.182:80
AN-X-Request-Uuid: 3e53739c-423d-4575-8f2c-09533118448f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIuF8-e4cOUBYhFCAxrnT8A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6F21
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU0NzM3Njc0MDQ0MDk4OTA5NA%3D%3D

170 B
188 B

69ms
35ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU0NzM3Njc0MDQ0MDk4OTA5NA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 07 Jun 2021 19:33:01 GMT
X-Proxy-Origin: 185.93.2.145; 185.93.2.145; 721.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.234:80
AN-X-Request-Uuid: 1c2b6486-2254-4ab1-a1b0-c3dcd446f4c6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjU0NzM3Njc0MDQ0MDk4OTA5NA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C763 41 KB
15 KB 14ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CP8OVsHqfJZ05GKDVfj5Dy7MXV7QlPQVntG9eoT6gOhgAT1F-jbEVvnGEnFv2REE4Do774YHLkTrvUfc30BDS7K2V1U6Sl5IhRarWG_BesgbDjJ9C4pBwfUIGwYg2BEv0Iqw8Sgs7qGY3Xoj1QXImgpYhcrw&dbm_d=AKAmf-AWWUmqs12PtxQ1D6k_v_PejDo61Ctth4gOoXsGpW9sUaDX6TMg3UillimeOCSoiopFKDcLCADmAqyGUCziG4lOkgifgiltFhDXb003-XdXvWkYfHcKMuBZHyAZ8KEH4R2tUSv5qD2_P16BcFyT3KCsFQY9Z3Qrc3Zm5Asx8jnIx3H_eK80T1D7cFD5HqlTOgeI_cyyrkUBfUb9sCVDX7sXqZjrvW1qGJ83YqfZIW1Jjm31Alnk9nMZ4bIkvPdFS5sczcX_uzo5fqGFTkLP9h4MZBhXrq8ERp9Mk1nPTst4aVAIM3XRkXIPnr_X-CfTkxGAfSsyV-0hF68WgyGbKeuWSFWjEQUq_kpSvXoXiF1uBk4UzAhFk-ZWAYyovhAGSVzqFp3foGa0f6mMgIsbjEmFYjeqM3wHE_4J9tB-cAD-fNLwyS50CgjRHMYxhTqTH9cSkO2KEL_0y5KIfTUiru_fsxun3whCTvOdcsU4PQNpGKuRpiL0lYmqEl887QlV6f-Xvnw84gyfxxXTTK50pNSrmJ_feosRh0k5bxvOEOXGJwIjp3VzxxUKpHjzzfeKXC3no9WIptdpTvblixL-7y0IR-PvS7i-fuFQTw8sh-Vx9F3M6XAB2tvdz2Fs2Mc7ig9hmqqskOF3GB7aaVRhJYMHwbvFbLsu7ptnxOEzZcqHXXsDhx6YescHCnqDgozdwqtv7g0y-P8UPeOXil9WIWItXWuzd_TPUi6uCj5ynwRvAledIUY4Bjx-_y7ZTGnpIS3kng0i_Mk27slaForyWuS_7a0nQ63NJ188yabemyQJfl_JhPwI25dkqfsRJktXXd2s9TWu_g0NFTAaFFc6j1SlxAqOnRxSVOWSJX5LRr5Y-HIY5wCXzdEtUXECN2oVDL7Op5z2ByLP-q7aozHsrblFL6ubbIpGJ0pzHLNG8kNu90BcA-9p0zSPrcywur5AQsxZ5VVTFBRwh6-zEMpFHc-NYAhkJVN1uQHqUCX94CYcGrfHvniefDmwpHaM3EP0fWjss2fliN7dCytj0CLednSIPCG-y3SHEm9Z2ZEXidouulLCF_GAqgTV_bo37t-tjNGYXa6NUBIaWPi6xttw6tHN3A8klOzRMbpNoDdpDAbZPlusjJHnp5maitLA6ooJqH5UxZriQUqc-dMSdjKrVY2hSsTwYvnM2rWCrN5MJ10y4TLYHtXlqQOD1AzhTGQwKwHSr-U5T1wTbUl8Ul2thXQWrWY0i2BdiTBRE4oc2Xn7dKw3Z0mZRfth7Zxyx1kW--86gEZLkukkKRccxzYDcxDKUJgfH2_gH6NETnVA9NZrGhWc2GkRhvTj4mkQ0DDM0nkRZHV-yb-wM2TbDw8w-cotvgiGSnmVbNqCn_KRVd3HEUU-fvqeYrm-KrxB5C3HozMIFC7XENiMyGsa6sFb-gUbG3UfsFT6B49y6riNENl2lEr-_aLS9BHCKgXGf4laYyKtBB-wE9J7W16V0eqOVFdx8WNouwnw8JMUadXK_Z23g77qLhQqr7LPyRO_hWSgtHz2NI47DpNCi9KtOAqgxNSmf2zMFw8l4KSrwLjC8Ndik_urkaz7o3VHSq6OgdEvn3K2FsFUJXrGjEb4xlsajXC6uCez2TL5bDDFPCjvJDYkALZZpnwaps5J3pyMKcfl7W6jXpVKaGP1flCol80GYsxqWQDeO24qivs3KbVjU1ra14NGC1HRyJu6d2xR-303flFXo43EGxlBaJblb55u1wrX7FaJWgp_BVCuwSvVzlZlJbGWXJEivpewNV3XIe_-9hYNqyFaMQPjgMZNRvw_i5jdVXNFGA-RWOtN5GBYquUjQQ7D30JPKZOdTgSDC-NqGjIY0FQ9rllFanzSzphbzoe0KidR--VyH0wa_lx2eNQhFFhUXRDqRSd78zsEDhy9-4ZUn51U7wKbWKQWRgdo6lElIt0VefZcn8uo8r0SzARHGbRxlmwyuhSi8bUJizjJuaM7_CeP5tzh_qCFUhvhvWNzw_sXQrf2Afmn5WOWmvkHI0h3Cdi4oZ782nv3hkl6aBSZtK2_sa55mx2cG1H7No4z8gm35WGJ5rmXfvOIQ2LxjY72t3D5RA84yeT1_B-hpycT-l92Ehz84XCE3hOyYnmntAk6UGRK-CF1TVQuWhckanWwqt5N04aWNUnwZjz9mfEjnpyZVm3P7RjJLglmROKO6C_BTOSp8a3RGGuzwNLAoMT4Sgyp6AgrN-eGhFwJWY5M94Xu1ZDnK2BPaEVqfzkCdqO4obD1v7BhC9dVi3ltky2sEWWAwr26MLa5kYsYgGptntGx2PGc4t9ugcpijTW6zFK_mnUVRpirNqnJujwxb0UX9kzuOFkQXP7X24s5k70JkAMOGZaPgjSSUj_nRtCwMxGhyMwA5beFlgdOGhw4t5gPXHHPuMhE_VWi-iU9UdkpycziTqb0_Ipz1Szp1n2OSY6piAjveyylSz5nfexD-rCoOgZo3tOz_ps0fQXBfE1c3kXZDb9TdDqTT8VnCp_Zs7JjsNaprgOG7PLmOYunIN_lBnDHqrXQFi82KEY5qk-lKLQ0IJSsUrUrhtiPkLVXDx_wXNL7vjoV4lT29wKSE7bIJ4o-jt7RWedwQ2QL93N6Q0a-sOS0-Q8cdk94zwnPzAKxqoixKYDErL-7B7NL00j4mIL8CNN4epiMn6y-RbxX3QOJr5E0DlfwYPPGhBm7Ei2S0SkF_vaqoMQM1wS656u_QFJLndAkmwTQNX0mEptBLD6HK4LbekIpl3e-UeyZaC-tDhtjMN_vn2GXuYMUFJhqNvVLdcJa2hrzehhgAqwqVtTFOkV9PLn6RBe8OqNRugG6ARonC5a2pHUsYGk9GJ-l_ghbgiJaNlMmAno1w65xqk_azypC-OytHPUz8N-3ynND0i7fIQTg8hSEYbhYIfueteqO0b8uKvvXt5v3xuWtvjNvyj2SRPvXdnzsty13MsMQZPMf9YL_8HF0m9mwyP6nBfC32Sl22GolgrBIEtpeTybuCvqiM9KdqwGecZ6H1GI7tDH7bFM1sp5qQcEelklDOGgZw5E2fhCYq3FUqyZoS5s_pFbe_b9LZx2FQSf21TbMrH8TcQTKl5_oGIjl-Vm8vT_WE9lX3vzRjQV1D34l-ny-&cid=CAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ&rfl=2%2Chttps%253A%252F%252Fsci-hub.mksa.top%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1149
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Jun 2022 19:13:52 GMT

GET
H2

200

as.php Show response
nxtck.com/ Frame 0549
Redirect Chain

https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgt...
https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgt...

3 KB
2 KB

37ms
36ms

Document
text/html

130.211.47.109
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
Requested by: Host: 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
URL: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.47.109 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: adserver-ga-6966f9dbd7-9df9t /
Resource Hash: c7f4f93217fb8c682d32f4b351af1eb828f1f882251264a66c14216325ebd5e2

Request headers

:method: GET
:authority: nxtck.com
:scheme: https
:path: /as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: tc=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/

Response headers

p3p: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV'
server: adserver-ga-6966f9dbd7-9df9t
x-robots-tag: noindex, nofollow
expires: Tue, 01 Jan 2001 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: uuid=3294e4f4-92f7-45fb-b4e1-bdc79875e0a0; Path=/; Max-Age=31536000; Expires=Tue, 7 Jun 2022 19:33:01 GMT; Secure; SameSite=None
vary: accept-encoding
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 07 Jun 2021 19:33:01 GMT
via: 1.1 google
alt-svc: clear

Redirect headers

p3p: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV'
server: adserver-ga-6966f9dbd7-tgm46
x-robots-tag: noindex, nofollow
expires: Tue, 01 Jan 2001 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: tc=1; Path=/; Max-Age=31536000; Expires=Tue, 7 Jun 2022 19:33:01 GMT; Secure; SameSite=None
location: /as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
content-length: 0
date: Mon, 07 Jun 2021 19:33:00 GMT
via: 1.1 google
alt-svc: clear

GET
DATA 200
OK truncated
/ Frame C763 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a0ce300b98d5bd957affdb6a30b056e45086e39dbdbcf5465f8dbe304856c394

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BE9B 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Mon, 07 Jun 2021 19:14:04 GMT
expires: Tue, 07 Jun 2022 19:14:04 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1137
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js Show response
pagead2.googlesyndication.com/bg/ Frame BE9B 14 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Jl_KA3DWLl1pqAl7nrDeic27IkrJD7_aVFtTlraQVeY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 13:15:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22643
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5751
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 13:15:38 GMT

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 0549 8 KB
4 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 18:39:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 07 Jun 2021 19:39:55 GMT

GET
H2 200 rm_iab.js Show response
cdn-ssl-as.nxtck.com/iab/js/ Frame 0549 3 KB
3 KB 118ms
35ms Script
application/x-javascript 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-ssl-as.nxtck.com/iab/js/rm_iab.js
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 77dd7a6ab6c5b70535f944b314aefb2139419836cfcac9d57f765fc7c123b82c

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
via: 1.1 google
last-modified: Wed, 14 Nov 2018 22:57:04 GMT
server: nginx
etag: "5beca840-a1b"
content-type: application/x-javascript
accept-ranges: bytes
alt-svc: clear
content-length: 2587

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ Frame 0549 37 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 04 Jun 2021 19:58:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257680
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 04 Jun 2022 19:58:21 GMT

GET
H2 200 B25214695.300129124;dc_ver=75.217;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3858002728;ord=ur0iug;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A... Show response
ad.doubleclick.net/ddm/adi/N1119185.152785NEXTPERFORMANCE/ Frame 6B70 39 KB
20 KB 126ms
56ms Document
text/html 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1119185.152785NEXTPERFORMANCE/B25214695.300129124;dc_ver=75.217;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3858002728;ord=ur0iug;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D582450%26ev%3D75873%26rid%3DxaR5whJGNJHMGl2Y%26sid%3D576870572%26uuid%3De31acd1c-0998-4d09-a3a2-7a0691172020%26ecr%3D%26referer%3Dhttps%253A%252F%252F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=MMHuB_ltGd;osda=2;sttr=32;prcl=n

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ac314189eb7ac87f76022b74b64dfa1e624be891f988c207a858e697c4a3dc77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad.doubleclick.net
:scheme: https
:path: /ddm/adi/N1119185.152785NEXTPERFORMANCE/B25214695.300129124;dc_ver=75.217;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3858002728;ord=ur0iug;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D582450%26ev%3D75873%26rid%3DxaR5whJGNJHMGl2Y%26sid%3D576870572%26uuid%3De31acd1c-0998-4d09-a3a2-7a0691172020%26ecr%3D%26referer%3Dhttps%253A%252F%252F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=MMHuB_ltGd;osda=2;sttr=32;prcl=n
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://nxtck.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUk2eJPeL54zn3YzgLlpf49KdGRl6-R1JCrtiYUeMg8iD8p1I5KYki460BkTYRU; DSID=NO_DATA; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://nxtck.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 07 Jun 2021 19:33:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 19549
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 OBA_marker.png
cdn-ssl-as.nxtck.com/iab/img/ Frame 0549 3 KB
3 KB 34ms
33ms Image
image/png 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-ssl-as.nxtck.com/iab/img/OBA_marker.png
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
via: 1.1 google
last-modified: Tue, 02 Oct 2012 09:47:13 GMT
server: nginx
etag: "506ab821-cbe"
content-type: image/png
accept-ranges: bytes
alt-svc: clear
content-length: 3262

GET
H2 200 OBA_en.png
cdn-ssl-as.nxtck.com/iab/img/ Frame 0549 4 KB
4 KB 34ms
34ms Image
image/png 34.107.167.126
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-ssl-as.nxtck.com/iab/img/OBA_en.png
Requested by: Host: nxtck.com
URL: https://nxtck.com/as.php?if=1&zid=56367&cpid=23227&cb=1623094380837578&redirecturl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3D&tc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.167.126 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx /
Resource Hash: 835b8e7fce8c7030ab18fe28277589c21b062b5b6e6301939cb1e62b1af3f151

Request headers

Referer: https://nxtck.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
via: 1.1 google
last-modified: Tue, 02 Oct 2012 09:47:12 GMT
server: nginx
etag: "506ab820-108b"
content-type: image/png
accept-ranges: bytes
alt-svc: clear
content-length: 4235

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/ Frame 6B70 8 KB
3 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1119185.152785NEXTPERFORMANCE/B25214695.300129124;dc_ver=75.217;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3858002728;ord=ur0iug;click=http%3A%2F%2Fredirect.nxtck.com%2Fww-redirect%2FWwRedirectServlet%3Fp%3D1%26clicurl%3Dhttps%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC9awpbHS-YMqPM8733wPK1o3gBujZ-shiwrXEvJsMyqel-ugOEAEgtKPufmD7gYCAiAqgAYW3uOIByAEJqQLeJUCuYmi0PqgDAaoE5gFP0L4FyJmYpylYdOWEwvbucyr_xThuXau9sIQfS0n2sfusOPpVrp1rqH7e02-y3qs7vp8DRH663iBdRTWGKWz9nno9jCQwV1UnAh9KpQtFat229WycbOv80EeVLnhlgd30gFYVDppviBhG0005cZ20L75M_UojvJEtBWgTMUx1ZaOseX7u5kfmjpYdhqF5iy0RULplGtpigdZJy6xBLgcwLb-fgGte8MfTQOEHQVLXjQuLAJ-V1EP8XXdr-Omli-eKynpCf664LElZJVg0Z1la2r6ecAz7sbZcyVCaP-p6KP3PX6_arsAE1qWPs6QD4AQDkAYBoAZNgAfjyMedAqgHipyxAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfs1RuoB-6WsQKoB6a-G6gH7NUbqAfz0RuoB5bYG9gHANIICQiA4YBQEAEYHYAKA5gLAcgLAYAMAbAT88rcC9ATANgTDdgUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASPeRoJYixxFVsT9A1zhwCwBCnaDORfOpUHpO2Pl5kql0hoQ_qyAMydx9WF5O7Y6br79BtOGppQyFSN4fTYiQ%26sig%3DAOD64_2A34anqmN2jq_TjOaVSt5JtgB--w%26client%3Dca-pub-7015235120915769%26dbm_c%3DAKAmf-BG3UdALu5I4__56-ISm637cD_W9Bd6yhw_76bsqGyincurfGqepUtE7GaqbgPSHNWXMfPeEyIoVt3nexyJi8fmEbp5-EZ52gEBM7WtygF0JLjl13yXyGpumh3dvxfr6_75bfx4oZ4Fips9np4Mvc80-nMLFQ%26dbm_d%3DAKAmf-DsVQAGD5tm1wHbbos81UZepl30l2JAFwcpunXoO4na2Su3ocf1zwBFMjqWjzeBD9BlhL0RuIAgqSkUW4srTk_kt6vEES33XpMvl6OQvrMrOeg56gY_eZ8Cq7tDL2AEmqTQ-b4t1ypJbZHFTr8SffTerc-mkB0QA7Ebk5vZ4haZjffU5AIUkWH9ESQohw5mK7ReEgEpB9gQpiLwBEMnZ1w5ZirLQi7okzm4aI71q71RBTd31u0hX-0h8fYqSIQ5putGLJQ1UkPXcOrGiXJlXUQSsESaMIT-f76IXui42jkOv5gza0eGcQBTRGMzS-CDSacocbsxCXhKBOOwQkhHv5v4s8e3-cfduy1vqgWYMESDWeNhCLXa0u3JZZoAet58Cd8gUm1j2I3gWve1l6ZWjH45keWkeO70Pd8az7qG6U_SrT9627aRIpGO-vW7l4R6QXC-07OgPtF74veWHYmCOrXQI9YKLg%26adurl%3Dhttps%3A%2F%2Fnxtck.com%2Findex%3Fclk%3D1%26zid%3D56367%26aid%3D582450%26ev%3D75873%26rid%3DxaR5whJGNJHMGl2Y%26sid%3D576870572%26uuid%3De31acd1c-0998-4d09-a3a2-7a0691172020%26ecr%3D%26referer%3Dhttps%253A%252F%252F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%252F%26c3braK3c%3D%26P0uWe7tE%3D%26rawloc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=3,https%3A%2F%2Fsci-hub.mksa.top$2,,https%3A%2F%2F9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com%2F$0;xdt=1;crlt=MMHuB_ltGd;osda=2;sttr=32;prcl=n

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:30:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 21 Jun 2021 19:30:18 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 6B70 111 KB
39 KB 42ms
7ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad.doubleclick.net
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:05:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Jun 2021 19:05:05 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 6B70 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1149
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 07 Jun 2022 19:13:52 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4024 22 KB
8 KB 9ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Mon, 07 Jun 2021 19:14:04 GMT
expires: Tue, 07 Jun 2022 19:14:04 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1137
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BE9B 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkmyWbXS-YLahE7GrrASJ9LGgBgAAAAA4AeAEAg&bg=!c3ClcDTNAAY6sG-_OrA7ACkAdvg8Wh_nqMMs1aWwq38A1Ebal--hyfuiEdSSx7wyWdqF57D6Fj8l2AIAAADbUgAAABNoAQeZAu5x183JfSZRVUOAOrz4swNPoaFNIZ81dgeE0t70tG1plxu8RE7oQwdtkgYvOm1M2h7WNu1p4Q0tlL72nDIqXjROGtvBO-TdHI6qnMXNyjkYGPSI3HTf2S2kMj2EceuoZ4gPqGg6_SmITL_Z0f6KLaoa6Lg47DfoMlqpgYZBu49OMWCWLfWFaHJwrRhwGm7ZJ3qaqP82JAO0fE0cyo_YBWPVvLWEkAI5llKEEh9nS_3tpNlLUcAhe7yx2r-VgdXlkAWDT6sZzBSjFm5b51mYLSpUsw3oiI4Um0nY6_32LhzGvUi_yjg8z--Q9fgwynszqHXwjzr8cktPGijxTvQAgnj_gx9yeJvgbaudM2WQ1KFFv3D_0M_szEfUYeCrmPRvApSRLcbPcLuRPJgBHQvoKkoqqRVykTW8mJ3xykJScp2PwV2Qttut5YPFeaKkvmH7S5VaRycBNv1i3fTfnIfh08_sO9QlP7AFr-jCX0Pv8PPlVmOqLtxLd5W3WQsL8TQUdb6TdCTr0ZU8XtmbXUnMLUcQAG0PFRs5ssuSR-nfxNtRDCjjHmlYNX_VmJ7yMEa0A-VMcg3R_lrdhj_OXBK_SLdvjVh3uIwtmgFX8zZ25VALtOz7H-PoI90tEE9fwtcywbkJ5rAWykqJ_7Dqhodnjbba8Vz3ILIk9ulc-Mn7F_KEc_iQWhpA8MTRG59wzqpUERH2IAnw-_oCwP-1BJe9vqa1KvLODV_Dlau4UyRlwEX9DIxeGGF1eSCuJQ-aeRUrTc9K0D00KepJHFRsRpwn_dnZuarJwfJeV0yysSOrZuNQGmlwGz0cL1czVlo9USPiOAYAAC-ujzfDSpENelwqXVIQDxDVc21ETh45iL9pw3NB243tIXfFjtNBlkGYRX-xuZQv7HPvVXVJOJ5Y7OvhS7_BrSYGhh7I2DKd5LoNsu6tSV8nSCnjFdpqyFIPHQe9g_tJVgsl-GWx0CvW7ErLsu_IU7mYucZOWghP1IOOOnI

Requested by

Host: 9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
URL: https://9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6B70 122 KB
37 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:33:01 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Mon, 07 Jun 2021 19:33:01 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/9693237/1617090691098/ Frame AE44 43 KB
14 KB 25ms
8ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9693237/1617090691098/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d6c3c47d1614cd7bd64ca68a0304a857879412be4481fc4ec60dd214feca601

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /9693237/1617090691098/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 14035
date: Mon, 07 Jun 2021 00:07:22 GMT
expires: Tue, 08 Jun 2021 00:07:22 GMT
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 69939
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6B70 0
528 B 184ms
60ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvkles-QF7m_-54jPfX5DQCRCjAvjTIaTttlK2gVdOShWaN2d4LPmugUev91UZYv2k-neOsXq1eBBne9YB6OkLjcYa47bae6Fki_2fhyCyLzoIaaNDggYc1kQXjmbILGCrrZRRNmqxDPTKSxuX67gX3dMzBbwLk_W2y437NJhU&sig=Cg0ArKJSzElJgE10Hyy1EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=100&cbvp=1&cstd=89&cisv=r20210601.10658&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 19:33:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js Show response
pagead2.googlesyndication.com/bg/ Frame 4024 14 KB
6 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/wQPplS2CBbapxPPsKjLjCt6L9Rv2P8O8syxzKLSpyaY.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 19:10:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1363
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5768
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 07 Jun 2022 19:10:18 GMT

GET
H3-29 200 background.jpg
s0.2mdn.net/9693237/1617090691098/ Frame AE44 7 KB
7 KB 16ms
14ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/background.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d8f419d015fbb80be3898d6f979623736aef4d4e41109907ce3af0170dcd6e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 00:07:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 69939
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7300
x-xss-protection: 0
expires: Tue, 08 Jun 2021 00:07:22 GMT

GET
H3-29 200 product.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 8 KB
8 KB 15ms
13ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/product.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b27448586230892718ca9e169e8308862d9d5cb0e26db4c82699b09f5ca3c80c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 04:51:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 52921
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8667
x-xss-protection: 0
expires: Tue, 08 Jun 2021 04:51:00 GMT

GET
H3-29 200 logo.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 2 KB
2 KB 17ms
16ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97efb4752ce4e004e2f5d54cd87563ae66f0447174107a16b7dbc5f50a5f4e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 03:47:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 56746
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1549
x-xss-protection: 0
expires: Tue, 08 Jun 2021 03:47:15 GMT

GET
H3-29 200 txt1.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 2 KB
3 KB 16ms
15ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/txt1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6aaf3994734deba273c3f7847209a96e6eca87e24e44779068d298c1fadd0105

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 00:07:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 69939
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2552
x-xss-protection: 0
expires: Tue, 08 Jun 2021 00:07:22 GMT

GET
H3-29 200 txt2.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 974 B
996 B 16ms
14ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/txt2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb0494d7aec080c10027429772636a99672a882d4af5a659103881e4fad974a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 04:51:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 52921
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 974
x-xss-protection: 0
expires: Tue, 08 Jun 2021 04:51:00 GMT

GET
H3-29 200 txt3.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 2 KB
2 KB 15ms
14ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/txt3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57689e9763cb7802fb1e6e1b1e65426c7a50d703870e0cde5fa062889a152c49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 00:07:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 69939
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2136
x-xss-protection: 0
expires: Tue, 08 Jun 2021 00:07:22 GMT

GET
H3-29 200 txt4.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 3 KB
3 KB 17ms
16ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/txt4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ccf2e98a4e6f8486b7fbd95093b1240ece3cbe81ed2b2f2586d7a1231242c832

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 00:07:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 69939
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3152
x-xss-protection: 0
expires: Tue, 08 Jun 2021 00:07:22 GMT

GET
H3-29 200 cta.png
s0.2mdn.net/9693237/1617090691098/ Frame AE44 638 B
660 B 21ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9693237/1617090691098/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9693237/1617090691098/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5df21470ca181eb2ebebc6ab3359e6cb75aad8fc05d6703fcb776f192f4f4c58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/9693237/1617090691098/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 07 Jun 2021 00:07:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Mar 2021 07:51:31 GMT
server: sffe
age: 69939
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 638
x-xss-protection: 0
expires: Tue, 08 Jun 2021 00:07:22 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 6B70 0
60 B 62ms
61ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Mon, 07 Jun 2021 19:33:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 05C9 42 B
64 B 42ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsttnDhCxaZcJPcJG05s22YWaIpFq2K9D8p9eCpqhjXQvtOFwEhOO436h_pFKmVmdqYj3xbZSdDO0hE7F4TS2RCBm6awV5GMK8Y-nQG4DQJ1UfJXRYJEUoWclOyKKQ&sai=AMfl-YSi4V9fiWCtUBONv630u2FoYGbsdpZhOarAeG4hSBsMuZgnBwAIs6J8_IYTbQOfNE8Z0EdF97icX07bXlocKUo6rUh4pv4EyFXaYNO_H522CyfydmsI5dPrTXdtHxs&sig=Cg0ArKJSzHE79BBaUNpwEAE&cid=CAASPeRozXD1sPR7XX5T5i3B9KJ74hSCWAXRuuDzMLFaSg_k6g1PPJ56sW8BukfmLf_SMC0-pL2GAhXmgkel-cU&id=ampim&o=315,900&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1006&mtos=0,0,1006,1006,1006&tos=0,0,1006,0,0&tfs=69&tls=1075&g=100&h=100&tt=1075&r=v&avms=ampa&adk=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4024 0
20 B 47ms
41ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BtG5LbXS-YMvCK4fx3wOHh5uIBAAAAAA4AeAEAg&bg=!8fKl8rbNAAY6sG-_OrA7ACkAdvg8WpvaGoiO-p4efRKuY3su-W7qlE1wezqxAVilzum3saYb8_017QIAAADFUgAAAAxoAQeZAw1Eeh-GQ4zNg_sNGocTox2W78ny5zky3jjMaaEAUt7EYxkB1O9HPICWRzrra3a-NzPVLZwSgg3IYTNz0KfZK9D-k6yJ1fCPtxpYPHQ_50N3u-jAwbWOM6VJw7jziHVtKyrnA_QAYp489_9oVV5XgWaUGRtffjXiUwqRDAGEoETamU0qqhFc3DPdHLr3AYxLhJ5KRPkkSTeJFSEoXJKuZX19tsuRWIkdr1Jshs92O677too_6tDKZ0h0rIyAzJMqkx75DyTNVGLYkIsORhpJQTub-4rxIdH6jrcSDb0CcJWeZV8PVlKsYBxY2eaVMLLdtGHJKnz9pca43ZosPKBCo7T1Duyq2FUq7l-DU67RqKG6O9nbqe8yVobgel7wxr8ZphJlY3V-UtztKiWEcXmr9RK_Kk1GitKNipW7Yg_pA_Ht3nbKGWZnxCQeZ_mb2mDQ8b6ZldtUj5sZtN_Yn1sD329LDLWNAsZvAPu83oC7e5jXmd1WmVgUbAHoRxq4YClcqkufSSLLF_1fI9kdVYf9GvE2NIPFWRb2wHEBHBIvjJaUTUBMsJDt16d2WeHDanVuQvSCVtYCj4v5tYllly7lwRBsHbZDuaCAwbZqcOuEFIjJfk-DmWVQcctFkTEqC5WPwzfXs2bRpHZu-6lz8-Yu7cmq8qDgoUZpT14viL8TBBIinyTySvn1NbqA8X1TBVwm-usMBhr2enuF98w9quBgSy304Xmsiov_Rs6zxNoF0OW1bojYd8oxIDHeloX3sTN41c_3bZQ3OwWDOEHm3KmD5at6e389xUUZCFf-1MiTQLBw_DE6kQ732v3roBE_5Jd4L038g5XS-tFukJdIrds79jL8fq6B9KAdUN_zo74mZjANoHs2mtj2lzIEzgjK7wY9P94tD3itQw3Kh_ccyWdHy8TDMj9SLyl5He-hzOokcSYgCO-MXS8t-10Mk-mNlX-X-1P1JHEfFU9LgR2WfG5I4QtoKlPHdLhLxbSCX-2rY5cRIxuuZly1gsf0a_sbsPwXyXbEXehkqkdQdGjh4hFS

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIi6284KGG8QIVh_h3Ch2HwwZBEAAYACDgz-hG;met=1;&timestamp=1623094392013;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 6B70 42 B
498 B 118ms
60ms Image
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIi6284KGG8QIVh_h3Ch2HwwZBEAAYACDgz-hG;met=1;&timestamp=1623094392013;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Jun 2021 19:33:12 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.mksa.top/	1970-01-19 18:53:00	Name: _gid Value: GA1.2.889128395.1623094380
.mksa.top/	1970-01-19 18:51:34	Name: _gat_gtag_UA_193456449_1 Value: 1
.mksa.top/	1970-01-20 12:22:46	Name: _ga Value: GA1.2.117819993.1623094380

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	info	URL: https://cdn.ampproject.org/rtv/012105242203000/amp4ads-v0.mjs(Line 17) Message: Powered by AMP ⚡ HTML – Version 2105242203000 https://sci-hub.mksa.top/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9441e74ec4f175ccd4bbfa929274a5ee.safeframe.googlesyndication.com
ad.doubleclick.net
ade.googlesyndication.com
an.yandex.ru
cdn-ssl-as.nxtck.com
cdn.ampproject.org
cm.g.doubleclick.net
counter.yadro.ru
dmg.digitaltarget.ru
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
img.sci-hub.shop
kitbit.net
nxtck.com
optinder.com
p1.ntvk1.ru
pagead2.googlesyndication.com
s0.2mdn.net
sci-hub.mksa.top
securepubads.g.doubleclick.net
share.pluso.ru
stats.g.doubleclick.net
sync.bumlam.com
sync3.adsniper.ru
sync3.sniperlog.ru
tag.digitaltarget.ru
tpc.googlesyndication.com
ut9.rktch.com
vk.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
img.sci-hub.shop
130.211.47.109
142.250.181.226
142.250.184.194
142.250.186.38
172.217.16.130
172.217.23.98
185.15.175.130
185.15.175.145
185.33.221.91
2.18.234.21
2606:4700:3031::ac43:d9f7
2606:4700:3034::6815:9e6
2606:4700:3036::6815:15dc
2a00:1450:4001:800::2002
2a00:1450:4001:802::200a
2a00:1450:4001:803::2001
2a00:1450:4001:809::2001
2a00:1450:4001:809::2004
2a00:1450:4001:810::2008
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a00:1450:4001:831::200e
2a00:1450:400c:c04::9a
2a02:6b8::90
2a02:6ea0:c700::11
31.131.252.91
31.131.252.94
31.172.81.158
31.172.81.159
34.107.167.126
87.240.190.72
88.212.201.198
89.108.97.2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc00d50da7cf940f1f5efe332ee8c22d5896775aa6da2cd0abb4cd94b3b13ca
0d8f419d015fbb80be3898d6f979623736aef4d4e41109907ce3af0170dcd6e9
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12993a139a46e15abb56308ef8656d80812fb748dfa88116ee6e20ad3494ae98
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1e53b8865f7f1e34e44d14f6ff8789dd7f421e7d3c69e48dab33188ff4d99f4e
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
265fca0370d62e5d69a8097b9eb0de89cdbb224ac90fbfda545b5396b69055e6
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
3b90f60459b17f2ddf447768e249c21c662e70bde6148deff13643982f93f9a6
40e3c69523b089d3b6ab2d730e6104565b7c2785ec047d2557744c7b02b31415
41b805ea7ac014e23556e98bb374702a08344268f92489a02f0880849394a1e4
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
57689e9763cb7802fb1e6e1b1e65426c7a50d703870e0cde5fa062889a152c49
5920c7fd52c5ba4ced039fab3123a567c3e5e81a537477d3ee8f9decbd61714f
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5a0da3f86d0505c67db1fb2287ce92548014d4ba7969eb76b7f716a5d5009e8f
5cf6ca1b6af2b8e2afac175a1ef8c85056c60c39f00f2878e95daed3eac2a74d
5df21470ca181eb2ebebc6ab3359e6cb75aad8fc05d6703fcb776f192f4f4c58
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6aaf3994734deba273c3f7847209a96e6eca87e24e44779068d298c1fadd0105
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41
77dd7a6ab6c5b70535f944b314aefb2139419836cfcac9d57f765fc7c123b82c
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7c078e5032ba5da0fdf4e333ac30ad283aaa9de5d935e716c6fd7e1b5d4e9d2e
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
83048dcaa947f41bdd4f947cb600838714aa598f230e16bad6778c43aed33c30
835b8e7fce8c7030ab18fe28277589c21b062b5b6e6301939cb1e62b1af3f151
84b5229d1afc0962f11d27c8875317a0d92da419a5e6e2cf0ad02934e6f943ab
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
967ded0d130284e1ff29e436c09b00353a665be569ba07b4b3895cf67a3189a8
97efb4752ce4e004e2f5d54cd87563ae66f0447174107a16b7dbc5f50a5f4e45
9d6c3c47d1614cd7bd64ca68a0304a857879412be4481fc4ec60dd214feca601
9de4196056e2ffb92e9e6eb78502d3ed77f71a1e8045434a907251ff0b998357
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0ce300b98d5bd957affdb6a30b056e45086e39dbdbcf5465f8dbe304856c394
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
aa9c1b8fdebe6aa9db43da76c6b1a562481ba321e8bbdc4f67371baa475fdbf5
ac314189eb7ac87f76022b74b64dfa1e624be891f988c207a858e697c4a3dc77
acde19dd39fd4b3b76819f21d622af86dcdf0cb00967a337a01005e8316ccb1f
afd6daac8fa7cd3b9ff50868ebc40cea300572b9317e12e7ee3795f2e79984e9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27448586230892718ca9e169e8308862d9d5cb0e26db4c82699b09f5ca3c80c
b8de063d7075aa9a9a68120f3eb37178e85777138d4154903a2d4b187b4a893d
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bdd4003804f6ce8052531178f70d642ad8fdc912033665ecc0b38163acd16b9a
bf56d0c6b86f69d3f6dfb156399577c16da981c390a16d26c7752ed85bc38ac4
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c103e9952d8205b6a9c4f3ec2a32e30ade8bf51bf63fc3bcb32c7328b4a9c9a6
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c7f4f93217fb8c682d32f4b351af1eb828f1f882251264a66c14216325ebd5e2
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
ccb150b1878d5aa777543222f9e47636d4258687e3dd57e625988f09a96bda64
ccf2e98a4e6f8486b7fbd95093b1240ece3cbe81ed2b2f2586d7a1231242c832
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0b6d42ec0a4e5b30e5c24a17566d60aa1c222b642d34f39a45bdf40db45e818
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb0494d7aec080c10027429772636a99672a882d4af5a659103881e4fad974a4
ed278a9d54dfbc20ad0290a87a8df475efee8bce2e04c40dbac18b8ef2118b26
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f017fef39ea0471bbe4f0d4e1a98729c07a73a2daf2cd394f97fcc708cd850ff
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

113 Requests

96 %HTTPS

50 %IPv6

27 Domains

37 Subdomains

34 IPs

5 Countries

1328 kBTransfer

2785 kBSize

3 Cookies

4 Outgoing links

Page URL History

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3031::ac43:d9f7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

96 %
HTTPS

50 %
IPv6

27
Domains

37
Subdomains

34
IPs

5
Countries

1328 kB
Transfer

2785 kB
Size

3
Cookies

113 HTTP transactions
2 data transactions