activations-windows.ru Open in urlscan Pro
81.177.135.182 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://activations-windows.ru/
Submission Tags: @phishunt_io
Submission: On November 14 via api (November 14th 2020, 7:09:01 pm UTC) from ES

Summary HTTP 59 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 59 HTTP transactions. The main IP is 81.177.135.182, located in Moscow, Russian Federation and belongs to RTCOMM-AS, RU. The main domain is activations-windows.ru.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 14th 2020. Valid for: 3 months.

This is the only time activations-windows.ru was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
30	81.177.135.182 81.177.135.182	8342 (RTCOMM-AS) (RTCOMM-AS)
5	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
9	95.163.114.204 95.163.114.204	12695 (DINET-AS) (DINET-AS)
2 3	88.212.201.216 88.212.201.216	39134 (UNITEDNET) (UNITEDNET)
1	2a00:1450:400... 2a00:1450:4001:800::200d	15169 (GOOGLE) (GOOGLE)
3 8	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
4	5.9.154.76 5.9.154.76	24940 (HETZNER-AS) (HETZNER-AS)
1	78.24.221.88 78.24.221.88	29182 (THEFIRST-AS) (THEFIRST-AS)
1 1	104.111.216.213 104.111.216.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	104.111.245.23 104.111.245.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	92.122.105.52 92.122.105.52	16625 (AKAMAI-AS) (AKAMAI-AS)
2	148.251.41.166 148.251.41.166	24940 (HETZNER-AS) (HETZNER-AS)
59	10

30 81.177.135.182 (Moscow, Russian Federation)

ASN8342 (RTCOMM-AS, RU)

activations-windows.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 95.163.114.204 (Russian Federation)

ASN12695 (DINET-AS, RU)

w.uptolike.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.212.201.216 (Russian Federation) 2 redirects

ASN39134 (UNITEDNET, RU)
PTR: host216.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 5.9.154.76 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.76.154.9.5.clients.your-server.de

sonar.semantiqo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 78.24.221.88 (Russian Federation)

ASN29182 (THEFIRST-AS, RU)
PTR: belesta15.ru

utl-utils.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.216.213 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-213.deploy.static.akamaitechnologies.com

s.click.aliexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.23 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-23.deploy.static.akamaitechnologies.com

sale.aliexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.122.105.52 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-105-52.deploy.static.akamaitechnologies.com

campaign.aliexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 148.251.41.166 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.166.41.251.148.clients.your-server.de

cdn3.caltat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	activations-windows.ru activations-windows.ru	353 KB
9	uptolike.com w.uptolike.com	72 KB
6	yandex.ru 2 redirects mc.yandex.ru	42 KB
6	google.com apis.google.com accounts.google.com	103 KB
4	semantiqo.com sonar.semantiqo.com	22 KB
3	aliexpress.com 2 redirects s.click.aliexpress.com sale.aliexpress.com campaign.aliexpress.com	3 KB
3	yadro.ru 2 redirects counter.yadro.ru	1 KB
2	caltat.com cdn3.caltat.com	545 B
2	yandex.com 1 redirects mc.yandex.com	585 B
1	utl-utils.ru utl-utils.ru	10 KB
59	10

	Domain	Requested by
30	activations-windows.ru	activations-windows.ru
9	w.uptolike.com	activations-windows.ru w.uptolike.com
6	mc.yandex.ru	2 redirects w.uptolike.com mc.yandex.ru
5	apis.google.com	activations-windows.ru apis.google.com
4	sonar.semantiqo.com	w.uptolike.com sonar.semantiqo.com
3	counter.yadro.ru	2 redirects activations-windows.ru
2	cdn3.caltat.com	sonar.semantiqo.com
2	mc.yandex.com	1 redirects
1	campaign.aliexpress.com	utl-utils.ru
1	sale.aliexpress.com	1 redirects
1	s.click.aliexpress.com	1 redirects
1	utl-utils.ru	w.uptolike.com
1	accounts.google.com	apis.google.com
59	13

This site contains links to these domains. Also see Links.

Domain
easytourism.info
www.liveinternet.ru
uptolike.ru
promopult.ru

Subject Issuer	Validity	Valid
activations-windows.ru Let's Encrypt Authority X3	`2020-11-14` - `2021-02-12`	3 months	crt.sh
*.apis.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
uptolike.com Let's Encrypt Authority X3	`2020-08-29` - `2020-11-27`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
counter.yadro.ru Let's Encrypt Authority X3	`2020-10-29` - `2021-01-27`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2020-09-29` - `2021-03-11`	5 months	crt.sh
sonar.semantiqo.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-12` - `2021-11-11`	2 years	crt.sh
utl-utils.ru Let's Encrypt Authority X3	`2020-09-22` - `2020-12-21`	3 months	crt.sh
ru.aliexpress.com DigiCert Secure Site ECC CA-1	`2020-06-09` - `2021-06-21`	a year	crt.sh
cdn3.caltat.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-12` - `2021-11-11`	2 years	crt.sh

This page contains 8 frames:

Primary Page: https://activations-windows.ru/
Frame ID: D58966581D10ECF644EBCC3A143972AD
Requests: 52 HTTP requests in this frame

Frame: https://apis.google.com/_/widget/render/comments?usegapi=1&href=https%3A%2F%2Factivations-windows.ru%2F&width=580&first_party_property=BLOGGER&view_type=FILTERED_POSTMOD&origin=https%3A%2F%2Factivations-windows.ru&search=&hash=&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__
Frame ID: 46CE9369FFA0A1F73E867EDE89FB9E42
Requests: 1 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Factivations-windows.ru&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__
Frame ID: 22E1BF57D4555832F0F6E0A10874A645
Requests: 1 HTTP requests in this frame

Frame: https://w.uptolike.com/widgets/v1/share-counter.html?110d1c9f2486cfe91a5e43ca6a2a8120
Frame ID: FAD2DFE8213841518C521969FA50A64F
Requests: 1 HTTP requests in this frame

Frame: https://w.uptolike.com/widgets/v1/impression.html?110d1c9f2486cfe91a5e43ca6a2a8120
Frame ID: C7DD557F5AB3229286C44600E1A8E229
Requests: 1 HTTP requests in this frame

Frame: https://campaign.aliexpress.com/wow/gf/upr-node?wh_pid=SUPER_VALUE_DEALS&wh_weex=true&preDownLoad=true&preInitInstance=rax&_immersiveMode=true&wx_navbar_hidden=true&wx_navbar_transparent=true&wx_statusbar_hidden=true&ignoreNavigationBar=true&aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e743f4c7bff2fc
Frame ID: B2A4E0C1AD7D7D1A3F0EF606A4B90DA3
Requests: 1 HTTP requests in this frame

Frame: https://w.uptolike.com/widgets/v1/zp/support.html
Frame ID: 4988E37A30E8724F74B46BE16B2DBE3D
Requests: 1 HTTP requests in this frame

Frame: https://sonar.semantiqo.com/i/
Frame ID: F221C5EFCE69AB7E68AD13542D9EE521
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
script /\/wp-(?:content|includes)\//i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /mc\.yandex\.ru\/metrika\/watch\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

59
Requests

100 %
HTTPS

25 %
IPv6

10
Domains

13
Subdomains

10
IPs

4
Countries

602 kB
Transfer

1210 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://easytourism.info/load3.php?a1=http://activations-windows.ru/download/179/&b1=Re-Loader-by-r@1n.zip

Search URL Search Domain Scan URL

URL: https://easytourism.info/load3.php?a1=http://activations-windows.ru/download/86/&b1=mstoolkit-2-6-5-stable.zip

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: http://uptolike.ru/?ref=widgets_popup&lng=
Title: Uptolike

Search URL Search Domain Scan URL

URL: http://uptolike.ru/?ref=widgets_popup&lng=ru

Search URL Search Domain Scan URL

URL: https://promopult.ru/ref/9c0d1fe44f8f79c7

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://counter.yadro.ru/hit?t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352 HTTP 302
https://counter.yadro.ru/hit?q;t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352

Request Chain 47

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A261%3Acn%3A2%3Adp%3A0%3Als%3A0%3Ahid%3A1026192649%3Az%3A60%3Ai%3A20201114200846%3Aet%3A1605380926%3Ac%3A1%3Arn%3A879010592%3Arqn%3A1%3Au%3A1605380926105495343%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1605380923437%3Ads%3A155%2C1181%2C233%2C1%2C0%2C0%2C%2C329%2C27%2C2248%2C2249%2C0%2C1902%3Adsn%3A154%2C1182%2C232%2C1%2C0%2C0%2C%2C332%2C27%2C2248%2C2249%2C0%2C1902%3Ati%3A1%3Ast%3A1605380926 HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A261%3Acn%3A2%3Adp%3A0%3Als%3A0%3Ahid%3A1026192649%3Az%3A60%3Ai%3A20201114200846%3Aet%3A1605380926%3Ac%3A1%3Arn%3A879010592%3Arqn%3A1%3Au%3A1605380926105495343%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1605380923437%3Ads%3A155%2C1181%2C233%2C1%2C0%2C0%2C%2C329%2C27%2C2248%2C2249%2C0%2C1902%3Adsn%3A154%2C1182%2C232%2C1%2C0%2C0%2C%2C332%2C27%2C2248%2C2249%2C0%2C1902%3Ati%3A1%3Ast%3A1605380926

Request Chain 49

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9092.9I34Uz6ADb_fTmotYdCl6NLcU_ASQ-WFxTWkGVmRqD-8g-m6Uyr0vw2qQmSnAk9B.mWXEwCJ1-SpP1vk6lVN9lMRqYuk%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9092.7ex3f-KWj1jr-HB3nsbkBHDpGMNJPRoC7ehxk9_Vu4GRQr4m9VGfxAJUT8YQLWUIvNBQn8piI75uzU0fxbmmjwwOLZRzzAzejF5Y8cmguRk%2C.0yuEtPWEH8SRZF71NPb3gepCIfk%2C

Request Chain 50

https://s.click.aliexpress.com/e/_9AfyRN HTTP 302
https://sale.aliexpress.com/supervaluedeal.htm?aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e743f4c7bff2fc HTTP 302
https://campaign.aliexpress.com/wow/gf/upr-node?wh_pid=SUPER_VALUE_DEALS&wh_weex=true&preDownLoad=true&preInitInstance=rax&_immersiveMode=true&wx_navbar_hidden=true&wx_navbar_transparent=true&wx_statusbar_hidden=true&ignoreNavigationBar=true&aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e743f4c7bff2fc

Request Chain 57

https://counter.yadro.ru/id127/reff-id.gif?sid=cb32f70452b5400fac59ffbe8e02f0dc HTTP 302
https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=cb32f70452b5400fac59ffbe8e02f0dc

59 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
activations-windows.ru/ 26 KB
7 KB 1569ms
233ms Document
text/html 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 21a5e85f760307a292b0a2f91ea83b4f035cabec57b324c3d0691c82c273dc03

Request headers

:method: GET
:authority: activations-windows.ru
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 14 Nov 2020 19:08:44 GMT
content-type: text/html; charset=UTF-8
content-length: 7275
server: Jino.ru/mod_pizza
x-pingback: https://activations-windows.ru/xmlrpc.php
link: <https://activations-windows.ru/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip

GET
H2 200 style.css
activations-windows.ru/wp-content/themes/windows24/ 51 KB
8 KB 94ms
91ms Stylesheet
text/css 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: fa0dd8e63481566c03225ec189b90855e0c28d8127e1a4c6bf5a046842c13453

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:41 GMT
server: Jino.ru/mod_pizza
etag: "72cdc0-cc1e-5aa974d8e1785"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 8177

GET
H2 200 polls-css.css
activations-windows.ru/wp-content/plugins/wp-polls/ 3 KB
920 B 94ms
92ms Stylesheet
text/css 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/wp-polls/polls-css.css?ver=2.69
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 4d956a758ca48121e4434c413596334c6b0f3cda0e622ada0d73c41d39eda526

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:24 GMT
server: Jino.ru/mod_pizza
etag: "72ccf0-a94-5aa974c91c139"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 723

GET
H2 200 frontend.css
activations-windows.ru/wp-content/plugins/download-monitor/assets/css/ 5 KB
1 KB 95ms
93ms Stylesheet
text/css 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/download-monitor/assets/css/frontend.css?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 425a00fc56a9a37e7bc309b400db941ca9bd5506dd560ad3c846c7f6913d7677

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:22:52 GMT
server: Jino.ru/mod_pizza
etag: "72d079-13e2-5aa9751cd797b"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1173

GET
H2 200 jquery.fancybox-1.3.7.min.css
activations-windows.ru/wp-content/plugins/easy-fancybox/fancybox/ 5 KB
1 KB 96ms
94ms Stylesheet
text/css 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/easy-fancybox/fancybox/jquery.fancybox-1.3.7.min.css?ver=1.5.7
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: b88d748af9fa6508e5c8a0b2de25d831e2fa8c653204f6b0c80a93fb345e20ef

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:53 GMT
server: Jino.ru/mod_pizza
etag: "72ce54-122e-5aa974e45041d"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1143

GET
H2 200 style.responsive.css
activations-windows.ru/wp-content/themes/windows24/ 4 KB
1 KB 152ms
150ms Stylesheet
text/css 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/style.responsive.css?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: aef8e7fe84d1dc4316cb2359c47c3a81053a22b996ea999f482f5595a5ba38cf

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:41 GMT
server: Jino.ru/mod_pizza
etag: "72cdc2-10a0-5aa974d8cfa5d"
vary: Accept-Encoding
content-type: text/css
status: 200
accept-ranges: bytes
content-length: 1000

GET
H2 200 jquery.js Show response
activations-windows.ru/wp-content/themes/windows24/ 90 KB
32 KB 156ms
155ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/jquery.js?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:40 GMT
server: Jino.ru/mod_pizza
etag: "72cdb0-169d5-5aa974d81ea4e"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 32775

GET
H2 200 jquery-migrate-1.1.1.js Show response
activations-windows.ru/wp-content/themes/windows24/ 16 KB
6 KB 211ms
210ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/jquery-migrate-1.1.1.js?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: fd23ab8ce969cdbc761e041f63d763e11a5864a5428e61d006042f5a49464334

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:40 GMT
server: Jino.ru/mod_pizza
etag: "72cdad-3f32-5aa974d7f8504"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 5630

GET
H2 200 script.js Show response
activations-windows.ru/wp-content/themes/windows24/ 35 KB
8 KB 212ms
211ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/script.js?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 3e025bc89d981eeffe13ae90cbae0d97c42ae415640ca5fd40f0bf58742f3e51

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:40 GMT
server: Jino.ru/mod_pizza
etag: "72cdb3-8dc6-5aa974d848647"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 8475

GET
H2 200 script.responsive.js Show response
activations-windows.ru/wp-content/themes/windows24/ 15 KB
3 KB 213ms
211ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/themes/windows24/script.responsive.js?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: bfd19de136ce5da2fd0fa7be611061cf47ba204a78e90492cc7e087b52459600

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:40 GMT
server: Jino.ru/mod_pizza
etag: "72cdb6-3c74-5aa974d84ad57"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 2806

GET
H2 200 Download-knopka8877.gif
activations-windows.ru/wp-content/plugins/download-monitor/templates/ 9 KB
9 KB 100ms
97ms Image
image/gif 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/plugins/download-monitor/templates/Download-knopka8877.gif
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 3a78b8df2d78dcc04c3af77920de5558054e35856dc6ec8aa36d11ea73109f7a

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:21:51 GMT
server: Jino.ru/mod_pizza
etag: "72ce3e-22c9-5aa974e280dfa"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 8905

GET
H2 200 reloader1-214x200.jpg
activations-windows.ru/wp-content/uploads/2016/03/ 13 KB
13 KB 102ms
99ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2016/03/reloader1-214x200.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 9ed7f591dd151baa3b4831fde7cd303b4be8754a0deb9209a487a60c25d3e47a

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:47 GMT
server: Jino.ru/mod_pizza
etag: "72d053-3335-5aa97517ec4d7"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 13109

GET
H2 200 reloader2-300x137.jpg
activations-windows.ru/wp-content/uploads/2016/03/ 11 KB
11 KB 104ms
101ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2016/03/reloader2-300x137.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 9b4dfdd3624776919e3a3bb3f8c8248f98e520f42cacfb817a71d5780820ab72

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:48 GMT
server: Jino.ru/mod_pizza
etag: "72d05b-2c88-5aa9751892136"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 11400

GET
H2 200 reloader.png
activations-windows.ru/wp-content/uploads/2015/07/ 19 KB
19 KB 104ms
101ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2015/07/reloader.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 2c319808f1b6e71fd0234fff4b67401a4b87fa46acbde51d5669d91447a885d6

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:38 GMT
server: Jino.ru/mod_pizza
etag: "72d009-4c6f-5aa9750f0bd1b"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 19567

GET
H2 200 mstoolkit1.jpg
activations-windows.ru/wp-content/uploads/2015/07/ 25 KB
25 KB 104ms
102ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2015/07/mstoolkit1.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 39bbe5203a96a2cd3d0f355e86c51e9be150398b05e2faad5377c4f211a44ef3

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:37 GMT
server: Jino.ru/mod_pizza
etag: "72d000-63a8-5aa9750e94ebe"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 25512

GET
H2 200 mstoolkit2.jpg
activations-windows.ru/wp-content/uploads/2015/07/ 32 KB
32 KB 104ms
102ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2015/07/mstoolkit2.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: de45c65312d8ff11be65dead0da5fe96c150a3a0e125c5455e86b813f4b5a4a3

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:38 GMT
server: Jino.ru/mod_pizza
etag: "72d004-7e8e-5aa9750ed7d10"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 32398

GET
H2 200 mstoolkit3.jpg
activations-windows.ru/wp-content/uploads/2015/07/ 43 KB
43 KB 104ms
102ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/uploads/2015/07/mstoolkit3.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 2552259fb77cf7805b8c5396e58de7f315871fedb7c9d75de89a8364a9598c5e

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:38 GMT
server: Jino.ru/mod_pizza
etag: "72d006-aaf2-5aa9750f08a52"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 43762

GET
H2 200 plusone.js Show response
apis.google.com/js/ 49 KB
19 KB 48ms
28ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: activations-windows.ru
URL: https://activations-windows.ru/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f83ec4847f74e502cf7cb88387326d770877897b977619c93327fc99b244bbd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9sS365HaT/ljWJvNjKuceg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
etag: "3e801f1b1d67e6ea720d7c6a799ff679"
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-9sS365HaT/ljWJvNjKuceg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Sat, 14 Nov 2020 19:08:45 GMT

GET
H2 200 loading.gif
activations-windows.ru/wp-content/plugins/wp-polls/images/ 771 B
934 B 105ms
103ms Image
image/gif 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/plugins/wp-polls/images/loading.gif
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:11 GMT
server: Jino.ru/mod_pizza
etag: "72cf0b-303-5aa974f53119d"
content-type: image/gif
status: 200
accept-ranges: bytes
content-length: 771

GET
H2 200 comment-reply.min.js Show response
activations-windows.ru/wp-includes/js/ 757 B
613 B 92ms
92ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-includes/js/comment-reply.min.js?ver=4.2.29
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:23:50 GMT
server: Jino.ru/mod_pizza
etag: "72d258-2f5-5aa97553b3307"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 406

GET
H2 200 polls-js.js Show response
activations-windows.ru/wp-content/plugins/wp-polls/ 3 KB
907 B 96ms
92ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/wp-polls/polls-js.js?ver=2.69
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 224546ee41f8aacc21cb2067284a16ce5fffd04bbf79a5e4fc04c810dfe6ce67

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:25 GMT
server: Jino.ru/mod_pizza
etag: "72ccf9-bb2-5aa974c97bc7d"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 700

GET
H2 200 jquery.fancybox-1.3.7.min.js Show response
activations-windows.ru/wp-content/plugins/easy-fancybox/fancybox/ 15 KB
5 KB 97ms
93ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/easy-fancybox/fancybox/jquery.fancybox-1.3.7.min.js?ver=1.5.7
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: d51c8fcb06d5172afd5862af631b29bee084df4340f88ecf29f6ab9aa4c5a7f4

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:53 GMT
server: Jino.ru/mod_pizza
etag: "72ce55-3d55-5aa974e462cfd"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 5400

GET
H2 200 jquery.easing.pack.js Show response
activations-windows.ru/wp-content/plugins/easy-fancybox/ 4 KB
1 KB 97ms
94ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/easy-fancybox/jquery.easing.pack.js?ver=1.3
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: dddf0e4a3bc4994e192c900bd37d74d19960b2bb73825e54c6d4c97f9ff3f078

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:17 GMT
server: Jino.ru/mod_pizza
etag: "72cc94-e41-5aa974c196853"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1013

GET
H2 200 jquery.mousewheel.min.js Show response
activations-windows.ru/wp-content/plugins/easy-fancybox/ 3 KB
1 KB 99ms
95ms Script
application/javascript 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://activations-windows.ru/wp-content/plugins/easy-fancybox/jquery.mousewheel.min.js?ver=3.1.12
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 1fdbb2180496fca532f43deaffec879f8ca6990258b38a469aed4120d6c0d2fe

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
content-encoding: gzip
last-modified: Thu, 16 Jul 2020 23:21:17 GMT
server: Jino.ru/mod_pizza
etag: "72cca0-ad9-5aa974c196c3b"
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes
content-length: 1254

GET
H2 200 windows-blue-background.jpg
activations-windows.ru/ 116 KB
116 KB 104ms
102ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/windows-blue-background.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 64da364a0a1290689aa2709e1d8c10aff6f72d8d172a5d8016c43a4c0f256252

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:20:35 GMT
server: Jino.ru/mod_pizza
etag: "72ca8b-1d01a-5aa97499cf11c"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 118810

GET
H2 200 header.jpg
activations-windows.ru/wp-content/themes/windows24/images/ 2 KB
2 KB 149ms
148ms Image
image/jpeg 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/header.jpg
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: f384514e16366260e30c35e5440a37191fa1f5d1361f858de67c62cb92bab88d

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:28 GMT
server: Jino.ru/mod_pizza
etag: "72cfb6-63e-5aa97505b8581"
content-type: image/jpeg
status: 200
accept-ranges: bytes
content-length: 1598

GET
H2 200 searchicon.png
activations-windows.ru/wp-content/themes/windows24/images/ 368 B
531 B 151ms
151ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/searchicon.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 54e23835247d73e43e94217012271fbc1167ca100db024cebac3f0a57322abe2

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:28 GMT
server: Jino.ru/mod_pizza
etag: "72cfbf-170-5aa975062867e"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 368

GET
H2 200 vmenublockheadericon.png
activations-windows.ru/wp-content/themes/windows24/images/ 518 B
681 B 151ms
151ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/vmenublockheadericon.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 43d3dc8908f00cd7cc6bb65903e7dcfefaa402b194aa35b1e1c2e821f555af4b

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:29 GMT
server: Jino.ru/mod_pizza
etag: "72cfc5-206-5aa975066f739"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 518

GET
H2 200 vmenuitemicon.png
activations-windows.ru/wp-content/themes/windows24/images/ 164 B
326 B 154ms
154ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/vmenuitemicon.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 8acb1b8c8aefd8b0917d652635404c4b3905868490616c058f2976421bf85d6a

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:29 GMT
server: Jino.ru/mod_pizza
etag: "72cfc7-a4-5aa9750674559"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 164

GET
H2 200 postbullets.png
activations-windows.ru/wp-content/themes/windows24/images/ 242 B
404 B 157ms
156ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/postbullets.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 216a22d88056e1fec47aa1a61ebd3059a0e54684943ee6ed1544655a78244fa3

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:28 GMT
server: Jino.ru/mod_pizza
etag: "72cfb9-f2-5aa97505e5c13"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 242

GET
H/1.1 200
OK uptolike.js Show response
w.uptolike.com/widgets/v1/ 21 KB
9 KB 309ms
131ms Script
application/javascript 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/uptolike.js
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: c23f13dc75521d634c0f19c8566969275e9e56cd3de9bb6652e38923d4ac99d2

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 14 Nov 2020 19:08:45 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Cache-Control: max-age=1800
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Expires: Sat, 14 Nov 2020 19:38:45 GMT

GET
H3-Q050 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/ 138 KB
49 KB 35ms
20ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e534be2c89e1f740aa5e337494a1c35fa2de8fa8d4d8e4748f403c167e83141

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 09 Nov 2020 22:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 420823
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49481
x-xss-protection: 0
last-modified: Fri, 23 Oct 2020 17:38:50 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Nov 2021 22:15:02 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352
https://counter.yadro.ru/hit?q;t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352

132 B
586 B

66ms
66ms

Image
image/gif

88.212.201.216
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352

Requested by

Host: activations-windows.ru
URL: https://activations-windows.ru/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

88.212.201.216 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host216.rax.ru

Software

nginx/1.17.9 /

Resource Hash

28189aac6589c2ef067cb62642a1f56778434bbb67a33c797b0267a905b40869

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Nov 2020 19:08:45 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 132
Expires: Thu, 14 Nov 2019 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 14 Nov 2020 19:08:45 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit?q;t44.17;r;s1600*1200*24;uhttps%3A//activations-windows.ru/;0.5310990294385352
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Thu, 14 Nov 2019 21:00:00 GMT

GET
H2 200 blockheadericon.png
activations-windows.ru/wp-content/themes/windows24/images/ 518 B
680 B 95ms
95ms Image
image/png 81.177.135.182
RTCOMM-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://activations-windows.ru/wp-content/themes/windows24/images/blockheadericon.png
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/wp-content/themes/windows24/style.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 81.177.135.182 Moscow, Russian Federation, ASN8342 (RTCOMM-AS, RU),
Reverse DNS
Software: Jino.ru/mod_pizza /
Resource Hash: 43d3dc8908f00cd7cc6bb65903e7dcfefaa402b194aa35b1e1c2e821f555af4b

Request headers

Referer: https://activations-windows.ru/wp-content/themes/windows24/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:45 GMT
last-modified: Thu, 16 Jul 2020 23:22:28 GMT
server: Jino.ru/mod_pizza
etag: "72cfb3-206-5aa97505a1e20"
content-type: image/png
status: 200
accept-ranges: bytes
content-length: 518

GET
H3-Q050 200 cb=gapi.loaded_1 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=comments/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/ 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=comments/exm=plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/cb=gapi.loaded_1

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3e6aba6910d36f46d1c3ea8c83478f854b9cfeba039e480d472ded94eb4d2ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 12 Nov 2020 09:17:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208293
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5852
x-xss-protection: 0
last-modified: Fri, 23 Oct 2020 17:38:50 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 09:17:12 GMT

GET
H3-Q050 200 cb=gapi.loaded_2 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=auth/exm=comments,plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/ 85 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=auth/exm=comments,plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/cb=gapi.loaded_2

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34e65b26e2be59ed7741fb3b38ae5bc9ea8a240528295d9504b6c7346a6d0158

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 10 Nov 2020 02:16:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 406361
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29935
x-xss-protection: 0
last-modified: Fri, 23 Oct 2020 17:38:50 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Nov 2021 02:16:04 GMT

GET
H3-Q050 404 comments
apis.google.com/_/widget/render/ Frame 46CE 0
0 22ms
22ms Document
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/widget/render/comments?usegapi=1&href=https%3A%2F%2Factivations-windows.ru%2F&width=580&first_party_property=BLOGGER&view_type=FILTERED_POSTMOD&origin=https%3A%2F%2Factivations-windows.ru&search=&hash=&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Ja6WESv19fKCGlV34iIV0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: apis.google.com
:scheme: https
:path: /_/widget/render/comments?usegapi=1&href=https%3A%2F%2Factivations-windows.ru%2F&width=580&first_party_property=BLOGGER&view_type=FILTERED_POSTMOD&origin=https%3A%2F%2Factivations-windows.ru&search=&hash=&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://activations-windows.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=m5-f3LLh6nazmvibAe7Z2veyTBkAHapcHYHuB2qLjtc_16pfarVJeWzzIs4ViS7698b5JUGlirsWgtgSIwUDvhNFIGoOGF9jV_nHOor92MZsMpdgaHhY29DACQb2UZn9PE15skKT-B-lyFi_gY4Rn7ztXradE9QZcgeWM4oMZy0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

status: 404
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Nov 2020 19:08:45 GMT
content-security-policy: script-src 'report-sample' 'nonce-Ja6WESv19fKCGlV34iIV0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 postmessageRelay
accounts.google.com/o/oauth2/ Frame 22E1 0
0 36ms
16ms Document
text/html 2a00:1450:4001:800::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Factivations-windows.ru&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.0_afc8ibZR4.O/m=auth/exm=comments,plusone/rt=j/sv=1/d=1/ed=1/am=wQE/rs=AGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew/cb=gapi.loaded_2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-or3UGcoWq+wNLFICOLAqHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/postmessageRelay?parent=https%3A%2F%2Factivations-windows.ru&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_US.0_afc8ibZR4.O%2Fam%3DwQE%2Fd%3D1%2Fct%3Dzgms%2Frs%3DAGLTcCOPV8Bttuu5r6907bIMhw8f2tfAew%2Fm%3D__features__
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://activations-windows.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=204=m5-f3LLh6nazmvibAe7Z2veyTBkAHapcHYHuB2qLjtc_16pfarVJeWzzIs4ViS7698b5JUGlirsWgtgSIwUDvhNFIGoOGF9jV_nHOor92MZsMpdgaHhY29DACQb2UZn9PE15skKT-B-lyFi_gY4Rn7ztXradE9QZcgeWM4oMZy0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

status: 200
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 14 Nov 2020 19:08:45 GMT
content-security-policy: script-src 'report-sample' 'nonce-or3UGcoWq+wNLFICOLAqHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK version.js Show response
w.uptolike.com/widgets/v1/ 70 B
844 B 102ms
102ms Script
application/javascript 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/version.js?cb=cb__utl_cb_share_1605380925580484
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/uptolike.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: adfd5eb18ddeefd7c639672bc12688cb44e5309bf9b1ac4544975105dfd5cdb4

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Nov 2020 19:08:45 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Access-Control-Allow-Origin: *
Cache-Control: no-cache,no-store,max-age=0,must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Expires: Mon, 21 Sep 2020 09:24:23 GMT

GET
H/1.1 200
OK widgetsModule.js Show response
w.uptolike.com/widgets/v1/ 172 KB
42 KB 104ms
104ms Script
application/javascript 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/uptolike.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 624108d126aaea46f83bb807588d0fd9a1ad3ce8b237577f70cd5ee6232cbfb4

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 14 Nov 2020 19:08:45 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=1800
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 14 Nov 2020 19:38:45 GMT

GET
H/1.1 200
OK share-counter.html
w.uptolike.com/widgets/v1/ Frame FAD2 0
0 88ms
87ms Document
text/html 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/share-counter.html?110d1c9f2486cfe91a5e43ca6a2a8120
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Host: w.uptolike.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://activations-windows.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: utl_id2=18565330209; utl_dat="CNLQo8HcLhAAINKh7sncLijSoe7J3C4wAKW32deXteSqo8WbkeEfC3I="
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

Server: nginx
Date: Sat, 14 Nov 2020 19:08:45 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=1800
Expires: Sat, 14 Nov 2020 19:38:45 GMT
Content-Encoding: gzip

GET
H/1.1 200
OK impression.html
w.uptolike.com/widgets/v1/ Frame C7DD 0
0 184ms
97ms Document
text/html 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/impression.html?110d1c9f2486cfe91a5e43ca6a2a8120
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Host: w.uptolike.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://activations-windows.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: utl_id2=18565330209; utl_dat="CNLQo8HcLhAAINKh7sncLijSoe7J3C4wAKW32deXteSqo8WbkeEfC3I="
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

Server: nginx
Date: Sat, 14 Nov 2020 19:08:46 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=1800
Expires: Sat, 14 Nov 2020 19:38:46 GMT
Content-Encoding: gzip

GET
H/1.1 200
OK icomoon.woff
w.uptolike.com/static/buttons/fonts/ 9 KB
9 KB 217ms
71ms Font
application/font-woff 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/static/buttons/fonts/icomoon.woff?qq11232333=1232131231321
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 3f72dc1fd03fba15c9200144bf1df7286ad1e2560b50a5ecc12e68c9c1e36f29

Request headers

Origin: https://activations-windows.ru
Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 14 Nov 2020 19:08:46 GMT
Last-Modified: Wed, 16 Aug 2017 14:30:13 GMT
Server: nginx
ETag: "599456f5-23b8"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9144
Expires: Sat, 14 Nov 2020 19:16:57 GMT

GET
H/1.1 200
OK extra.js Show response
w.uptolike.com/widgets/v1/ 4 KB
3 KB 98ms
97ms Script
application/javascript 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/extra.js?rnd=0.8634555543594045
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 6718369e603107c60bbcffe3bcae1e32eb955a0e6c62eec1e07e6df216272434

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Nov 2020 19:08:46 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Access-Control-Allow-Origin: *
Cache-Control: no-cache,no-store,max-age=0,must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/javascript;charset=utf-8
Expires: Mon, 21 Sep 2020 09:24:23 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 115 KB
40 KB 138ms
48ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

0979a0089b9ed9d210f521896c7cc7bb0da9b5392ae812ec0c6e111eeb2e0036

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:46 GMT
content-encoding: br
last-modified: Fri, 13 Nov 2020 17:28:12 GMT
status: 200
etag: "5fad63f9-9f80"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 40832
expires: Sat, 14 Nov 2020 20:08:46 GMT

GET
H/1.1 200
OK icomoon.woff
w.uptolike.com/static/buttons/fonts/ 9 KB
9 KB 78ms
78ms Font
application/font-woff 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/static/buttons/fonts/icomoon.woff?qq11232333=1232131231321
Requested by: Host: activations-windows.ru
URL: https://activations-windows.ru/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 3f72dc1fd03fba15c9200144bf1df7286ad1e2560b50a5ecc12e68c9c1e36f29

Request headers

Origin: https://activations-windows.ru
Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 14 Nov 2020 19:08:46 GMT
Last-Modified: Wed, 16 Aug 2017 14:30:13 GMT
Server: nginx
ETag: "599456f5-23b8"
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=1800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9144
Expires: Sat, 14 Nov 2020 19:16:57 GMT

GET
H2 200 checking.js Show response
sonar.semantiqo.com/c82up/ 21 KB
21 KB 92ms
31ms Script
application/javascript 5.9.154.76
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sonar.semantiqo.com/c82up/checking.js

Requested by

Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/extra.js?rnd=0.8634555543594045

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

5.9.154.76 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.76.154.9.5.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

1a8f940eb4daad51ed3d1d9a1ba98b6ff0376e3027b8b0afebfbc1b83da604eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:46 GMT
mode: no-cors
last-modified: Tue, 15 Sep 2020 09:13:06 GMT
server: nginx/1.16.1
status: 200
etag: "5f6085a2-5332"
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, x-compress, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
content-length: 21298

GET
H/1.1 200
OK / Show response
utl-utils.ru/check/ 26 KB
10 KB 215ms
102ms Script
application/javascript 78.24.221.88
THEFIRST-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://utl-utils.ru/check/

Requested by

Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/extra.js?rnd=0.8634555543594045

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

78.24.221.88 , Russian Federation, ASN29182 (THEFIRST-AS, RU),

Reverse DNS

belesta15.ru

Software

nginx/1.13.12 /

Resource Hash

79bf41524db99973d4c1526d960110870a412a6c20f4d770706df840648ed633

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 14 Nov 2020 19:08:46 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Saturday, 14-Nov-2020 19:08:46 GMT
Server: nginx/1.13.12
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-...

35 B
116 B

53ms
53ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A261%3Acn%3A2%3Adp%3A0%3Als%3A0%3Ahid%3A1026192649%3Az%3A60%3Ai%3A20201114200846%3Aet%3A1605380926%3Ac%3A1%3Arn%3A879010592%3Arqn%3A1%3Au%3A1605380926105495343%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1605380923437%3Ads%3A155%2C1181%2C233%2C1%2C0%2C0%2C%2C329%2C27%2C2248%2C2249%2C0%2C1902%3Adsn%3A154%2C1182%2C232%2C1%2C0%2C0%2C%2C332%2C27%2C2248%2C2249%2C0%2C1902%3Ati%3A1%3Ast%3A1605380926

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Nov 2020 19:08:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 14-Nov-2020 19:08:46 GMT
status: 200
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://activations-windows.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 35
x-xss-protection: 1; mode=block
expires: Sat, 14-Nov-2020 19:08:46 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Nov 2020 19:08:46 GMT
last-modified: Sat, 14-Nov-2020 19:08:46 GMT
status: 302
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A261%3Acn%3A2%3Adp%3A0%3Als%3A0%3Ahid%3A1026192649%3Az%3A60%3Ai%3A20201114200846%3Aet%3A1605380926%3Ac%3A1%3Arn%3A879010592%3Arqn%3A1%3Au%3A1605380926105495343%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1605380923437%3Ads%3A155%2C1181%2C233%2C1%2C0%2C0%2C%2C329%2C27%2C2248%2C2249%2C0%2C1902%3Adsn%3A154%2C1182%2C232%2C1%2C0%2C0%2C%2C332%2C27%2C2248%2C2249%2C0%2C1902%3Ati%3A1%3Ast%3A1605380926
access-control-allow-origin: https://activations-windows.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
content-length: 0
x-xss-protection: 1; mode=block
expires: Sat, 14-Nov-2020 19:08:46 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
112 B 48ms
48ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:46 GMT
last-modified: Fri, 13 Nov 2020 17:28:12 GMT
status: 200
etag: "5fad63f9-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Sat, 14 Nov 2020 20:08:46 GMT

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9092.9I34Uz6ADb_fTmotYdCl6NLcU_ASQ-WFxTWkGVmRqD-8g-m6Uyr0vw2qQmSnAk9B.mWXEwCJ1-SpP1vk6lVN9lMRqYuk%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9092.7ex3f-KWj1jr-HB3nsbkBHDpGMNJPRoC7ehxk9_Vu4GRQr4m9VGfxAJUT8YQLWUIvNBQn8piI75uzU0fxbmmjwwOLZRzzAzejF5Y8cmguRk%2C.0yuEtPWEH8SRZF71NPb3gepCIfk%2C

43 B
333 B

48ms
48ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9092.7ex3f-KWj1jr-HB3nsbkBHDpGMNJPRoC7ehxk9_Vu4GRQr4m9VGfxAJUT8YQLWUIvNBQn8piI75uzU0fxbmmjwwOLZRzzAzejF5Y8cmguRk%2C.0yuEtPWEH8SRZF71NPb3gepCIfk%2C

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 14 Nov 2020 19:08:46 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

status: 302
date: Sat, 14 Nov 2020 19:08:46 GMT
strict-transport-security: max-age=31536000
location: https://mc.yandex.com/sync_cookie_image_decide?token=9092.7ex3f-KWj1jr-HB3nsbkBHDpGMNJPRoC7ehxk9_Vu4GRQr4m9VGfxAJUT8YQLWUIvNBQn8piI75uzU0fxbmmjwwOLZRzzAzejF5Y8cmguRk%2C.0yuEtPWEH8SRZF71NPb3gepCIfk%2C
content-length: 0
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

upr-node
campaign.aliexpress.com/wow/gf/ Frame B2A4
Redirect Chain

https://s.click.aliexpress.com/e/_9AfyRN
https://sale.aliexpress.com/supervaluedeal.htm?aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e74...
https://campaign.aliexpress.com/wow/gf/upr-node?wh_pid=SUPER_VALUE_DEALS&wh_weex=true&preDownLoad=true&preInitInstance=rax&_immersiveMode=true&wx_navbar_hidden=true&wx_navbar_transparent=true&wx_st...

0
0

138ms
78ms

Document
text/html

92.122.105.52
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://campaign.aliexpress.com/wow/gf/upr-node?wh_pid=SUPER_VALUE_DEALS&wh_weex=true&preDownLoad=true&preInitInstance=rax&_immersiveMode=true&wx_navbar_hidden=true&wx_navbar_transparent=true&wx_statusbar_hidden=true&ignoreNavigationBar=true&aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e743f4c7bff2fc

Requested by

Host: utl-utils.ru
URL: https://utl-utils.ru/check/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

92.122.105.52 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-122-105-52.deploy.static.akamaitechnologies.com

Software

Tengine/Aserver /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Host: campaign.aliexpress.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://activations-windows.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: acs_usuc_t=x_csrf=dr3z6los9aeg&acs_rt=58232bf756af45ada2e743f4c7bff2fc; aeu_cid=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN; xman_t=SkV3E01jNXF27tS21Np/xj9L7ThLd3zLr6AD4RXNrojMNyoqC8y39B99u16MIhxo; xman_f=O1TK4kLiG6B3MT4GOADd22TbQNWwbleuikAQVeNkjZ971d0GjtF/yjuDE9FK1g9cN2QiETvqelgafp3CAdXP+Qdykd5ie1CCdVEiNxV2LYLZADHEblRBEg==; af_ss_a=1; xman_us_f=x_locale=nl_NL&x_l=0&x_c_chg=1&x_as_i=%7B%22aeuCID%22%3A%2217e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN%22%2C%22affiliateKey%22%3A%22_9AfyRN%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%222827887190%22%2C%22tagtime%22%3A1605380926693%7D&acs_rt=58232bf756af45ada2e743f4c7bff2fc; aep_usuc_f=site=nld&c_tp=EUR&region=NL&b_locale=nl_NL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

Content-Type: text/html; charset=utf-8
x-server-id: 28c3d6b2523ca52cb704b8b5dcd97677cdf1af8d737d8d39e7b4be1716f567b8d91e0476f21ff9d0b719e75e1e0c6c27
x-air-hostname: air-ual011010018246.aliyun-vpc-de.de81
x-air-trace-id: 2100bdd716053807224146461ec009
x-beacon: off
x-parallel-accel: true
x-readtime: 47
x-air-source: proxy
x-xss-protection: 1; mode=block
Server: Tengine/Aserver
EagleEye-TraceId: 2100bdd716053807224146461ec009
Strict-Transport-Security: max-age=31536000
Timing-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 34285
Cache-Control: max-age=0, s-maxage=108
Date: Sat, 14 Nov 2020 19:08:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
Object-Status: ttl=108,age=107,gip=92.122.105.52

Redirect headers

status: 302
content-length: 0
p3p: CP="CAO PSA OUR"
location: https://campaign.aliexpress.com/wow/gf/upr-node?wh_pid=SUPER_VALUE_DEALS&wh_weex=true&preDownLoad=true&preInitInstance=rax&_immersiveMode=true&wx_navbar_hidden=true&wx_navbar_transparent=true&wx_statusbar_hidden=true&ignoreNavigationBar=true&aff_platform=portals-promotion&sk=_9AfyRN&aff_trace_key=17e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN&terminal_id=58232bf756af45ada2e743f4c7bff2fc
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains max-age=31536000
server: Tengine/Aserver
eagleeye-traceid: 21135c3016053809268283203ee602
timing-allow-origin: *
cache-control: public, no-transform, max-age=0, s-maxage=0
expires: Sat, 14 Nov 2020 19:08:46 GMT
date: Sat, 14 Nov 2020 19:08:46 GMT
set-cookie: ali_apache_id=33.19.92.48.1605380926835.333762.2; path=/; domain=.aliexpress.com; expires=Wed, 30-Nov-2084 01:01:01 GMT xman_us_f=x_locale=nl_NL&x_l=0&x_c_chg=1&x_as_i=%7B%22aeuCID%22%3A%2217e15e2ac3cf49d6a3afcc7b478a3007-1605380926693-09630-_9AfyRN%22%2C%22affiliateKey%22%3A%22_9AfyRN%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%222827887190%22%2C%22tagtime%22%3A1605380926693%7D&acs_rt=58232bf756af45ada2e743f4c7bff2fc; Domain=.aliexpress.com; Expires=Thu, 02-Dec-2088 22:22:53 GMT; Path=/; Secure; SameSite=None intl_locale=nl_NL; Domain=.aliexpress.com; Path=/ aep_usuc_f=site=nld&c_tp=EUR&region=NL&b_locale=nl_NL; Domain=.aliexpress.com; Expires=Thu, 02-Dec-2088 22:22:53 GMT; Path=/; Secure; SameSite=None intl_common_forever=RS7H0Zem3hGmwxDKDvCDYUQ50brFC4L5wK3dnLmfCahwrG1dqTGMNQ==; Domain=.aliexpress.com; Expires=Thu, 02-Dec-2088 22:22:53 GMT; Path=/; HttpOnly

GET
H2 200 23414332 Show response
mc.yandex.ru/watch/ 167 B
229 B 48ms
47ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/23414332?wmode=7&page-url=https%3A%2F%2Factivations-windows.ru%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A1oc1oo18ia0xks%3Afp%3A1848%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A261%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A1026192649%3Az%3A60%3Ai%3A20201114200846%3Aet%3A1605380926%3Ac%3A1%3Arn%3A742302676%3Arqn%3A1%3Au%3A1605380926105495343%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1605380923437%3Ads%3A155%2C1181%2C233%2C1%2C0%2C0%2C%2C329%2C27%2C2248%2C2249%2C0%2C1902%3Adsn%3A154%2C1182%2C232%2C1%2C0%2C0%2C%2C332%2C27%2C2248%2C2249%2C0%2C1902%3Arqnl%3A1%3Aadb%3A2%3App%3A3629563401%3Ati%3A1%3Ast%3A1605380927%3At%3A%D0%90%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%D1%8B%20%D0%B4%D0%BB%D1%8F%20Windows%20-%20%D0%A1%D0%BA%D0%B0%D1%87%D0%B0%D1%82%D1%8C%20%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%82%D0%BE%D1%80%D1%8B%20Windows

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

42904a6637b41214b559d6ad0c1d9222948095eeeb321b25664608ebabf8ab23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Nov 2020 19:08:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 14-Nov-2020 19:08:46 GMT
status: 200
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://activations-windows.ru
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 167
x-xss-protection: 1; mode=block
expires: Sat, 14-Nov-2020 19:08:46 GMT

GET
H/1.1 200
OK support.html
w.uptolike.com/widgets/v1/zp/ Frame 4988 0
0 89ms
87ms Document
text/html 95.163.114.204
DINET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://w.uptolike.com/widgets/v1/zp/support.html
Requested by: Host: w.uptolike.com
URL: https://w.uptolike.com/widgets/v1/widgetsModule.js?v=110d1c9f2486cfe91a5e43ca6a2a8120
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 95.163.114.204 , Russian Federation, ASN12695 (DINET-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Host: w.uptolike.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://activations-windows.ru/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: utl_id2=18565330209; utl_dat="CNLQo8HcLhAAINKh7sncLijSoe7J3C4wAKW32deXteSqo8WbkeEfC3I="
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

Server: nginx
Date: Sat, 14 Nov 2020 19:08:47 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=1800
Expires: Sat, 14 Nov 2020 19:38:47 GMT
Content-Encoding: gzip

GET
H2 200 /
sonar.semantiqo.com/i/ Frame F221 0
0 34ms
33ms Document
text/html 5.9.154.76
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sonar.semantiqo.com/i/

Requested by

Host: sonar.semantiqo.com
URL: https://sonar.semantiqo.com/c82up/checking.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

5.9.154.76 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.76.154.9.5.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

:method: GET
:authority: sonar.semantiqo.com
:scheme: https
:path: /i/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://activations-windows.ru/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://activations-windows.ru/

Response headers

status: 200
server: nginx/1.16.1
date: Sat, 14 Nov 2020 19:08:48 GMT
content-type: text/html
last-modified: Tue, 15 Sep 2020 09:13:06 GMT
etag: W/"5f6085a2-a6"
content-encoding: gzip
strict-transport-security: max-age=15768000
mode: no-cors
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, x-compress, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
cache-control: no-cache

GET
H2 200 sls_new.php Show response
cdn3.caltat.com/9b6874aa-d549-414d-a589-12a15f71b2b6/ 3 B
384 B 305ms
231ms Script
application/javascript 148.251.41.166
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.caltat.com/9b6874aa-d549-414d-a589-12a15f71b2b6/sls_new.php

Requested by

Host: sonar.semantiqo.com
URL: https://sonar.semantiqo.com/c82up/checking.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

148.251.41.166 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.166.41.251.148.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Sat, 14 Nov 2020 19:08:48 GMT
mode: no-cors
server: nginx/1.16.1
access-control-allow-origin: *
strict-transport-security: max-age=15768000
content-type: application/javascript

GET
H2 200 ces.php Show response
cdn3.caltat.com/9b6874aa-d549-414d-a589-12a15f71b2b6/ 0
161 B 103ms
29ms Script
application/javascript 148.251.41.166
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn3.caltat.com/9b6874aa-d549-414d-a589-12a15f71b2b6/ces.php?spid=cb32f70452b5400fac59ffbe8e02f0dc

Requested by

Host: sonar.semantiqo.com
URL: https://sonar.semantiqo.com/c82up/checking.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

148.251.41.166 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.166.41.251.148.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:48 GMT
mode: no-cors
referrer-policy: no-referrer
server: nginx/1.16.1
status: 200
strict-transport-security: max-age=15768000
content-type: application/javascript
access-control-allow-origin: *

POST
H2 200 analize.js
sonar.semantiqo.com/c82up/ 0
0 114ms
37ms Fetch
text/html 5.9.154.76
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://sonar.semantiqo.com/c82up/analize.js

Requested by

Host: sonar.semantiqo.com
URL: https://sonar.semantiqo.com/c82up/checking.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

5.9.154.76 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.76.154.9.5.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://activations-windows.ru/no-referrer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 14 Nov 2020 19:08:48 GMT
content-encoding: gzip
status: 200
server: nginx/1.16.1
mode: no-cors
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, x-compress, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2

200

data_sess_sync.php
sonar.semantiqo.com/fbfli/
Redirect Chain

https://counter.yadro.ru/id127/reff-id.gif?sid=cb32f70452b5400fac59ffbe8e02f0dc
https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=cb32f70452b5400fac59ffbe8e02f0dc

0
387 B

31ms
30ms

Image
text/html

5.9.154.76
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=cb32f70452b5400fac59ffbe8e02f0dc

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

5.9.154.76 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.76.154.9.5.clients.your-server.de

Software

nginx/1.16.1 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://activations-windows.ru/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 14 Nov 2020 19:08:48 GMT
content-encoding: gzip
status: 200
server: nginx/1.16.1
mode: no-cors
strict-transport-security: max-age=15768000
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, x-compress, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers

Redirect headers

Location: https://sonar.semantiqo.com/fbfli/data_sess_sync.php?spid=&sid=cb32f70452b5400fac59ffbe8e02f0dc
Date: Sat, 14 Nov 2020 19:08:48 GMT
Server: nginx/1.17.9
Connection: keep-alive
Content-Length: 364
Strict-Transport-Security: max-age=86400
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.google.com/	1970-01-19 18:19:52	Name: NID Value: 204=m5-f3LLh6nazmvibAe7Z2veyTBkAHapcHYHuB2qLjtc_16pfarVJeWzzIs4ViS7698b5JUGlirsWgtgSIwUDvhNFIGoOGF9jV_nHOor92MZsMpdgaHhY29DACQb2UZn9PE15skKT-B-lyFi_gY4Rn7ztXradE9QZcgeWM4oMZy0

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://activations-windows.ru/wp-content/themes/windows24/jquery-migrate-1.1.1.js?ver=4.2.29(Line 21) Message: JQMIGRATE: Logging is active
console-api	warning	URL: https://activations-windows.ru/wp-content/themes/windows24/jquery-migrate-1.1.1.js?ver=4.2.29(Line 40) Message: JQMIGRATE: jQuery is not compatible with Quirks Mode
console-api	log	URL: https://activations-windows.ru/wp-content/themes/windows24/jquery-migrate-1.1.1.js?ver=4.2.29(Line 42) Message: console.trace

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
activations-windows.ru
apis.google.com
campaign.aliexpress.com
cdn3.caltat.com
counter.yadro.ru
mc.yandex.com
mc.yandex.ru
s.click.aliexpress.com
sale.aliexpress.com
sonar.semantiqo.com
utl-utils.ru
w.uptolike.com
104.111.216.213
104.111.245.23
148.251.41.166
2a00:1450:4001:800::200d
2a00:1450:4001:802::200e
2a02:6b8::1:119
5.9.154.76
78.24.221.88
81.177.135.182
88.212.201.216
92.122.105.52
95.163.114.204
0979a0089b9ed9d210f521896c7cc7bb0da9b5392ae812ec0c6e111eeb2e0036
1a8f940eb4daad51ed3d1d9a1ba98b6ff0376e3027b8b0afebfbc1b83da604eb
1e534be2c89e1f740aa5e337494a1c35fa2de8fa8d4d8e4748f403c167e83141
1fdbb2180496fca532f43deaffec879f8ca6990258b38a469aed4120d6c0d2fe
216a22d88056e1fec47aa1a61ebd3059a0e54684943ee6ed1544655a78244fa3
21a5e85f760307a292b0a2f91ea83b4f035cabec57b324c3d0691c82c273dc03
224546ee41f8aacc21cb2067284a16ce5fffd04bbf79a5e4fc04c810dfe6ce67
2552259fb77cf7805b8c5396e58de7f315871fedb7c9d75de89a8364a9598c5e
28189aac6589c2ef067cb62642a1f56778434bbb67a33c797b0267a905b40869
2c319808f1b6e71fd0234fff4b67401a4b87fa46acbde51d5669d91447a885d6
34e65b26e2be59ed7741fb3b38ae5bc9ea8a240528295d9504b6c7346a6d0158
39bbe5203a96a2cd3d0f355e86c51e9be150398b05e2faad5377c4f211a44ef3
3a78b8df2d78dcc04c3af77920de5558054e35856dc6ec8aa36d11ea73109f7a
3e025bc89d981eeffe13ae90cbae0d97c42ae415640ca5fd40f0bf58742f3e51
3f72dc1fd03fba15c9200144bf1df7286ad1e2560b50a5ecc12e68c9c1e36f29
425a00fc56a9a37e7bc309b400db941ca9bd5506dd560ad3c846c7f6913d7677
42904a6637b41214b559d6ad0c1d9222948095eeeb321b25664608ebabf8ab23
43d3dc8908f00cd7cc6bb65903e7dcfefaa402b194aa35b1e1c2e821f555af4b
4d956a758ca48121e4434c413596334c6b0f3cda0e622ada0d73c41d39eda526
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54e23835247d73e43e94217012271fbc1167ca100db024cebac3f0a57322abe2
624108d126aaea46f83bb807588d0fd9a1ad3ce8b237577f70cd5ee6232cbfb4
64da364a0a1290689aa2709e1d8c10aff6f72d8d172a5d8016c43a4c0f256252
6718369e603107c60bbcffe3bcae1e32eb955a0e6c62eec1e07e6df216272434
6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167
79bf41524db99973d4c1526d960110870a412a6c20f4d770706df840648ed633
81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4
8acb1b8c8aefd8b0917d652635404c4b3905868490616c058f2976421bf85d6a
8f83ec4847f74e502cf7cb88387326d770877897b977619c93327fc99b244bbd
9b4dfdd3624776919e3a3bb3f8c8248f98e520f42cacfb817a71d5780820ab72
9ed7f591dd151baa3b4831fde7cd303b4be8754a0deb9209a487a60c25d3e47a
a3e6aba6910d36f46d1c3ea8c83478f854b9cfeba039e480d472ded94eb4d2ac
adfd5eb18ddeefd7c639672bc12688cb44e5309bf9b1ac4544975105dfd5cdb4
aef8e7fe84d1dc4316cb2359c47c3a81053a22b996ea999f482f5595a5ba38cf
b02ab5446d4dd91bc73183089db613f7cd4c954bc79a21dff4785c9280af45a0
b88d748af9fa6508e5c8a0b2de25d831e2fa8c653204f6b0c80a93fb345e20ef
bfd19de136ce5da2fd0fa7be611061cf47ba204a78e90492cc7e087b52459600
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c23f13dc75521d634c0f19c8566969275e9e56cd3de9bb6652e38923d4ac99d2
d51c8fcb06d5172afd5862af631b29bee084df4340f88ecf29f6ab9aa4c5a7f4
dddf0e4a3bc4994e192c900bd37d74d19960b2bb73825e54c6d4c97f9ff3f078
de45c65312d8ff11be65dead0da5fe96c150a3a0e125c5455e86b813f4b5a4a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efbdf9cab6b6cf2bf7207ae4e0456c9462b2c0d4c2de76d65442de2af7253f2b
f384514e16366260e30c35e5440a37191fa1f5d1361f858de67c62cb92bab88d
fa0dd8e63481566c03225ec189b90855e0c28d8127e1a4c6bf5a046842c13453
fd23ab8ce969cdbc761e041f63d763e11a5864a5428e61d006042f5a49464334

activations-windows.ru Open in urlscan Pro 81.177.135.182 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

59 Requests

100 %HTTPS

25 %IPv6

10 Domains

13 Subdomains

10 IPs

4 Countries

602 kBTransfer

1210 kBSize

1 Cookies

6 Outgoing links

Redirected requests

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

activations-windows.ru Open in urlscan Pro
81.177.135.182 Public Scan

Screenshot
Live screenshot

Full Image

59
Requests

100 %
HTTPS

25 %
IPv6

10
Domains

13
Subdomains

10
IPs

4
Countries

602 kB
Transfer

1210 kB
Size

1
Cookies

59 HTTP transactions
0 data transactions