sci-hub.mksa.top Open in urlscan Pro
2606:4700:3036::ac43:807a Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sci-hub.mksa.top/
Effective URL:
https://sci-hub.mksa.top/
Submission: On September 26 via manual (September 26th 2022, 7:38:13 pm UTC) from US — Scanned from DE

Summary HTTP 100 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 16 domains to perform 100 HTTP transactions. The main IP is 2606:4700:3036::ac43:807a, located in United States and belongs to CLOUDFLARENET, US. The main domain is sci-hub.mksa.top. The Cisco Umbrella rank of the primary domain is 699167.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 1st 2022. Valid for: a year.

This is the only time sci-hub.mksa.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sci-Hub (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3036::ac43:807a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2606:4700:303... 2606:4700:3033::ac43:a162	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
1	209.140.129.66 209.140.129.66	11643 (EBAY) (EBAY)
32	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:400d:804::2001	15169 (GOOGLE) (GOOGLE)
5	2606:4700:10:... 2606:4700:10::6816:6ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.75.89.51 104.75.89.51	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:10e... 2a02:26f0:10e:291::1ec4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	31.131.252.91 31.131.252.91	50340 (SELECTEL-MSK) (SELECTEL-MSK)
1 2	88.212.202.52 88.212.202.52	39134 (UNITEDNET) (UNITEDNET)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
100	17

2 2606:4700:3036::ac43:807a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sci-hub.mksa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:3033::ac43:a162 (United States)

ASN13335 (CLOUDFLARENET, US)

img.sci-hub.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.140.129.66 (United States)

ASN11643 (EBAY, US)
PTR: rover-public-slcaz01-1-1.ebay.com

www.ebayadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:400d:804::2001 (Ireland)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:10::6816:6ac (United States)

ASN13335 (CLOUDFLARENET, US)

metrics.nt.vc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.89.51 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-51.deploy.static.akamaitechnologies.com

secureir.ebaystatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10e:291::1ec4 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

secure.insightexpressai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 31.131.252.91 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

share.pluso.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.202.52 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host152.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 tpc.googlesyndication.com — Cisco Umbrella Rank: 142	479 KB
21	sci-hub.shop img.sci-hub.shop — Cisco Umbrella Rank: 393259	584 KB
8	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 359	129 KB
5	nt.vc metrics.nt.vc — Cisco Umbrella Rank: 50505	23 KB
5	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 41	48 KB
4	pluso.ru share.pluso.ru — Cisco Umbrella Rank: 152999	27 KB
4	ebaystatic.com secureir.ebaystatic.com — Cisco Umbrella Rank: 4889	81 KB
3	google.com adservice.google.com — Cisco Umbrella Rank: 75 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 9373	1 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 9081	914 B
2	mksa.top 1 redirects sci-hub.mksa.top — Cisco Umbrella Rank: 699167	7 KB
1	insightexpressai.com secure.insightexpressai.com — Cisco Umbrella Rank: 1118
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 190	44 KB
1	ebayadservices.com www.ebayadservices.com — Cisco Umbrella Rank: 4640	14 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 857	641 B
0	kitbit.net Failed kitbit.net Failed
100	16

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net cdn.ampproject.org pagead2.googlesyndication.com tpc.googlesyndication.com
21	img.sci-hub.shop	sci-hub.mksa.top
8	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
8	pagead2.googlesyndication.com	sci-hub.mksa.top pagead2.googlesyndication.com tpc.googlesyndication.com
5	metrics.nt.vc	www.ebayadservices.com metrics.nt.vc
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	share.pluso.ru	img.sci-hub.shop
4	secureir.ebaystatic.com	www.ebayadservices.com secureir.ebaystatic.com
2	counter.yadro.ru	1 redirects
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	sci-hub.mksa.top	1 redirects
1	www.google.com	tpc.googlesyndication.com
1	secure.insightexpressai.com	www.ebayadservices.com
1	www.googletagservices.com	googleads.g.doubleclick.net
1	www.ebayadservices.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
0	kitbit.net Failed	img.sci-hub.shop
100	18

This site contains links to these domains. Also see Links.

Domain
pluso.ru
vk.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
mksa.top Cloudflare Inc ECC CA-3	`2022-02-01` - `2023-01-31`	a year	crt.sh
sci-hub.shop Cloudflare Inc ECC CA-3	`2022-05-23` - `2023-05-23`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
rover.intl.ebay.com Sectigo RSA Organization Validation Secure Server CA	`2022-05-17` - `2023-05-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
www.ebay.com Sectigo RSA Organization Validation Secure Server CA	`2022-08-16` - `2023-08-16`	a year	crt.sh
*.insightexpressai.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-14` - `2023-03-15`	a year	crt.sh
*.pluso.ru R3	`2021-05-11` - `2021-08-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-05` - `2022-11-28`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://sci-hub.mksa.top/
Frame ID: 37E9232ABA56254017E292E288BFF98F
Requests: 42 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20190131/zrt_lookup.html
Frame ID: 44770A039EDF25253AE925BE1EBCB9B8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&adk=1812271804&adf=3025194257&lmt=1664221087&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087513&bpp=3&bdt=367&idt=153&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6460666494671&frm=20&pv=2&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=169
Frame ID: 3C62DAAE8C12FE77086CDC54071168E3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&h=280&slotname=2711088979&adk=2301864394&adf=2987723014&pi=t.ma~as.2711088979&w=528&fwrn=4&fwrnh=100&lmt=1664221087&rafmt=1&format=528x280&url=https%3A%2F%2Fsci-hub.mksa.top%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087516&bpp=2&bdt=370&idt=170&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6460666494671&frm=20&pv=1&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=536&ady=1552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=ArCoIzzmGf&p=https%3A//sci-hub.mksa.top&dtd=176
Frame ID: 013B390A93DF457533A763C8CF7594B5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1
Frame ID: C0FAB1EDF16CAE2A7F93E546CE644825
Requests: 6 HTTP requests in this frame

Frame: https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-166314-871238-2&mkcid=4&mkevt=2&mpt=2052249664&gdpr=&gdpr_consent=&campaignid={campaignid}&gclid={gclid}&siteid=77&icep_siteid=77&ipn=admain2&adtype=2&size=728x90&pgroup=560283&mpvc=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%26num%3D1%26sig%3DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%26client%3Dca-pub-5200551945029930%26adurl%3D
Frame ID: 0A8D8259DE5FF75E130D0C94ADA49FA9
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs
Frame ID: 3D5DE7576C544EFA3B83ABA2A75CA20F
Requests: 33 HTTP requests in this frame

Frame: https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0
Frame ID: 247306BE825043B788580221DEF93931
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 38BC7BDEA4961055F2A8EDD1E14224F9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EC994DB68079547729415CEA925DF94B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sci-Hub

Page URL History Show full URLs

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

100
Requests

93 %
HTTPS

75 %
IPv6

16
Domains

18
Subdomains

17
IPs

5
Countries

1441 kB
Transfer

3105 kB
Size

8
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pluso.ru/

Search URL Search Domain Scan URL

URL: https://vk.com/sci_hub

Search URL Search Domain Scan URL

URL: https://twitter.com/Sci_Hub

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sci.hub.org

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sci-hub.mksa.top/ HTTP 301
https://sci-hub.mksa.top/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1 HTTP 302
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

100 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sci-hub.mksa.top/
Redirect Chain

http://sci-hub.mksa.top/
https://sci-hub.mksa.top/

27 KB
7 KB

251ms
202ms

Document
text/html

2606:4700:3036::ac43:807a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:807a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d9be8bca8e99d3e4df920b526377cdc77fe018083325fa9ca149dd4844b7b28

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=43200 no-cache
cf-cache-status: DYNAMIC
cf-ray: 750e75417f0a9bfa-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 26 Sep 2022 19:38:07 GMT
expires: Tue, 27 Sep 2022 07:38:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=72yFdiM1%2FK3qrCxHFRsgMWWeLcXAF%2FnPdG0ru4oDOg9heHr2OGZzPcEJx%2Buur1C8qVvIJ4VlCxx70hfWCR4fjSjTlcApeXb5pZr709lIANUwDFG9z3vEzJbXnzelIY2YKHVLDAYSzR1wTcXOUPT%2F"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding Accept-Encoding
x-cache: MISS MISS

Redirect headers

CF-RAY: 750e7540eb049b2d-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Mon, 26 Sep 2022 19:38:06 GMT
Expires: Mon, 26 Sep 2022 20:38:06 GMT
Location: https://sci-hub.mksa.top/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QpzFcR0IKbQzxzuXwgq4ubdN56D3nSikcgJVKzrdnySdCuZDxX6WV1JWwl3ayXR2Iy9nccLovcttpRu%2BdJ76H95uyfoIhzDpy9xCQ0WXGa6b113opvhyF43gkocFunoxUZ3epZO%2FhwMXrXffN27y"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-3.1.1.min.js Show response
img.sci-hub.shop/scihub/ 85 KB
31 KB 130ms
49ms Script
application/javascript 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-3.1.1.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Nov 2018 04:24:28 GMT
server: cloudflare
age: 135232
etag: W/"5c00bb7c-152b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3y6f%2FrysOZNLJWiBzRL%2FHwgAzztY8AxxWDG8NnjVI%2BywCa%2BFMUdZ%2Fa87Ky8HHAKgiJoAg9UInzXrxx76ap56NOpbxSL0VGMO0FwCjGGx0nitL28CumTHIIg3w1%2BwjCi2F7ga5A8SRLkpwpRZYCmX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750e7543389bbbb9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-ui.min.js Show response
img.sci-hub.shop/scihub/ 248 KB
68 KB 131ms
50ms Script
application/javascript 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/jquery-ui.min.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 14 Dec 2018 08:14:20 GMT
server: cloudflare
age: 209626
etag: W/"5c13665c-3dee4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7DQywKe5wowtdv2wNAGw7zVtnVXR%2B2Vf5mLxRQBqI%2BmnhDR9uI5RJEtc1Hn72YN4kUx5FA1Bb6rjf0dhQLhiVAPgf3Hex35fKvGvERKzkpzo%2FaQhAGBmBcg8L6aHAuWV4iUPo%2BWZ6Z%2BEh9qkXFh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750e754338a2bbb9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 openapi.js Show response
img.sci-hub.shop/scihub/ 94 KB
24 KB 124ms
44ms Script
application/javascript 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/openapi.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Nov 2018 04:24:44 GMT
server: cloudflare
age: 212434
etag: W/"5c00bb8c-1798d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIRUe4epiA9aktTSddSjsb6i1pPQ%2FsclaDIV%2FK80doKvNMkTeH%2FyXTTQg3i4NBCU5pdYYkKb7Dggjtpu9ByHVdBcX2cKaQa9j%2FHcNA4wpTRGHgc%2FFGdTcdaCPTqANNaWGH1ZSDF4w7kSEYhu188%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750e7543389fbbb9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 medal.png
img.sci-hub.shop/scihub/ 22 KB
22 KB 33ms
30ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/medal.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135215
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 22275
last-modified: Fri, 30 Nov 2018 06:13:38 GMT
server: cloudflare
etag: "5c00d512-5703"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OsZECOwwzUfVhtuiJj0sSK3wZc7SjDiaTrC%2FCvHaKIAOsy812p15It9VodMWCzT3f9y%2FX%2FPslDpzrvonnLr3XAuIq0kRGlS6X%2FdXZb3YLnjWvhoJK7cixIyffa0ST35I0aA9d%2Bp93zRPDfijctwY"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e75439986bbb9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 key_1.png
img.sci-hub.shop/scihub/ 8 KB
9 KB 31ms
31ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/key_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 451001
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8428
last-modified: Fri, 30 Nov 2018 06:13:40 GMT
server: cloudflare
etag: "5c00d514-20ec"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8X2ldqui2zKi07YfyDcuKP8s7Q4ituk71k1V69nwptmBpaH4OLyVx7XKr4SxtRM34C5U8s4Bt%2FsfITagma0HGO5xmU1Y%2B7J2n9vaGo%2FPHB%2BuUpQOJmnY032yl7FjT1XSpfuBQejfWIc5%2FGB8Mulw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543b9e7bbb9-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 166 KB
57 KB 106ms
42ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5200551945029930

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef2068bf405d2b75459fbcac81d631730c9060629185a07259b5e00b27338036

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Origin: https://sci-hub.mksa.top
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58015
x-xss-protection: 0
server: cafe
etag: 1707212904702959430
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 19:38:07 GMT

GET
H3 200 top-back.jpg
img.sci-hub.shop/scihub/ 184 KB
185 KB 55ms
55ms Image
image/jpeg 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/top-back.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 188646
last-modified: Mon, 16 Sep 2019 12:17:02 GMT
server: cloudflare
etag: "5d7f7d3e-2e0e6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N75ZraknChVwkZP7hGfY%2FyF%2BnI3dCo8Jwf2uvHdOL5nHql9k%2Fn0bA0cEYmiY8ZLfNXoOQM5wfM4qHib05FWXPK5v18ibGgbXzlz31681kNAx5w6u79VaRLen0%2FOcFLuSNwWL9qEP5f2onBbZGqDZ"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfcc90b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 logo_en.png
img.sci-hub.shop/scihub/ 14 KB
15 KB 30ms
30ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/logo_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14556
last-modified: Fri, 30 Nov 2018 05:56:38 GMT
server: cloudflare
etag: "5c00d116-38dc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RirMEJQ3CFAGzvJKW%2F8wqMJeAuhDVEpb%2FMGt1fOAOXJFJtBlw4ORONjlvBro3%2BdODC%2BNIuKDgYhuawqm8sfKdzLolZFvwbYPo6%2FgYrgx8sSBtF4F9pIjpQseDRjzRPggYSq29gjbhBo3mVK%2FYXfF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfd490b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 raven_1.png
img.sci-hub.shop/scihub/ 59 KB
59 KB 115ms
113ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/raven_1.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 60144
last-modified: Fri, 30 Nov 2018 05:56:32 GMT
server: cloudflare
etag: "5c00d110-eaf0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2FWeUideVcLOMnTJWgm0jZbjYa8A91LNprDr5%2FEF805%2BKPoppGg%2FDwgriIe%2FdFUqL9PponorVraFaKlv%2Fh1KXdC1TJZf17JfsUrsBjHIcM0w46WEjcn707KGRpzFLFdnO1f8MHswMA%2F%2F2nXgHyVj"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfd690b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 map.jpg
img.sci-hub.shop/scihub/ 54 KB
55 KB 123ms
121ms Image
image/jpeg 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/map.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55605
last-modified: Fri, 30 Nov 2018 05:56:52 GMT
server: cloudflare
etag: "5c00d124-d935"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VgXb1Dh%2BU8vAzt%2BLdUfyqYjjynrv9ekTNXHmxm5PzXpWSzeIZ7%2BSWigErH5WdPnei9icnbkkDx2pmBVSi%2FUn%2FgTry1uRDIvdMBRmj96CiVVx6EwtqgKfL3Ud2GAH9fQq5W%2BRG9XjdmmIPkJkTWE"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfd890b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 about-marker_en.png
img.sci-hub.shop/scihub/ 3 KB
4 KB 128ms
126ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/about-marker_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3361
last-modified: Fri, 30 Nov 2018 05:57:02 GMT
server: cloudflare
etag: "5c00d12e-d21"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj1S2%2BvHZ%2FTIyx4xtOLFwCqEgnZpTTt%2FV2LH%2B2ivQ7V67BdSBF4CImIYe2z4w6Avjpga74lye17%2FXIA5p5dmTfaLmfDWfk2SFFMeWoDgQ5JDDkxdFi5ANiI5vqHIQCwRechA4fbBuNSq22awrPyC"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfd990b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 quote.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 129ms
127ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quote.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1068
last-modified: Fri, 30 Nov 2018 05:57:12 GMT
server: cloudflare
etag: "5c00d138-42c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2aP39KWnKxrUGpriqZSchBkBneLHtpPiolVF5h6GWDLgfudwTT92cvJuJwKt6vhrERbYRshKfwMy3GvpD8upXJHggQcdRPjZOn75n8K7Yrl0sOvu0PA%2Bv2j1WIooDrlDaWPQXZlbhQ2VFRbk%2Be0"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfdc90b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 quotenext_en.png
img.sci-hub.shop/scihub/ 1 KB
2 KB 129ms
128ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/quotenext_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1087
last-modified: Fri, 30 Nov 2018 05:57:18 GMT
server: cloudflare
etag: "5c00d13e-43f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZwYRnfs8%2FxoAkuYToh9E3yQKMtrenpRsb%2FXYzfpzH%2FdeJBcdyijA%2BIox651v2iFbG4Gz3f6UDG%2FXiM9lk5P6MSPEXFuQqH6jJzHp5w9Vjd92Js5Rj2YHtUuhElpf9iRKCFMarSU7OF2HXNoF0Ln"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfdf90b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pone.png
img.sci-hub.shop/scihub/ 2 KB
2 KB 130ms
128ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pone.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1637
last-modified: Fri, 30 Nov 2018 05:57:24 GMT
server: cloudflare
etag: "5c00d144-665"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pw%2FN8RfAKSHoyV27P%2Bx8ySWITzfDNxE9Rc5%2BUHYaJt00Nd5TsiXXZ6BVZUCpsWsexqiM3PlSbTzt0bNtY5aWIhsNXdu1qSmXLtnXY6d1r2Q8VofCEObHj5Mt6G7ZSAL0W6Eqsg0pYWqBPd%2FoLsfw"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfe190b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 ptwo.png
img.sci-hub.shop/scihub/ 4 KB
4 KB 132ms
131ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/ptwo.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3907
last-modified: Fri, 30 Nov 2018 05:57:30 GMT
server: cloudflare
etag: "5c00d14a-f43"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4i11hHPd4FIxhdxaVGruTvKXQEtVNFVDwxtyMsOlILaczCg5TFL3vcKpwQX7c3rjjsfAG9HCiDZ%2F41MjGlJ0M8nBHdFkKeT4EgLp5CiAecjEwTXqXXRbI4wcJI%2Ff2z7uP00K4%2FDe1uC3M4TKcJLl"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfe590b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pthree.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 133ms
131ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/pthree.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4278
last-modified: Fri, 30 Nov 2018 05:57:36 GMT
server: cloudflare
etag: "5c00d150-10b6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPXpxSOut%2FsoJCLaXQoQPOKf%2FAAATcLJPkjoaFfLhTIgucPc7wVeD0Y6lIKCo%2FJaf4xrhPIO5Rt92tAuxyATuPoyMnTed3wJWQFNNNFQaPrqdWpHq1HNZptAPXhgXqerhotNOvekQFRTS44LH8at"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7543dfe690b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET AvenirLTW01-55Roman.woff2
img.sci-hub.shop/misc/fonts/ 0
0

GET
H3 200 people.jpg
img.sci-hub.shop/scihub/ 50 KB
51 KB 110ms
110ms Image
image/jpeg 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/people.jpg
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 51212
last-modified: Fri, 30 Nov 2018 05:57:56 GMT
server: cloudflare
etag: "5c00d164-c80c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vQeJ8XrB7QmV0RYNA5yMmIrxHFssivk%2B7hpyxFj59YDoy50p0%2BWoTLH2UsxZaQAxiz%2BFqt61jwe0YV7XlkzkBM8Q%2B1YBOki41i48uroyXozglTSsVrp0SCNOuOqIFVd5Pcitz3l8rTMUbZwSYcA2"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7544080290b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 join_en.png
img.sci-hub.shop/scihub/ 6 KB
7 KB 111ms
110ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/join_en.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6197
last-modified: Fri, 30 Nov 2018 05:58:24 GMT
server: cloudflare
etag: "5c00d180-1835"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RpQUUDT5bQTbAkBgvjY%2FLMy8ZDxqz65OCJ%2BPfgYZLU1vUeChcDkyOTFZh57GaQeWr6NzhB6ussJ%2FXQgX%2BH9zFnLrHQ6jjL%2B7NOnO9aL3HgUSVUxJWhQlRHWncZDNXgUVfDeXK7n%2BAwfN%2BoxVWOd%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7544080690b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 joinvk.png
img.sci-hub.shop/scihub/ 17 KB
18 KB 112ms
111ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinvk.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17834
last-modified: Fri, 30 Nov 2018 05:58:30 GMT
server: cloudflare
etag: "5c00d186-45aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6b8Fw4F61hvZuilC1IaK2LPB2TqspbwWdZVnX18pFXL%2BUsB7ihIJPl1U5SZnOMajHKF1yPSULIy%2BKoMTS9cHsEPcF%2Bu1ikwuJE5CReaiSm%2BtM0hOJ82%2BxRCA0RlrTrB8toesSmK1%2BP22wFNbJVCo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7544080790b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 jointwitter.png
img.sci-hub.shop/scihub/ 6 KB
6 KB 115ms
114ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/jointwitter.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135271
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5751
last-modified: Fri, 30 Nov 2018 05:58:42 GMT
server: cloudflare
etag: "5c00d192-1677"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4OVm54x3Vj4I29OOXOxXL7b29GMZL6uCQDiHXD54QYaJ3Jx%2Bg6hxTQquwyk2KECUD%2BdOipO9B1M0BVnNpCQSFSK850cuj7OKxXs%2BdJjoSikS%2FKas%2FYZMH%2B5aIPTuaz69EkBZGYmikCA%2FEhZRU8g"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7544080990b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 joinfacebook.png
img.sci-hub.shop/scihub/ 4 KB
5 KB 115ms
114ms Image
image/png 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.sci-hub.shop/scihub/joinfacebook.png
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 135272
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4152
last-modified: Fri, 30 Nov 2018 05:58:36 GMT
server: cloudflare
etag: "5c00d18c-1038"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EMDPIHltd4NF%2BskPB%2Bm6OUkcsPJi0hv9yN%2FuepIoEdcqojTiLk%2BhPMCM5dXzu%2Ft39pOXyES65f%2Bi6jjQX48QnURBQUXjh9mUOmf%2BHXQ0GR4hnfN0H4G%2B%2BlWBg8Rv6F1WYEPGz1BJK%2FdIfQIcz%2Br2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 750e7544080a90b2-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 pluso-like.js Show response
img.sci-hub.shop/scihub/ 41 KB
13 KB 108ms
108ms Script
application/javascript 2606:4700:3033::ac43:a162
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://img.sci-hub.shop/scihub/pluso-like.js
Requested by: Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:a162 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 30 Nov 2018 04:39:20 GMT
server: cloudflare
age: 135272
etag: W/"5c00bef8-a5cc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW8NP7A%2BBfVPlriGcxIdozvBBOu6AQDp25H1Ld9QcH8iOiqOtTrhzJ09DDyGgnMg%2Fmz1KKY1AWb7uJnkuytXSTYWsLVDNymJUK8XmYOHFS8t%2BdQs9sfrXiXdvxk0AvEVOYfe2KIDQf%2Bm4yfwNUxN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 750e7544081690b2-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209200101/ 347 KB
122 KB 92ms
50ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5200551945029930&plah=sci-hub.mksa.top&bust=31069778

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5200551945029930

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

523fa7d4a98ffdcc681802c90df7e767a245a2847f51f795ed0a7bacfe3150bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125276
x-xss-protection: 0
server: cafe
etag: 5659944726764317446
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 19:38:07 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220922/r20190131/ Frame 4477 10 KB
5 KB 89ms
29ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220922/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5200551945029930

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17234
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 14:50:53 GMT
etag: 9671129459699598864
expires: Mon, 10 Oct 2022 14:50:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 212 B
641 B 229ms
30ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=sci-hub.mksa.top&callback=_gfp_s_&client=ca-pub-5200551945029930

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209200101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5200551945029930&plah=sci-hub.mksa.top&bust=31069778

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7664005a99b57119382ccaad339dd6a2ca6e1c28b6e441d35e060912e98843ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 253ms
57ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 226ms
30ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsci-hub.mksa.top%2F&tn=DIV&id=menu&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: sci-hub.mksa.top
URL: https://sci-hub.mksa.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Sep 2022 19:38:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3C62 67 KB
19 KB 273ms
257ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&adk=1812271804&adf=3025194257&lmt=1664221087&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsci-hub.mksa.top%2F&ea=0&pra=5&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087513&bpp=3&bdt=367&idt=153&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6460666494671&frm=20&pv=2&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=169

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

71b01867aed65c1dbfee1c6945abce415cb740eca95963f2f6e34cfe71962dd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 18982
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 19:38:07 GMT
expires: Mon, 26 Sep 2022 19:38:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 013B 104 KB
20 KB 642ms
636ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&h=280&slotname=2711088979&adk=2301864394&adf=2987723014&pi=t.ma~as.2711088979&w=528&fwrn=4&fwrnh=100&lmt=1664221087&rafmt=1&format=528x280&url=https%3A%2F%2Fsci-hub.mksa.top%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087516&bpp=2&bdt=370&idt=170&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6460666494671&frm=20&pv=1&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=536&ady=1552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=ArCoIzzmGf&p=https%3A//sci-hub.mksa.top&dtd=176

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fb18789ccaf0c6e98b7e01d1812c73b8423e890937bc3d0e97bb87ce65e307aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 20522
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 19:38:08 GMT
expires: Mon, 26 Sep 2022 19:38:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209200101/ 149 KB
53 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209200101/reactive_library_fy2021.js?bust=31069778

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e9e22e1939a3ed86e983c54d57d6ca2ba5657d6be55254898164234556825c7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54617
x-xss-protection: 0
server: cafe
etag: 12573146702633645953
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 26 Sep 2022 19:38:07 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 73ms
31ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 19:38:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 75ms
31ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sci-hub.mksa.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 19:38:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/ Frame C0FA 10 KB
4 KB 63ms
20ms Document
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 81199
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 25 Sep 2022 21:04:49 GMT
etag: 9671129459699598864
expires: Sun, 09 Oct 2022 21:04:49 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK ar Show response
www.ebayadservices.com/marketingtracking/v1/ Frame 0A8D 14 KB
14 KB 580ms
228ms Document
text/html 209.140.129.66
EBAY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-166314-871238-2&mkcid=4&mkevt=2&mpt=2052249664&gdpr=&gdpr_consent=&campaignid={campaignid}&gclid={gclid}&siteid=77&icep_siteid=77&ipn=admain2&adtype=2&size=728x90&pgroup=560283&mpvc=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%26num%3D1%26sig%3DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%26client%3Dca-pub-5200551945029930%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

209.140.129.66 , United States, ASN11643 (EBAY, US),

Reverse DNS

rover-public-slcaz01-1-1.ebay.com

Software

ebay-proxy-server /

Resource Hash

68a2d7e93b2fb38d6ddb0a2230875f96e646f5217d7057fe3235d901a2173eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua-full-version
cache-control: private, no-cache
content-length: 14060
content-type: text/html;charset=UTF-8
date: Mon, 26 Sep 2022 19:38:07 GMT
pragma: no-cache
rlogid: t6baubqsodf%3F%3Ckuvgcp%60tqjfc*maeon%28rbpv6601-1837b4e8b2a-0x2328
server: ebay-proxy-server
strict-transport-security: max-age=31536000
x-envoy-upstream-service-time: 55

GET
H2 200 m_js_controller_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame C0FA 34 KB
14 KB 86ms
22ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/m_js_controller_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b90e13ebc85d7fd3dc0e2665b491ad10fc544cf8bc57f76ed39459c0e02f2b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 18:23:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4468
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14190
x-xss-protection: 0
server: cafe
etag: 337214682915004451
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 18:23:40 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame C0FA 3 KB
1 KB 108ms
44ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:31:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 390
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 19:31:38 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/ Frame C0FA 17 KB
7 KB 91ms
27ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1244
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7553
x-xss-protection: 0
server: cafe
etag: 15375136450269253166
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 19:17:24 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C0FA 140 KB
44 KB 82ms
32ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44525
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1663760195623328"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 19:38:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220921/r20110914/ Frame C0FA 23 KB
9 KB 104ms
40ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220921/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220922/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:33:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9559
x-xss-protection: 0
server: cafe
etag: 12142024561622733046
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 10 Oct 2022 19:33:50 GMT

GET
H3 200 transparent.png
tpc.googlesyndication.com/pagead/images/ Frame 013B 67 B
91 B 69ms
23ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/transparent.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&h=280&slotname=2711088979&adk=2301864394&adf=2987723014&pi=t.ma~as.2711088979&w=528&fwrn=4&fwrnh=100&lmt=1664221087&rafmt=1&format=528x280&url=https%3A%2F%2Fsci-hub.mksa.top%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087516&bpp=2&bdt=370&idt=170&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6460666494671&frm=20&pv=1&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=536&ady=1552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=ArCoIzzmGf&p=https%3A//sci-hub.mksa.top&dtd=176

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 06:08:41 GMT
x-content-type-options: nosniff
server: cafe
age: 48567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 2462972746714251406
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67
x-xss-protection: 0
expires: Tue, 27 Sep 2022 06:08:41 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012209072154000/ Frame 3D5D 220 KB
61 KB 152ms
36ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ab720224c1548ed676ca1a6e9f2ecbb3d92fe43ab4e573de9246e48f440a4636

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61518
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 10:58:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b9e6b1d3ca7cc68d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 10:58:39 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 14 KB
5 KB 208ms
93ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efff01c62418d6f4467c02e31f8c01ec7c4459e9310654f6dcbc30120a385209

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117570
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5208
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 10:58:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "dcaf3864e0ab6b08"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 10:58:38 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 94 KB
28 KB 213ms
98ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

527d0808216e24ce838e14ffd686947cd4a8719fd9562a21412ed08c8ac14614

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28888
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 10:58:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "95b4b320f7966d1a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 10:58:39 GMT

GET
H2 200 amp-carousel-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 33 KB
10 KB 232ms
117ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-carousel-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f1507cdd747d72d9fe47ed4152639c3f85b4742a5a40ab624d3ae72174c2834

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 125238
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10106
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 08:50:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f0b6fbadd46c817e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 08:50:50 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 5 KB
2 KB 225ms
110ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

607150d742ffb67d983e9bd23ab87e0d436f68776c67898c57db306319840cb5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1908
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 10:58:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5561dff7c028bd87"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 10:58:39 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 40 KB
13 KB 226ms
111ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd22c52347ad42343ca4c6fa76a783715312f1f4a35e97f937611a5b26aa2354

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 117569
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12958
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 10:58:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "00747b471d2f1a24"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 10:58:39 GMT

GET
H3 200 amp-gwd-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012209072154000/v0/ Frame 3D5D 6 KB
2 KB 108ms
36ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/v0/amp-gwd-animation-0.1.mjs

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

777ac2fe83a69b31fdfc9380a9e8258c75a628bd6c877a00f4465d0ec6e14d83

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 146507
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2441
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 02:56:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4be2457717882240"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 02:56:21 GMT

GET
DATA 200
OK truncated
/ Frame 3D5D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a36dc3faa7465f00c345574ceef176d14dced1944508299c9dd5a61c7f7c8be

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D5D 2 KB
2 KB 46ms
28ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 09:48:38 GMT
x-content-type-options: nosniff
server: cafe
age: 35370
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Tue, 27 Sep 2022 09:48:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 3D5D 295 B
319 B 41ms
23ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:50:56 GMT
x-content-type-options: nosniff
server: cafe
age: 42432
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Tue, 27 Sep 2022 07:50:56 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3D5D 0
21 B 68ms
66ms Image
text/html 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CWq5hn_8xY4WfMIOQqMwPk9ejsA71hqLQbIDz2tGiEPrx1rLFARABIIH7sX1gldr4gZQHoAHH8OONA8gBCakCMbrfU8E8sD6oAwHIAwiqBOkBT9C3UpFe37rvv2HP6N1fB2lEsj0gL-9U9W_t3pCo-WPosT52I2nL8xKuS3c3VhkFSziruFwFCodV-PkW3edD9mqLY_XZVjsb_W1gAASMe0MoVhfmG1nuzw-eISdl3O8ugwI1a4NJyxTJkykc8NbUwHtCts41Ll2TUjD2DEiUtgdj3bL1Yb8zcmi14oy9nVY310oP6XuvQZV2A_Xh03gLSdOAJzoj8wa8-SjJA3INnw40HU0G4nGl5PDDxHzls9ZtaAB6wzl95p9ouD-eCwD9gKRrzKi_rd0xm5krotOoHakFr6E378FuKCnABLW_5eyGBJIFBAgEGAGSBQQIBRgEoAYugAevz6JyqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ7b0B0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwLQFQGAFwGyFxwKGggAEhRwdWItNTIwMDU1MTk0NTAyOTkzMBgA&sigh=HhzVGaefRT8&uach_m=[UACH]&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5200551945029930&output=html&h=280&slotname=2711088979&adk=2301864394&adf=2987723014&pi=t.ma~as.2711088979&w=528&fwrn=4&fwrnh=100&lmt=1664221087&rafmt=1&format=528x280&url=https%3A%2F%2Fsci-hub.mksa.top%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1664221087516&bpp=2&bdt=370&idt=170&shv=r20220922&mjsv=m202209200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6460666494671&frm=20&pv=1&ga_vid=1703649465.1664221088&ga_sid=1664221088&ga_hid=2053010582&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=536&ady=1552&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31069963%2C31069778%2C44772915&oid=2&pvsid=704804140147198&tmod=1965939157&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=ArCoIzzmGf&p=https%3A//sci-hub.mksa.top&dtd=176
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Mon, 26 Sep 2022 19:38:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 26 Sep 2022 19:38:08 GMT

GET
H3 200 bg_1.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 17 KB
17 KB 47ms
29ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/bg_1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c371090b5fcd6670cfdcb28956280a792d6ad8e00a7ba970ca986872bc84560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17250
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 1 KB
1 KB 63ms
46ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2a4636dbbec231cdc5226e9982d89696d84d25ba7b5ee583df2b676b143c13f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1428
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 bg2_3.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 26 KB
26 KB 55ms
37ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/bg2_3.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82ab72fa2f97156ff2a0f26632aad717067a6a7b19c5c59d0d5cbabf2f5a1f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26221
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl2_1.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 647 B
674 B 63ms
46ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl2_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e11b23e245d45d8a1a3fa9f1000dde5f3fd3892a7a2be9c00e58907ddb9502

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 647
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 sl2.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 693 B
720 B 64ms
47ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/sl2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6dfd41cb5a3018e45e285b6d0536ebb0b605cd76acfb903c51d0a02305542c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 693
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 img2.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 32 KB
32 KB 65ms
48ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/img2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d583ea3c55972bf946f984d36dd329a53520a73c07714c6a7dcb061c641ff84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 22:12:23 GMT
x-content-type-options: nosniff
age: 509145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33031
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 20 Sep 2023 22:12:23 GMT

GET
H3 200 sl3_2.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 1 KB
1 KB 74ms
57ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/sl3_2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975a9f61536d3194b1466d928619230e36f9113819bfd70bb539b0f20c08f0e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1389
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl3_4_1.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 3 KB
3 KB 74ms
58ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl3_4_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e661b33953c0ce5bcc1cfbe51756bbad35156019924311cf8aa21e1f6be1845

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2987
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 logo.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 2 KB
2 KB 75ms
59ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfb688b2df7dadfa2993c97a4bcf6abdae2f24a22e1dbd05d9327d04c89ce980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2103
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl3_4.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 2 KB
2 KB 63ms
47ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl3_4.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6ae1894c6a2c30174573b92182dcd7bd6e6c1f8eda863b85e87b13f819a1607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1954
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 cta.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 559 B
586 B 63ms
47ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/cta.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

202f96271d168513081a946f5d97f8df213d6fa7738b7a26b0e820b4c91380da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 559
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012209072154000/ 23 KB
8 KB 80ms
40ms Script
text/javascript 2a00:1450:400d:804::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012209072154000/amp4ads-host-v0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

17873839002d03ab8fa17154069088fc10f6e37b8f98a264f3cdb16fb4a8d7af

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 153064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7851
x-xss-protection: 0
server: sffe
date: Sun, 25 Sep 2022 01:07:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f9963e045a8389be"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 25 Sep 2023 01:07:04 GMT

GET
H3 200 bg_1.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 17 KB
17 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/bg_1.jpg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c371090b5fcd6670cfdcb28956280a792d6ad8e00a7ba970ca986872bc84560

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17250
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 1 KB
1 KB 23ms
21ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2a4636dbbec231cdc5226e9982d89696d84d25ba7b5ee583df2b676b143c13f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1428
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 bg2_3.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 26 KB
26 KB 23ms
21ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/bg2_3.jpg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82ab72fa2f97156ff2a0f26632aad717067a6a7b19c5c59d0d5cbabf2f5a1f30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26221
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl2_1.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 647 B
674 B 27ms
25ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl2_1.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e11b23e245d45d8a1a3fa9f1000dde5f3fd3892a7a2be9c00e58907ddb9502

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 647
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 sl2.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 693 B
720 B 28ms
26ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/sl2.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf6dfd41cb5a3018e45e285b6d0536ebb0b605cd76acfb903c51d0a02305542c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 693
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 img2.jpg
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 32 KB
32 KB 28ms
26ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/img2.jpg

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d583ea3c55972bf946f984d36dd329a53520a73c07714c6a7dcb061c641ff84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 22:12:23 GMT
x-content-type-options: nosniff
age: 509145
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33031
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 20 Sep 2023 22:12:23 GMT

GET
H3 200 sl3_2.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 1 KB
1 KB 29ms
27ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/sl3_2.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

975a9f61536d3194b1466d928619230e36f9113819bfd70bb539b0f20c08f0e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1389
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl3_4_1.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 3 KB
3 KB 29ms
28ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl3_4_1.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e661b33953c0ce5bcc1cfbe51756bbad35156019924311cf8aa21e1f6be1845

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2987
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 logo.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 2 KB
2 KB 31ms
29ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/logo.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bfb688b2df7dadfa2993c97a4bcf6abdae2f24a22e1dbd05d9327d04c89ce980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2103
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 hl3_4.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 2 KB
2 KB 31ms
30ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/hl3_4.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6ae1894c6a2c30174573b92182dcd7bd6e6c1f8eda863b85e87b13f819a1607

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1954
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H3 200 cta.png
tpc.googlesyndication.com/sadbundle/6732075288167657370/ Frame 3D5D 559 B
586 B 31ms
30ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/6732075288167657370/cta.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012209072154000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

202f96271d168513081a946f5d97f8df213d6fa7738b7a26b0e820b4c91380da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 07:42:09 GMT
x-content-type-options: nosniff
age: 42959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 559
x-xss-protection: 0
last-modified: Thu, 08 Sep 2022 16:30:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Sep 2023 07:42:09 GMT

GET
H2 200 metrics.js Show response
metrics.nt.vc/ Frame 0A8D 57 KB
23 KB 123ms
66ms Script
application/javascript 2606:4700:10::6816:6ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics.nt.vc/metrics.js?ii=6816649578727584&cn=rvrcnt6816649578727584&sz=728x90&cl=77&ee=&es=&dfp=0&ed=&eu=&ep=&est=&ec=&pl=7071663148712382&cr=131316&hu=&cg=&maid=&df=1&dapc=model_id,n,g&dapb=0&cgs=uvscg&iat=1664221089150&ev=iluvchdseaj&vic=
Requested by: Host: www.ebayadservices.com
URL: https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-166314-871238-2&mkcid=4&mkevt=2&mpt=2052249664&gdpr=&gdpr_consent=&campaignid={campaignid}&gclid={gclid}&siteid=77&icep_siteid=77&ipn=admain2&adtype=2&size=728x90&pgroup=560283&mpvc=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%26num%3D1%26sig%3DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%26client%3Dca-pub-5200551945029930%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:6ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15263ff49bcd8345fe7cb52412a528f6dabb2c29c1454eb0b5e27d9eadddd64a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 750e754f99a19b45-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-type: application/javascript

GET
H2 200 index.html Show response
secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/ Frame 2473 4 KB
2 KB 155ms
23ms Document
text/html 104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0

Requested by

Host: www.ebayadservices.com
URL: https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-166314-871238-2&mkcid=4&mkevt=2&mpt=2052249664&gdpr=&gdpr_consent=&campaignid={campaignid}&gclid={gclid}&siteid=77&icep_siteid=77&ipn=admain2&adtype=2&size=728x90&pgroup=560283&mpvc=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%26num%3D1%26sig%3DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%26client%3Dca-pub-5200551945029930%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

7d7ab07e3d133e66c4b39c6e78f6f32ed29814963f42f914804b182028355e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ebayadservices.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
akamai-grn: 0.9f6656b8.1664221089.188f241
cache-control: public, max-age=31536000, immutable
content-encoding: gzip
content-length: 1791
content-type: text/html
date: Mon, 26 Sep 2022 19:38:09 GMT
expires: Tue, 26 Sep 2023 19:38:09 GMT
rlogid: t6q%60uebwh%3D9whhq%60uebwh*m0%3Ewu%28rbpv6710-1833cb81f70-0xda
server: ebay server
strict-transport-security: max-age=31536000
suppress-x-frame-options: true
vary: Accept-Encoding
x-cache-lookup: MISS from include-cache-2:80
x-cdn: AKAMAI
x-content-type-options: nosniff
x-edgeconnect-midmile-rtt: 0
x-edgeconnect-origin-mex-latency: 629
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK adServerESI.aspx
secure.insightexpressai.com/adServer/ Frame 0A8D 0
0 306ms
51ms Image
text/html 2a02:26f0:10e:291::1ec4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.insightexpressai.com/adServer/adServerESI.aspx?script=false&bannerID=10243381&siteID=51242&creativeID=131316&placementID=560283&rnd=6816649578727584&redir=https://secure.insightexpressai.com/adserver/1pixel.gif
Requested by: Host: www.ebayadservices.com
URL: https://www.ebayadservices.com/marketingtracking/v1/ar?mkrid=707-166314-871238-2&mkcid=4&mkevt=2&mpt=2052249664&gdpr=&gdpr_consent=&campaignid={campaignid}&gclid={gclid}&siteid=77&icep_siteid=77&ipn=admain2&adtype=2&size=728x90&pgroup=560283&mpvc=https://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%26num%3D1%26sig%3DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%26client%3Dca-pub-5200551945029930%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10e:291::1ec4 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

POST
H3 200 _.7071663148712382.131316;csd=null;cst=0;pd=googleads.g.doubleclick.net;pp=%252F;sz=728x90;if=100;lt=1179;al=1;av=C1;nd=500;mv=28;ii=6816649578727584;el=62;
metrics.nt.vc/event/l/77/ Frame 0A8D 43 B
221 B 1272ms
1197ms Ping
image/gif 2606:4700:10::6816:6ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics.nt.vc/event/l/77/_.7071663148712382.131316;csd=null;cst=0;pd=googleads.g.doubleclick.net;pp=%252F;sz=728x90;if=100;lt=1179;al=1;av=C1;nd=500;mv=28;ii=6816649578727584;el=62;
Requested by: Host: metrics.nt.vc
URL: https://metrics.nt.vc/metrics.js?ii=6816649578727584&cn=rvrcnt6816649578727584&sz=728x90&cl=77&ee=&es=&dfp=0&ed=&eu=&ep=&est=&ec=&pl=7071663148712382&cr=131316&hu=&cg=&maid=&df=1&dapc=model_id,n,g&dapb=0&cgs=uvscg&iat=1664221089150&ev=iluvchdseaj&vic=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:6ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
access-control-allow-origin: https://www.ebayadservices.com, https://www.ebayadservices.com
cf-ray: 750e7550e8d19a15-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

POST
H3 200 _.7071663148712382.131316;dpd=g%25253D410112-0-1%252526n%25253D%252526model_id%25253D1%252526;ii=6816649578727584;el=63;
metrics.nt.vc/event/d/77/ Frame 0A8D 43 B
232 B 111ms
36ms Ping
image/gif 2606:4700:10::6816:6ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics.nt.vc/event/d/77/_.7071663148712382.131316;dpd=g%25253D410112-0-1%252526n%25253D%252526model_id%25253D1%252526;ii=6816649578727584;el=63;
Requested by: Host: metrics.nt.vc
URL: https://metrics.nt.vc/metrics.js?ii=6816649578727584&cn=rvrcnt6816649578727584&sz=728x90&cl=77&ee=&es=&dfp=0&ed=&eu=&ep=&est=&ec=&pl=7071663148712382&cr=131316&hu=&cg=&maid=&df=1&dapc=model_id,n,g&dapb=0&cgs=uvscg&iat=1664221089150&ev=iluvchdseaj&vic=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:6ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
access-control-allow-origin: https://www.ebayadservices.com
cf-ray: 750e7550e8da9a15-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

GET
DATA 200
OK truncated
/ Frame 0A8D 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type: image/gif

POST
H3 200 _.7071663148712382.131316;suet=frd;f_ssx=1600;f_ssy=1200;f_wsx=1600;f_wsy=1200;f_wpx=0;f_wpy=0;f_uam=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F53...
metrics.nt.vc/event/e/77/ Frame 0A8D 43 B
223 B 825ms
774ms Ping
image/gif 2606:4700:10::6816:6ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics.nt.vc/event/e/77/_.7071663148712382.131316;suet=frd;f_ssx=1600;f_ssy=1200;f_wsx=1600;f_wsy=1200;f_wpx=0;f_wpy=0;f_uam=Mozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F105.0.5195.125%2520Safari%252F537.36;f_dd=1;f_tan=-1.4214488238747245;f_hc=4;f_bem=1*11000010;f_sax=1600;f_say=1200;f_sat=0;f_sal=0;f_lng=en-US;f_lngs=en-US%252Cen;f_tm=0;f_bo=0;f_ild=1;f_if=1*111111-1000101010111011111100;ii=6816649578727584;el=87;
Requested by: Host: metrics.nt.vc
URL: https://metrics.nt.vc/metrics.js?ii=6816649578727584&cn=rvrcnt6816649578727584&sz=728x90&cl=77&ee=&es=&dfp=0&ed=&eu=&ep=&est=&ec=&pl=7071663148712382&cr=131316&hu=&cg=&maid=&df=1&dapc=model_id,n,g&dapb=0&cgs=uvscg&iat=1664221089150&ev=iluvchdseaj&vic=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:6ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:10 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
access-control-allow-origin: : https://www.ebayadservices.com, https://www.ebayadservices.com
cf-ray: 750e7550e8d79a15-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

GET
H2 200 createjs.min.js Show response
secureir.ebaystatic.com/cr/mscdn/8c75c7aa0444d01db83c924e9cffcee0/ Frame 2473 236 KB
63 KB 24ms
23ms Script
application/x-javascript 104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/8c75c7aa0444d01db83c924e9cffcee0/createjs.min.js

Requested by

Host: secureir.ebaystatic.com
URL: https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

ebay server /

Resource Hash

e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 73, 73, 93
suppress-x-frame-options: true
content-encoding: gzip
x-content-type-options: nosniff
x-cache-lookup: MISS from include-cache-1:80
x-cdn: AKAMAI, AKAMAI
akamai-grn: , 0.0733ca17.1661552320.13b15d37, 0.9f6656b8.1664221089.188f4e1
x-edgeconnect-midmile-rtt: 0, 0, 0
vary: Accept-Encoding
content-length: 63926
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
server: ebay server
date: Mon, 26 Sep 2022 19:38:09 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET
content-type: application/x-javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9whhq%60uebwh*ih%3Fto%28rbpv6710-182dc3c5ffc-0xcd
access-control-allow-headers: *
expires: Tue, 26 Sep 2023 19:38:09 GMT

GET
H2 200 javascript.js Show response
secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/ Frame 2473 47 KB
8 KB 45ms
45ms Script
application/x-javascript 104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/javascript.js?1663060681506

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

acb93136314655be58b4d24a30d903721ae25f69c675ba4265d69b8f7c56f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 675, 675
suppress-x-frame-options: true
content-encoding: br
x-content-type-options: nosniff
x-cache-lookup: HIT from include-cache-0:80
x-cdn: AKAMAI, AKAMAI
akamai-grn: 0.af346868.1663154119.48108de1, , , , , 0.9f6656b8.1664221089.188f4f2
x-edgeconnect-midmile-rtt: 9, 17
content-length: 7581
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Sep 2022 11:15:20 GMT
server: Akamai Resource Optimizer
date: Mon, 26 Sep 2022 19:38:09 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET
content-type: application/x-javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9iptq%60uebwh*g1%7C%7Dw%28rbpv670%3D-1833bb5e4c6-0xd0
access-control-allow-headers: *
expires: Tue, 26 Sep 2023 19:38:09 GMT

GET
H2 200 ffm.js Show response
secureir.ebaystatic.com/cr/mscdn/6277d85adc230fe8a17eb6e58859b42b/ Frame 2473 23 KB
7 KB 53ms
53ms Script
application/x-javascript 104.75.89.51
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://secureir.ebaystatic.com/cr/mscdn/6277d85adc230fe8a17eb6e58859b42b/ffm.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.75.89.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-51.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

8a792b187d7974f43960fbdb8b4fb5af8641920f8df59c07ee17e8377578ec41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secureir.ebaystatic.com/cr/mscdn/336b409a7ae9f000bed016b7e6b3d866/index.html?mpck=svcs.ebay.com%2Fdelstats%2Femail%2Flocation%3Fuser-id%3D43188348269%26ch%3D4%26ci%3D-1%26mobtrkcd%3D%26si%3D77%26et%3Dadclick%26loc%3Dhttps%2525253A%2525252F%2525252Frover.ebay.com%2525252Frover%2525252F1%2525252F707-166314-871238-2%2525252F4%2525253Fmpt%2525253D45488%25252526ff5%2525253D%25252526ff6%2525253D%25252526ff7%2525253D%25252526ff8%2525253D%25252526ff9%2525253D%25252526ff19%2525253D%25252526ext_id%2525253D%25252526ir_DAP_A1%2525253D0%25252526siteid%2525253D77%25252526ff10%2525253D131316%25252526ipn%2525253Dadmain2%25252526ff13%2525253D1%25252526ff14%2525253Dunknown%25252526ff20%2525253D0%25252526%26ff14%3Dunknown%26ff20%3D0%26mpcr%3D131316%26rvr_id%3D6816649578727584&mpt=&mpcr=131316&crdata=&imp_rvr_id=6816649578727584&siteID=77&mpcrgif=&mpvc=https%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253Dl%2526ai%253DCiFcDn_8xY9CILcjvtwfFwLHIB-GFw9Fspviv3KIQ_8u9_McBEAEggfuxfWCV2viBlAegAZbGm_4DyAEJqQIxut9TwTywPqgDAaoE8AFP0BQpOfTQ-cA3-HR7Kmd5Gwm5IygZOMvWEGzybpJF41S-zxTPS9xsggPyDMJ-7Gnv4FpbHX0_4EDJoYDlM3ylti7pYF5bPUddRNN3a_tk8NtLCUHje0jBj1SgbmRNkm7SrF8-aTrW7xYsjD5xVABo-xywRSroUKtUJR4R6UmhXegvTywTOhY_3ZiB2BVq9iI3JydMlVFG06jBXxPvbQ3XoUW8eS59mDhVvCHT-XzOKpsd6na5J8GJbyN9D3aWOk5AarkHWm9zDcLA6MEnL83L88voUDZe2tudnmlIvLbq8vpb7wkBXdP8XXXgpeC7_wLABIeLtbSLBKAGEYAHt_WXeagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCBEIgOGAEBABGB8yAqoCOgKAQIAKAZgLAcgLAYAMAbgMAdgTCtAVAZgWAfgWAYAXAQ%2526num%253D1%2526sig%253DAOD64_0ab_srcinkljKAJHG_V9t7YvVvSw%2526client%253Dca-pub-5200551945029930%2526adurl%253D&rvr_chocolate=true&rvr_ckquery=norover%3D1%26mkevt%3D1%26mkcid%3D4%26mkrid%3D707-166314-871238-2%26mpt%3D45488%26ff5%3D%26ff6%3D%26ff7%3D%26ff8%3D%26ff9%3D%26ff19%3D%26ext_id%3D%26ir_DAP_A1%3D0%26gclid%3D%7Bgclid%7D&mpvcget=0&mpvcredir=0
Origin: https://secureir.ebaystatic.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 74, 74, 74
suppress-x-frame-options: true
content-encoding: br
x-content-type-options: nosniff
x-cache-lookup: HIT from include-cache-0:80
x-cdn: AKAMAI, AKAMAI
akamai-grn: 0.cb403617.1661552391.b3c144f6, , , , 0.9f6656b8.1664221089.188f4fb
x-edgeconnect-midmile-rtt: 13, 130, 13
content-length: 6840
x-xss-protection: 1; mode=block
last-modified: Fri, 26 Aug 2022 22:19:52 GMT
server: Akamai Resource Optimizer
date: Mon, 26 Sep 2022 19:38:09 GMT
strict-transport-security: max-age=31536000
access-control-allow-methods: GET
content-type: application/x-javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
rlogid: t6q%60uebwh%3D9iptq%60uebwh*qt0a5%28rbpv670%3D-182dc3d756b-0xd9
access-control-allow-headers: *
expires: Tue, 26 Sep 2023 19:38:09 GMT

POST
H3 200 _.7071663148712382.131316;suet=crld;ii=6816649578727584;el=219;
metrics.nt.vc/event/e/77/ Frame 0A8D 43 B
221 B 272ms
271ms Ping
image/gif 2606:4700:10::6816:6ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://metrics.nt.vc/event/e/77/_.7071663148712382.131316;suet=crld;ii=6816649578727584;el=219;
Requested by: Host: metrics.nt.vc
URL: https://metrics.nt.vc/metrics.js?ii=6816649578727584&cn=rvrcnt6816649578727584&sz=728x90&cl=77&ee=&es=&dfp=0&ed=&eu=&ep=&est=&ec=&pl=7071663148712382&cr=131316&hu=&cg=&maid=&df=1&dapc=model_id,n,g&dapb=0&cgs=uvscg&iat=1664221089150&ev=iluvchdseaj&vic=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:6ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ebayadservices.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:09 GMT
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
access-control-allow-origin: https://www.ebayadservices.com, https://www.ebayadservices.com
cf-ray: 750e755169fa9a15-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 120 B
591 B 523ms
55ms Script
application/javascript 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=RvHwaundefinedtUt7fHH8cO&first=1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

8e3af5ccd73cb6a17c3f988bba1e33ae7ef81aadd9b436aa8845bba70d0dce13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 19:38:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Sep 2022 19:38:09 GMT

GET
H/1.1 200
OK process Show response
share.pluso.ru/ 120 B
591 B 528ms
61ms Script
application/javascript 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://share.pluso.ru/process?act=counter&u=https%3A%2F%2Fsci-hub.mksa.top%2F&w=1600&h=1200&ref=&uid=5473046666911051876&k=mRIzILh5e8g80aa1

Requested by

Host: img.sci-hub.shop
URL: https://img.sci-hub.shop/scihub/pluso-like.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

8e3af5ccd73cb6a17c3f988bba1e33ae7ef81aadd9b436aa8845bba70d0dce13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 19:38:10 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=259200
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Sep 2022 19:38:10 GMT

GET
H/1.1

200
OK

hit;PLUSO
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;PLUSO?r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

43 B
528 B

56ms
55ms

Image
image/gif

88.212.202.52
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1

Protocol

HTTP/1.1

Server

88.212.202.52 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host152.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 26 Sep 2022 19:38:09 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 25 Sep 2021 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 26 Sep 2022 19:38:09 GMT
Server: nginx/1.17.9
Strict-Transport-Security: max-age=86400
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;PLUSO?q;r;s1600*1200*24;uhttps%3A//sci-hub.mksa.top/;hSci-Hub;1
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sat, 25 Sep 2021 21:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 79ms
36ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220922&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f011ddee1b68dc2796bacddd977608fd2cca849df409fb4866910460088fcc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 26 Sep 2022 19:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11293
x-xss-protection: 0

GET
H/1.1 200
OK 06.png
share.pluso.ru/img/pluso-like/square/medium/ 23 KB
23 KB 574ms
109ms Image
image/png 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/pluso-like/square/medium/06.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 19:38:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-5b8f"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 23439
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK plus.png
share.pluso.ru/img/ 2 KB
3 KB 520ms
55ms Image
image/png 31.131.252.91
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://share.pluso.ru/img/plus.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.131.252.91 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Mon, 26 Sep 2022 19:38:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Apr 2015 11:02:40 GMT
Server: nginx
ETag: "552ba250-98a"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 2442
X-XSS-Protection: 1; mode=block

GET kb.js
kitbit.net/ 0
0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 26 Sep 2022 19:38:09 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 38BC 13 KB
5 KB 22ms
22ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 13178
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 15:58:31 GMT
expires: Tue, 26 Sep 2023 15:58:31 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame EC99 783 B
1 KB 168ms
33ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a9714728da4cbec2007e054c9562aea6c03760b118be4414c6ebb7e7c8b6bfa1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-KMazNL-iZaFOk4vNKFjEuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sci-hub.mksa.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-KMazNL-iZaFOk4vNKFjEuA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Sep 2022 19:38:09 GMT
expires: Mon, 26 Sep 2022 19:38:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 D52GskfJOxf5PECSshYwDvZZSmyyoPi_bK3LssDxWko.js Show response
pagead2.googlesyndication.com/bg/ Frame 38BC 36 KB
16 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/D52GskfJOxf5PECSshYwDvZZSmyyoPi_bK3LssDxWko.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f9d86b247c93b17f93c4092b216300ef6594a6cb2a0f8bf6cadcbb2c0f15a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Sun, 25 Sep 2022 18:44:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 89647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15913
x-xss-protection: 0
last-modified: Mon, 19 Sep 2022 14:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Sep 2023 18:44:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EC99 0
0 55ms
54ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220922&jk=704804140147198&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 38BC 0
10 B 21ms
21ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?VU6C3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Mon, 26 Sep 2022 19:38:09 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 57ms
57ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220922&jk=704804140147198&bg=!X1ylXBjNAAYIxsuQKMY7ACkAdvg8Wn6G_rpg4JimPR-EiK9bMIdxwG_TBNbORrR9BXJiuU1U69aBbQIAAABjUgAAAANoAQeZAqE3V1CRu1PveZlKgr2hzQX75dpFjED7K_X0bvuSgW0-C-X7a5bwqjpP7hyuX6SMqV_W56ZW7ASrIhQVwiTiWGfQFLHfLUtXafak3wu19A0QlOqhMRISN5R4cYCtanzVQmgPLCPVWYobJH_P6OgNjgb6xlIySbntnj9tZA0vqq2tCRt8AiUD7bhO__-qQV91CpQu7wYcvK9YnelPMjlfXa3hPxJ1coR8XXNy7bjLSYgcyqGAYNiJf-fgq3dFLNeOmeHVAb2BVO4id0bnX1vsRNU-iKafHAqsdylgUXTuXSG0rNsgzRzCqm0a4NwQLoPieOScfw33rm3fcdnz04CTSOGRtSOSl0EZ20gdc4EuwkhjHh85AXzPntNNyGIMatamrvKKpffR7xgcLGElZp2FZWoNzCHH-3xzTLHIiPjjD3kE0-kjngEZZJYnwCW8q6tuISZ6zIjYOwqShu2C9Jbs5LP8nevyG0nUHeCkgHCIUaLpU_P5bhAwNrZygoiLo-SBpGf01GNvfP4lvsNdJImGzCvtN8VHCcCNhqwlo7V4o54C1a-QIA0WwT2cLJg0u_LW2xd8i9BG4UdFJxNdJI1menoZ_T66i-a1apxHW7BAx9z37gvyRKC4IvH_1_EQIocCAJ4WmZO-0LHCie1Ufb7rzkwBhssTd4zSn7Yxo2fcaS8yY4eb0bL4AC6crzdlJQmDoP4CeByAccEvkB8GF1O0Vlyd2mLyzGvJytPmulgJMk61BBx10gywRNCB3bMgEcL3EfmrPus03kUdicMJMgmsMgd5W1lR_FNGDR-NUls6TBec037K9toyE6odiviURCepogmDyChoE8bfvR3x3caRfuur5T1CReJER0RJPEeP26wMnClvvWPHAreAbWEDxt063amF
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sci-hub.mksa.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: img.sci-hub.shop
URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2

Domain: kitbit.net
URL: https://kitbit.net/kb.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sci-Hub (Consumer)

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.ebayadservices.com/marketingtracking/v1	1970-01-20 08:26:37	Name: adguid Value: 41200de2d5bf44258f66255e47b84f4c
.mksa.top/	1970-01-20 15:38:37	Name: __gads Value: ID=d16360298f237628-228acf8e2fce0032:T=1664221087:RT=1664221087:S=ALNI_MZDISbBoBw7T2tYdjk6v3bRprRbFw
.doubleclick.net/	1970-01-20 15:38:37	Name: IDE Value: AHWqTUm6BeS8PvOyV8rKMzMEmrZvT-UrWYgHThmaKMIaEUWhbj5R49_8agQ7BE05T1U
.insightexpressai.com/	1970-01-20 07:54:51	Name: TID Value: 00000000-0000-0033-8a02-3e1664221089
.insightexpressai.com/	1970-01-20 07:54:51	Name: DW Value: 00000000-0000-0033-8a02-3e1664221089
.insightexpressai.com/	1970-01-20 07:54:51	Name: DW_Time Value: 1664221089
.yadro.ru/	1970-01-20 15:01:15	Name: FTID Value: 1ZCV-X1LSyOP1ZCV-X003SDU
.yadro.ru/	1970-01-20 15:01:15	Name: VID Value: 17qXaL0o0y8P1ZCV-X0032GH

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://sci-hub.mksa.top/ Message: Access to font at 'https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2' from origin 'https://sci-hub.mksa.top' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://img.sci-hub.shop/misc/fonts/AvenirLTW01-55Roman.woff2 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://cdn.ampproject.org/rtv/012209072154000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cdn.ampproject.org
counter.yadro.ru
googleads.g.doubleclick.net
img.sci-hub.shop
kitbit.net
metrics.nt.vc
pagead2.googlesyndication.com
partner.googleadservices.com
sci-hub.mksa.top
secure.insightexpressai.com
secureir.ebaystatic.com
share.pluso.ru
tpc.googlesyndication.com
www.ebayadservices.com
www.google.com
www.googletagservices.com
img.sci-hub.shop
kitbit.net
104.75.89.51
209.140.129.66
2606:4700:10::6816:6ac
2606:4700:3033::ac43:a162
2606:4700:3036::ac43:807a
2a00:1450:4001:808::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2001
2a00:1450:4001:831::2002
2a00:1450:400d:804::2001
2a00:1450:400d:805::2002
2a02:26f0:10e:291::1ec4
31.131.252.91
88.212.202.52
0f9d86b247c93b17f93c4092b216300ef6594a6cb2a0f8bf6cadcbb2c0f15a4a
125ef9e8cac071be547016f215e726b1f17be04068441bb35847bf565c89e4c3
14e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
15263ff49bcd8345fe7cb52412a528f6dabb2c29c1454eb0b5e27d9eadddd64a
17873839002d03ab8fa17154069088fc10f6e37b8f98a264f3cdb16fb4a8d7af
1f6720f9b1b728e80c6f618a5aac450c6f6df834dd8f0e8b4059ac78a90af7af
202f96271d168513081a946f5d97f8df213d6fa7738b7a26b0e820b4c91380da
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3860c6aa1cdef6ed8bf7315bbfbdc1237d14f68ea2e7a55bcccb9e77662d1b7f
3f1507cdd747d72d9fe47ed4152639c3f85b4742a5a40ab624d3ae72174c2834
44e857b78e5b61610566603bed79bceb9a60415b2795cfdf907346cb026d2450
454e4bc03b54bff4716e23ac8be68737dffd664ea64400effdc9ff4581e89586
460b964d7227b7963094c56a6449ed520818785ccb2eb6ecfe8be595fee74232
46dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
4b225ff2e35c8db5378d2ac271c993cbdf6c900aceec3a3eee1c31421e4dc44a
4b90e13ebc85d7fd3dc0e2665b491ad10fc544cf8bc57f76ed39459c0e02f2b8
4e661b33953c0ce5bcc1cfbe51756bbad35156019924311cf8aa21e1f6be1845
523fa7d4a98ffdcc681802c90df7e767a245a2847f51f795ed0a7bacfe3150bc
527d0808216e24ce838e14ffd686947cd4a8719fd9562a21412ed08c8ac14614
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5f011ddee1b68dc2796bacddd977608fd2cca849df409fb4866910460088fcc2
607150d742ffb67d983e9bd23ab87e0d436f68776c67898c57db306319840cb5
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
68a2d7e93b2fb38d6ddb0a2230875f96e646f5217d7057fe3235d901a2173eaf
71b01867aed65c1dbfee1c6945abce415cb740eca95963f2f6e34cfe71962dd7
7664005a99b57119382ccaad339dd6a2ca6e1c28b6e441d35e060912e98843ce
777ac2fe83a69b31fdfc9380a9e8258c75a628bd6c877a00f4465d0ec6e14d83
784eb14774a9a419af32c02c2d16cf197ef2701afc2ea65b58c3a574ed5458bd
7c371090b5fcd6670cfdcb28956280a792d6ad8e00a7ba970ca986872bc84560
7d7ab07e3d133e66c4b39c6e78f6f32ed29814963f42f914804b182028355e79
7d9be8bca8e99d3e4df920b526377cdc77fe018083325fa9ca149dd4844b7b28
7f3abdf0859cf36c2821963a7266a955fd4bd5fe491f997d9d8dae3f3957cf75
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82ab72fa2f97156ff2a0f26632aad717067a6a7b19c5c59d0d5cbabf2f5a1f30
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
8a792b187d7974f43960fbdb8b4fb5af8641920f8df59c07ee17e8377578ec41
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
8e3af5ccd73cb6a17c3f988bba1e33ae7ef81aadd9b436aa8845bba70d0dce13
975a9f61536d3194b1466d928619230e36f9113819bfd70bb539b0f20c08f0e1
9a36dc3faa7465f00c345574ceef176d14dced1944508299c9dd5a61c7f7c8be
9d583ea3c55972bf946f984d36dd329a53520a73c07714c6a7dcb061c641ff84
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a88d699bbf9f25fa9a614e4af43982e1096bd9f918a3f5adcaace243ae5cfebc
a9714728da4cbec2007e054c9562aea6c03760b118be4414c6ebb7e7c8b6bfa1
ab720224c1548ed676ca1a6e9f2ecbb3d92fe43ab4e573de9246e48f440a4636
acb93136314655be58b4d24a30d903721ae25f69c675ba4265d69b8f7c56f277
b6ae1894c6a2c30174573b92182dcd7bd6e6c1f8eda863b85e87b13f819a1607
b8e11b23e245d45d8a1a3fa9f1000dde5f3fd3892a7a2be9c00e58907ddb9502
b8e3e37a00f298198fe34abc7c237a0b3c21659f668e142dcf5bc467bae0de23
bdf72009ad226c17f1954ba602292902a780b80af07dbcbab1322bdf5c32be66
bf6dfd41cb5a3018e45e285b6d0536ebb0b605cd76acfb903c51d0a02305542c
bfb688b2df7dadfa2993c97a4bcf6abdae2f24a22e1dbd05d9327d04c89ce980
c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
c2a4636dbbec231cdc5226e9982d89696d84d25ba7b5ee583df2b676b143c13f
c39e9db358e5d8045bebf902ed71b49c17d66f175c8ce0dcaeec96ec7d09090b
c930cfd1a633df3f92e6104e291b65534f21a32f3e1fe1d4bfb3b5eb7df17c74
c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
d485f54c3ae5920cd21c8d180458c50f092554777b97f9c52ac6f76359838a05
d862ec0d2b72e9f1575615db28f4196cbf0f586adb2208c605c691d6e06ee6ed
dabaf1eee4ae1c1db524c66d6950221386ef064a71d29b9f799d1905d64456b6
dd22c52347ad42343ca4c6fa76a783715312f1f4a35e97f937611a5b26aa2354
e319892f7f2a6e0a6790ff3274eaec39df67d671429aef64ae798ef6792b6fe3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e9e22e1939a3ed86e983c54d57d6ca2ba5657d6be55254898164234556825c7b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef2068bf405d2b75459fbcac81d631730c9060629185a07259b5e00b27338036
efff01c62418d6f4467c02e31f8c01ec7c4459e9310654f6dcbc30120a385209
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
fb18789ccaf0c6e98b7e01d1812c73b8423e890937bc3d0e97bb87ce65e307aa
ff03fb35159e9cc4104b52e40b4153040df127e8cbeb3a7f351a4951b0008c28

sci-hub.mksa.top Open in urlscan Pro 2606:4700:3036::ac43:807a Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

100 Requests

93 %HTTPS

75 %IPv6

16 Domains

18 Subdomains

17 IPs

5 Countries

1441 kBTransfer

3105 kBSize

8 Cookies

4 Outgoing links

Page URL History

Redirected requests

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

sci-hub.mksa.top Open in urlscan Pro
2606:4700:3036::ac43:807a Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

100
Requests

93 %
HTTPS

75 %
IPv6

16
Domains

18
Subdomains

17
IPs

5
Countries

1441 kB
Transfer

3105 kB
Size

8
Cookies

100 HTTP transactions
2 data transactions