ttdown.org Open in urlscan Pro
51.83.201.29 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ttdown.org/
Effective URL:
https://ttdown.org/
Submission: On October 20 via api (October 20th 2022, 8:14:30 am UTC) from SG — Scanned from FR

Summary HTTP 132 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 21 domains to perform 132 HTTP transactions. The main IP is 51.83.201.29, located in France and belongs to OVH, FR. The main domain is ttdown.org.
TLS certificate: Issued by R3 on October 12th 2022. Valid for: 3 months.

This is the only time ttdown.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	51.83.201.29 51.83.201.29	16276 (OVH) (OVH)
6	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
11	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
2 2	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
13	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2 2	34.98.67.61 34.98.67.61	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3 3	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	3.121.8.30 3.121.8.30	16509 (AMAZON-02) (AMAZON-02)
132	18

6 51.83.201.29 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip29.ip-51-83-201.eu

ttdown.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ef75:8280:f209:5ba1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.192.160.219 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.67.61 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.19 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.138 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 3 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.8.30 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-8-30.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	496 KB
29	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	171 KB
18	gstatic.com fonts.gstatic.com www.gstatic.com	290 KB
8	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	6 KB
6	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 78 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 216	159 KB
6	ttdown.org 1 redirects ttdown.org	17 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	233 KB
3	casalemedia.com 3 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 439	3 KB
3	openx.net 3 redirects rtb.openx.net — Cisco Umbrella Rank: 1521	602 B
3	google.fr adservice.google.fr — Cisco Umbrella Rank: 30859	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 347	921 B
2	mookie1.com 2 redirects odr.mookie1.com — Cisco Umbrella Rank: 987	744 B
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1445	1 KB
2	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 729	794 B
2	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2328	37 KB
1	agkn.com 1 redirects d.agkn.com — Cisco Umbrella Rank: 651	759 B
1	pubmatic.com image6.pubmatic.com — Cisco Umbrella Rank: 671	166 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 888	696 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 677	30 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
132	21

	Domain	Requested by
30	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
16	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net ttdown.org
16	pagead2.googlesyndication.com	ttdown.org pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com
13	cm.g.doubleclick.net	ttdown.org googleads.g.doubleclick.net
11	fonts.gstatic.com	fonts.googleapis.com
8	fonts.googleapis.com	ttdown.org googleads.g.doubleclick.net
7	www.gstatic.com	googleads.g.doubleclick.net
6	cdnjs.cloudflare.com	ttdown.org cdnjs.cloudflare.com
6	ttdown.org	1 redirects ttdown.org
5	www.googletagservices.com	googleads.g.doubleclick.net
3	ssum-sec.casalemedia.com	3 redirects
3	rtb.openx.net	3 redirects
3	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
3	adservice.google.com	pagead2.googlesyndication.com
3	adservice.google.fr	pagead2.googlesyndication.com
2	pixel.rubiconproject.com	2 redirects
2	odr.mookie1.com	2 redirects
2	e.dlx.addthis.com	2 redirects
2	cms.quantserve.com	1 redirects googleads.g.doubleclick.net
2	stackpath.bootstrapcdn.com	ttdown.org
1	d.agkn.com	1 redirects
1	image6.pubmatic.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	ttdown.org
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
132	25

This site contains links to these domains. Also see Links.

Domain
www.tiktok.com
en.wikipedia.org
www.facebook.com
twitter.com
www.linkedin.com
www.tumblr.com

Subject Issuer	Validity	Valid
ttdown.org R3	`2022-10-12` - `2023-01-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-03` - `2023-08-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh

This page contains 21 frames:

Primary Page: https://ttdown.org/
Frame ID: 60484075B273BA45E27EF4F13C03255B
Requests: 35 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20190131/zrt_lookup.html
Frame ID: 694BF7118D70B3A2D3EA8FE770D34623
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&adk=2020088507&adf=637443794&lmt=1666253666&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fttdown.org%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666279&bpp=10&bdt=211&idt=198&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1540185210824&frm=20&pv=2&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=215
Frame ID: D7A2C9192A1132CF2D21A271DD841AF6
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=1266370990&adf=2427394704&pi=t.aa~a.2146518072~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1666253666&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666289&bpp=3&bdt=220&idt=211&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3SIu6MCsDR&p=https%3A//ttdown.org&dtd=215
Frame ID: CF8F201898D3411CCDCEAFC9E02B3271
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js
Frame ID: 4E1D7DA37212E0A9DBE584CCEA150DDA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=2641485162&pi=t.aa~a.827312887~i.4~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2237&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=1g7rbVXlGz&p=https%3A//ttdown.org&dtd=15
Frame ID: 3EE32BF27F942D8107CB4838D079D237
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=2244495584&pi=t.aa~a.827312887~i.13~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280&nras=4&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=jZbczfP0xu&p=https%3A//ttdown.org&dtd=19
Frame ID: 338D1C43D9D9C2F491F3B627E0506C42
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=4242353128&pi=t.aa~a.827312887~i.15~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280&nras=5&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=3027&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=h4SKHjcsm3&p=https%3A//ttdown.org&dtd=22
Frame ID: 1DCC4CBEC7477BCB0BFFD016BE394E40
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25
Frame ID: 1F584DD4B8593B4D0E5A168FC19506F0
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1
Frame ID: 4A37CE841AB396D564097995F43AF48A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1
Frame ID: B9AF7A0E97A316519D5222B9E4106997
Requests: 14 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: 80661A9C0F5B82458DA2F7D2EFBE01E2
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: FC9CC9C6334224A0AD83DD7D0393CA1D
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js
Frame ID: BDC704EC990F911F785DB27C1F310359
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416
Frame ID: 68B650534E9E6C0211AE08887BCB0659
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4FB8870F44A93DB1F2F1736CF9385B52
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js
Frame ID: 72EF49B18B76115A3C5D8FD91602A1FA
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A3EB47859957C10AAEB4B8F8B1741691
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js
Frame ID: A5E3D79AD69BE803DE4B78B34426FEB9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C47805C9AB6948FAAE697412932E039B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F5D5D031269C8C1773F583A60A295230
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

download tiktok video in mp4 & mp3 formats free at ttdown.org

Page URL History Show full URLs

http://ttdown.org/ HTTP 301
https://ttdown.org/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

91 %
HTTPS

61 %
IPv6

21
Domains

25
Subdomains

18
IPs

5
Countries

1441 kB
Transfer

3447 kB
Size

26
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.tiktok.com/
Title: click here

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Bookmarklet
Title: bookmarklet

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://ttdown.org

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=Download+twitter+Videos+Free+Fast+Secire&url=https://ttdown.org

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://ttdown.org&title=Download+twitter+Videos&summary=you+gotta+get+on+this&source=https://ttdown.org

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https://ttdown.org&name=twitter+Video+Downloader&description=good+stuff

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ttdown.org/ HTTP 301
https://ttdown.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 97

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXoj1xlNjL4ufNUrlFbfYI4JyObyWAHJo&google_gid=CAESEFzVEKzDfLr-y9LLpfuCl0k&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXoj1xlNjL4ufNUrlFbfYI4JyObyWAHJo&google_gid=CAESEFzVEKzDfLr-y9LLpfuCl0k&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjAwODE0MjgwMDAxNDcxNTY5MzQxNA%3D%3D&google_push=AZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXoj1xlNjL4ufNUrlFbfYI4JyObyWAHJo

Request Chain 98

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEE0U56Uuv8DlL-oh-Im9l98&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_VbMUaHH&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_VbMUaHH&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE

Request Chain 99

https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&google_hm=rg38dOlbxPEN_7WnKJTGEw==

Request Chain 101

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPuquyF9NpF4O1zZbD5EVv8&google_cver=1&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKilOM-vT6wRHHsPtqvHz1vQdPbU5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVTkUtMTMtNjBYSA==&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKilOM-vT6wRHHsPtqvHz1vQdPbU5

Request Chain 102

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_cver=1&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-o6T7v0qfwO0GH0JSEGKCWgKaVbOMheEjxkmlHQUf-zfjcnzXmTaDS1mc97tIsE HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-o6T7v0qfwO0GH0JSEGKCWgKaVbOMheEjxkmlHQUf-zfjcnzXmTaDS1mc97tIsE&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-o6T7v0qfwO0GH0JSEGKCWgKaVbOMheEjxkmlHQUf-zfjcnzXmTaDS1mc97tIsE

Request Chain 117

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAJajdvsXiQ8_z53c20pvI0&google_cver=1&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUXfnapxR4NDD6YsjcAr8eRZORhIyXx-61aVP3MKLN1-n HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUXfnapxR4NDD6YsjcAr8eRZORhIyXx-61aVP3MKLN1-n&google_hm=YGfxsxkTod_pbEIekp71mw

Request Chain 118

https://d.agkn.com/pixel/2175/?google_gid=CAESEKtJ-u-nsY1Q8j2ML8iOMds&google_cver=1&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw&google_hm=Q0FFU0VLdEotdS1uc1kxUThqMk1MOGlPTWRz

Request Chain 119

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEE0U56Uuv8DlL-oh-Im9l98&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRNWtYFD&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRNWtYFD&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE

Request Chain 120

https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t&google_hm=rg38dOlbxPEN_7WnKJTGEw==

Request Chain 121

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPuquyF9NpF4O1zZbD5EVv8&google_cver=1&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLtRZUDVYTfOJrrJvj_j-9TXS5Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVVFItMUItRFpXTg==&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLtRZUDVYTfOJrrJvj_j-9TXS5Y

Request Chain 122

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_cver=1&google_push=AZmPxg8KpFWTIP4iuJ8yVjtg2ghCuJy-XmVPPQi1o0g-_r-YOYXTWGniL-FFxa2CwXLZpVTzVdaAH1d2cXEEb6Q7jA65zjpTAdr3 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg8KpFWTIP4iuJ8yVjtg2ghCuJy-XmVPPQi1o0g-_r-YOYXTWGniL-FFxa2CwXLZpVTzVdaAH1d2cXEEb6Q7jA65zjpTAdr3

132 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ttdown.org/
Redirect Chain

http://ttdown.org/
https://ttdown.org/

23 KB
8 KB

193ms
105ms

Document
text/html

51.83.201.29
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.201.29 , France, ASN16276 (OVH, FR),
Reverse DNS: ip29.ip-51-83-201.eu
Software: nginx/1.20.1 / PHP/7.3.15
Resource Hash: ff3dad3e0cb09821ea020b7bf616e9255a536be70e71193743420ebcafa83113

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 20 Oct 2022 08:14:26 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx/1.20.1
vary: Accept-Encoding
x-powered-by: PHP/7.3.15

Redirect headers

Connection: keep-alive
Content-Length: 169
Content-Type: text/html
Date: Thu, 20 Oct 2022 08:14:25 GMT
Location: https://ttdown.org/
Server: nginx/1.20.1

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/ 48 KB
9 KB 71ms
27ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3803295
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8608
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-be09"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XF4SsiGvAgBHklnrHBB4fOFTYbs%2B5SkP3wTrcn33untvJUGtrmCDQhfpLu%2B4Kq2pGbHUPcsk9v3xLTHlbBFDjwMnPilPo4pFi4QEwgzkXopjh3D7bhyTI6Qd%2FxRrI2bM%2FHKPMZdyPBM%2F5EIN2nPCG9sa"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc54c1ad35b-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
978 B 99ms
39ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&display=swap

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9879cef4177833f2835c5743dfcd5403fab2bbaf835fefbfec36020dd36ab5b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 07:56:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:26 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
636 B 105ms
46ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,400&display=swap

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ced66d73fd7c25b10179bcd53997722aa5d789563426ce9fb45dd0002b83f7e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 08:14:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:26 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
49 KB 131ms
63ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

acce1fa5f2bd3b2f24e9ab28a478fde632b8ec9aeab411e3be0bf3d68697989c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49323
x-xss-protection: 0
server: cafe
etag: 5373775487353133572
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 08:14:26 GMT

GET
H2 200 ttdown-tiktok-download-logo-small.gif
ttdown.org/img/ 3 KB
3 KB 95ms
95ms Image
image/gif 51.83.201.29
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ttdown.org/img/ttdown-tiktok-download-logo-small.gif
Requested by: Host: ttdown.org
URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.201.29 , France, ASN16276 (OVH, FR),
Reverse DNS: ip29.ip-51-83-201.eu
Software: nginx/1.20.1 /
Resource Hash: 21c2d6302a4d274fba11433436022a7e1e4f076af1017031c2679b6dcf5eb230

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
last-modified: Thu, 05 Mar 2020 03:30:40 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e607260-d1c"
content-length: 3356
content-type: image/gif

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 138 KB
22 KB 73ms
32ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ttdown.org/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 951
age: 5615620
cdn-cachedat: 07/25/2022 03:11:38
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"04aca1f4cd3ec3c05a75a879f3be75a3"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 7ecda9ee58ffd1ac561d5bef77a273cb
timing-allow-origin: *
cdn-requestcountrycode: FR
cdn-status: 200
cf-ray: 75d04cc55df799bd-CDG
cdn-requestpullsuccess: True

GET
H2 200 default.css
ttdown.org/css/ 10 KB
3 KB 101ms
99ms Stylesheet
text/css 51.83.201.29
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ttdown.org/css/default.css?v00003
Requested by: Host: ttdown.org
URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.201.29 , France, ASN16276 (OVH, FR),
Reverse DNS: ip29.ip-51-83-201.eu
Software: nginx/1.20.1 /
Resource Hash: 36b425707de4faa39f3d768f13f7f4c72dbc9103f0a68f6ad7e0298fd5449dba

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
last-modified: Thu, 05 Mar 2020 03:30:39 GMT
server: nginx/1.20.1
etag: W/"5e60725f-297e"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 72ms
22ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: ttdown.org
URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer: https://ttdown.org/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-1538f"
vary: Accept-Encoding
x-hw: 1666253666.dop224.pa1.t,1666253666.cds029.pa1.hn,1666253666.cds240.pa1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
14 KB 78ms
37ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ttdown.org/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 947
age: 634934
cdn-cachedat: 07/16/2022 17:19:19
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"67176c242e1bdc20603c878dee836df3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 904a817527e05453088b2e93210513d8
timing-allow-origin: *
cdn-requestcountrycode: FR
cdn-status: 200
cf-ray: 75d04cc55dfa99bd-CDG
cdn-requestpullsuccess: True

GET
H2 200 jquery.easing.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/ 2 KB
1 KB 65ms
39ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 643064
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 747
last-modified: Mon, 04 May 2020 16:11:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec1-9e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iuUSOFAaH2J40FZqUEmdAiuUDsX%2FYwYeAuN2aA7aa%2FRe0kCUHpEA2mFFl7H6s9bldTy%2BOwuA6TaH9bMZ43WMwoaWgkX72S6P2VGMR%2BQMMwcHgj28m31dk7mJ86lNj1P%2F3BvZtp3ArFgeZNoh%2BBY1IVeE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc54c1dd35b-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H2 200 jquery.lazy.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.lazy/1.7.10/ 5 KB
2 KB 89ms
63ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.lazy/1.7.10/jquery.lazy.min.js

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64fbc7f830625ecd6ff3293b96665aebec2a9be9336f02fd47508eb59f7ec23a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1402216
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2092
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-139f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbOYKkmSHUOVclqtFetvKmN3VlF247prF080q77%2BE4%2BVD%2BEbCXdHi6HWLL2Qdg6i0ysuc71W7mQ6bhaLG%2FgsYGbmbgbKfSwBZMA%2FsTS02yoa8IImtBeiPBHdvKSHx0z4GpYRCpw7cAslqzaXAN%2FekU64"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc54c1cd35b-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H2 200 default.js Show response
ttdown.org/js/ 4 KB
2 KB 99ms
98ms Script
application/javascript 51.83.201.29
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ttdown.org/js/default.js?v0007
Requested by: Host: ttdown.org
URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.201.29 , France, ASN16276 (OVH, FR),
Reverse DNS: ip29.ip-51-83-201.eu
Software: nginx/1.20.1 /
Resource Hash: 8b2474b764a8cfd1b5664776d16b24ba4a2a3519734ebb7d83dda5447f3c976c

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
last-modified: Tue, 22 Feb 2022 12:29:44 GMT
server: nginx/1.20.1
etag: W/"6214d738-11cc"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery.lazy.av.min.js Show response
ttdown.org/vendor/ 1001 B
737 B 96ms
95ms Script
application/javascript 51.83.201.29
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ttdown.org/vendor/jquery.lazy.av.min.js
Requested by: Host: ttdown.org
URL: https://ttdown.org/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.201.29 , France, ASN16276 (OVH, FR),
Reverse DNS: ip29.ip-51-83-201.eu
Software: nginx/1.20.1 /
Resource Hash: 4b2ddf9caf0636f523f0ce76e534131e699e82a8b79fbf7e37ca48e9c69f1f75

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
last-modified: Thu, 05 Mar 2020 03:30:44 GMT
server: nginx/1.20.1
etag: W/"5e607264-3e9"
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/ 66 KB
66 KB 69ms
47ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90f1126b989142c6bc5d440d488b3cad4e6ef9d421c5735fc733eca246dc37b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 3593052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 67400
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-10748"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n59GoRufW%2Fi7E5FdifHMW4gZTanneDMX0nj85S%2FNMZvfJShi2ov1PCAtbQk7hnKDBuGjZ3UWU4xuoDOtL5y3ti8NRNcOCRj8Xjv6Nb2q8lTibmEyKRYD6NCQT28wdvQHf6GDE5xDo%2B5qI88sak7tqaXo"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc59902d3af-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/ 64 KB
64 KB 162ms
141ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b2f16d928f9ac95f54a28ca48aa43ef5196f4870789a5822d781caf6dd51375

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2636956
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65316
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-ff24"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27zTfUQ7w3LHhXjgdlS1RA8h7%2FYcj%2BWWIdrL%2BgSNvYEZZVkNDd6mS4P8jsFQZ%2BVcyURk2OWWWrA26eszT%2F4tuKA%2FQcX00MUtt8Mh5PryqCVCyiZt3tv%2F6imTKVJrXqMSq60yshYpU55%2FfljFoPZNMnT3"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc59904d3af-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H3 200 fa-regular-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/ 15 KB
15 KB 47ms
26ms Font
application/octet-stream 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/webfonts/fa-regular-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

086ef1821ec1abf73e68581524767210cbbcc879ae07def1cf46fc9fff4e9d4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.3.1/css/all.min.css
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1387364
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14868
last-modified: Mon, 04 May 2020 16:10:08 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e60-3a14"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iquFBO44zqbvimlKLnjlEyCHAhobqtnHUCbSEiCcBQi%2BzJs2Fqtc0Wu%2FGPKGP6%2Bl1jSCLyWGo2Tsy%2Fmb5%2FuTxwp%2FbB%2FszdntkHAzy8E%2By82cph%2FJSs4FUIH9QozhY6nFKz7ld4oav%2BoB3b1syWwq%2BdGw"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 75d04cc59905d3af-CDG
expires: Tue, 10 Oct 2023 08:14:26 GMT

GET
H2 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 30 KB
30 KB 140ms
77ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 01:41:22 GMT
x-content-type-options: nosniff
age: 541984
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30928
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 01:41:22 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
24 KB 90ms
27ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 140777
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Oct 2023 17:08:09 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 114ms
52ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 09:59:57 GMT
x-content-type-options: nosniff
age: 512069
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 09:59:57 GMT

GET
H2 200 S6u8w4BMUTPHjxsAXC-q.woff2
fonts.gstatic.com/s/lato/v23/ 24 KB
24 KB 124ms
63ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHjxsAXC-q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ttdown.org
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:09:03 GMT
x-content-type-options: nosniff
age: 140723
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24408
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:50:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Oct 2023 17:09:03 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210120101/ 353 KB
116 KB 124ms
68ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0916766851103338&plah=ttdown.org&bust=31070367

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62a743da1ce1ba9936c36fe61ba3975c6c24943d1c6180ad9b654027759faef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118719
x-xss-protection: 0
server: cafe
etag: 799242690337105945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 08:14:26 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221018/r20190131/ Frame 694B 10 KB
5 KB 88ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221018/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 37355
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 21:51:51 GMT
etag: 9671129459699598864
expires: Wed, 02 Nov 2022 21:51:51 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 387 B
696 B 129ms
35ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ttdown.org&callback=_gfp_s_&client=ca-pub-0916766851103338&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-0916766851103338&plah=ttdown.org&bust=31070367

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d540852df11d127bf96d08e3b1d14b2853afc6950cce676378c358993919848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
792 B 96ms
36ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 98ms
39ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 61ms
61ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fttdown.org%2F&tn=NAV&id=mainNav&cls=navbar%20navbar-expand-lg%20bg-secondary%20fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D7A2 246 KB
58 KB 809ms
755ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&adk=2020088507&adf=637443794&lmt=1666253666&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fttdown.org%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666279&bpp=10&bdt=211&idt=198&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1540185210824&frm=20&pv=2&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=215

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d1541ce0a18754621098a7293d5cd63c6769b497650e92e024408808ce8d271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 59231
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
expires: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CF8F 98 KB
33 KB 503ms
458ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=1266370990&adf=2427394704&pi=t.aa~a.2146518072~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1666253666&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666289&bpp=3&bdt=220&idt=211&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3SIu6MCsDR&p=https%3A//ttdown.org&dtd=215

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bea7a971b3627cf866881836881ec79decba9f5aa544552067632d3a1a6fc54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 33832
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:26 GMT
expires: Thu, 20 Oct 2022 08:14:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame CF8F 8 KB
895 B 90ms
37ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=1266370990&adf=2427394704&pi=t.aa~a.2146518072~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1666253666&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666289&bpp=3&bdt=220&idt=211&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3SIu6MCsDR&p=https%3A//ttdown.org&dtd=215

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 08:03:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame CF8F 2 KB
956 B 124ms
63ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame CF8F 0
0 70ms
70ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Co7vKYgNRY6jCJqyHrr4P4Oan0A_b873dbM3SwMm1ENnZHhABII7dnwNg-wGgAY6Evd0DyAEJqQJYXZ1Q6lOLPqgDAcgDywSqBMkBT9AzF-EPKvECl_HIsw_FxmmHttPvC9fSl0zXtB84GMNMBHUDv2w_zJ-QPrwEnqL5fPfP6T6S0gkJourm3TQcjp6R-RrkCBxW4cuS0O0sLvFfJ3ztL8fdxlzZMm-t254nkUVbYnK2_gre8ao2tJo7E86CsdN93Pwledzxd3JF5zOYIA7zwPLhtiBNM1jwaLyLjW1HZyaBpv6uA--NWlcDBV1j11ITJejnVuMjUDlAz5u5JpM8UrDvlEDA4Z-MtC_YDQwfEZ_ZDYEjwASEu8TakASSBQQIBBgBkgUECAUYBKAGLoAHy_6pOKgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcEEOCaAdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTA5MTY3NjY4NTExMDMzMzgYAA&sigh=xCO5ifIhnHM&uach_m=[UACH]&cid=CAQSGwDq26N9QEGrvPGFlFG7qB-iVHu1Q-FJQy43SRgBIA4&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=1266370990&adf=2427394704&pi=t.aa~a.2146518072~rp.2&w=1200&fwrn=4&fwrnh=100&lmt=1666253666&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253666289&bpp=3&bdt=220&idt=211&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=326&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=3SIu6MCsDR&p=https%3A//ttdown.org&dtd=215
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 20 Oct 2022 08:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/ Frame CF8F 23 KB
10 KB 79ms
26ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame CF8F 3 KB
1 KB 87ms
34ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Nov 2022 07:37:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame CF8F 17 KB
7 KB 83ms
30ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF8F 152 KB
47 KB 148ms
89ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47476
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666179788250400"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H2 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame CF8F 33 KB
14 KB 86ms
26ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 23:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 04:05:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 23:21:39 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/16065885781834543016/ Frame CF8F 29 KB
29 KB 79ms
35ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16065885781834543016/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25310b759a53802e5b26434eaa5d734c96aa4e3d7cf4db80f1c445cd2d5e820f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sat, 15 Oct 2022 09:38:37 GMT
x-content-type-options: nosniff
age: 426950
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29556
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 12:21:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 15 Oct 2023 09:38:37 GMT

GET
DATA 200
OK truncated
/ Frame CF8F 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CF8F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame CF8F 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67f0e64c2ce1064496875a90bf2dbb957a2260b842052c334fd0d669a22f55b2

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame CF8F 28 KB
28 KB 80ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 84583
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 Oct 2023 08:44:44 GMT

GET
H3 200 gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E1D 36 KB
16 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15922
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 07:53:48 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210120101/ 151 KB
54 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210120101/reactive_library_fy2021.js?bust=31070367

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

56dc0240a8b8ac3be96ef9ee6088e10bffcca7a7dfdb5d81107fa4dd1a1c48a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55063
x-xss-protection: 0
server: cafe
etag: 3798970507976895278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
122 B 89ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 91ms
36ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3EE3 430 B
225 B 366ms
366ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=2641485162&pi=t.aa~a.827312887~i.4~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2237&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=1g7rbVXlGz&p=https%3A//ttdown.org&dtd=15

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28ed807f18628141c38841ed4f864d372e08f8da7b91a54ef6439e142bb24246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 205
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 338D 430 B
228 B 445ms
444ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=2244495584&pi=t.aa~a.827312887~i.13~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280&nras=4&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=2723&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=jZbczfP0xu&p=https%3A//ttdown.org&dtd=19

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d16a677814b685d24981508f663f812bfdf848a55b57c7790ea7df2e6dbf0376

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 208
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1DCC 430 B
227 B 541ms
541ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=2655906738&adf=4242353128&pi=t.aa~a.827312887~i.15~rp.4&w=1110&fwrn=4&fwrnh=100&lmt=1666253667&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=4777445207&ad_type=text_image&format=1110x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rh=200&rw=1110&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=-M&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280&nras=5&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=245&ady=3027&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=h4SKHjcsm3&p=https%3A//ttdown.org&dtd=22

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e000d5cecc7598a70f9dbf6a96e2bf05bc383ebc737b53047a5719357c86bcdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1F58 87 KB
32 KB 398ms
398ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09a41032f81f048bb7a26915a7b4fb72a66759d7af4eda686d57b6b85fda268d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 32758
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/ Frame 4A37 10 KB
4 KB 26ms
25ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 51405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 17:57:42 GMT
etag: 9671129459699598864
expires: Wed, 02 Nov 2022 17:57:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/ Frame B9AF 10 KB
4 KB 26ms
25ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 51405
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 17:57:42 GMT
etag: 9671129459699598864
expires: Wed, 02 Nov 2022 17:57:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css2
fonts.googleapis.com/ Frame 4A37 4 KB
636 B 36ms
36ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 07:46:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4A37 205 B
229 B 79ms
26ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 06:31:41 GMT
x-content-type-options: nosniff
age: 6166
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 20 Oct 2023 06:31:41 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4A37 604 B
628 B 80ms
27ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:23:59 GMT
x-content-type-options: nosniff
age: 3028
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 20 Oct 2023 07:23:59 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/elements/html/ Frame 4A37 19 KB
8 KB 101ms
46ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8a091a670b6bf03510fc7a1b3c74a417c4a8c8937f7fb0c9a1517a95bdd7ab18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 16:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55874
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8235
x-xss-protection: 0
server: cafe
etag: 7715946797152839796
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 16:43:13 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame B9AF 8 KB
895 B 36ms
36ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 08:14:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame B9AF 2 KB
902 B 68ms
26ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B9AF 0
0 69ms
69ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CmWOeYgNRY66jI4-O1ga8j7HYBtvzvd1szdLAybUQ2dkeEAEgjt2fA2D7AaABjoS93QPIAQmpAlhdnVDqU4s-qAMByAPLBKoEyQFP0LMYy_2pXHXoYj5PYRC84gBsAPgEhHbgglJYGQD8xfktt-3EWLZC6vnrizoNtv-AioTv_FyfGTYBW2dpgLDm48n50mJdUnIb8gLhqAZyeE_XYzLPmAjNfG7ez6_FQtBJ4poKpgYc5PcFPwn4lScg_VdPa_xPmp1r_mtEDR5CSDNN-lelKxNvnQznKrQZs34TIEpuIl0Jg1szJQ4xE_MAcZ-fUcKhDmvCGEmvvHmPSYUYNc7UkiVCn84Uw2VbcpgyeMwbp9dmuX_ABIS7xNqQBJIFBAgEGAGSBQQIBRgEoAYugAfL_qk4qAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ24wB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw2IFAHQFQGYFgGAFwGyFxwKGggAEhRwdWItMDkxNjc2Njg1MTEwMzMzOBgA&sigh=p4gk101lLSs&uach_m=[UACH]&cid=CAQSGwDq26N9l28MPNMw-hhvImFOWT_bjQxK0HX19hgBIA4&template_id=5000

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 20 Oct 2022 08:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/ Frame B9AF 23 KB
9 KB 67ms
27ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame B9AF 3 KB
1 KB 98ms
59ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Nov 2022 07:37:19 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame B9AF 17 KB
7 KB 82ms
42ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9AF 152 KB
46 KB 114ms
61ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47476
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666179788250400"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame B9AF 33 KB
13 KB 72ms
35ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 23:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 04:05:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 23:21:39 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16065885781834543016/ Frame B9AF 12 KB
12 KB 86ms
50ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16065885781834543016/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d7955480034e03d119d0e30e12ff0839bb64f99da9ad8845c6701e362456d7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 04:25:55 GMT
x-content-type-options: nosniff
age: 532112
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12183
x-xss-protection: 0
last-modified: Fri, 30 Sep 2022 12:20:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 14 Oct 2023 04:25:55 GMT

GET
DATA 200
OK truncated
/ Frame B9AF 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B9AF 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 css
fonts.googleapis.com/ Frame 8066 8 KB
895 B 36ms
35ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 08:01:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 8066 2 KB
902 B 65ms
59ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/ Frame 8066 23 KB
9 KB 36ms
32ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 8066 3 KB
1 KB 63ms
59ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Nov 2022 07:37:19 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 8066 17 KB
7 KB 42ms
38ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8066 152 KB
46 KB 59ms
41ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47476
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666179788250400"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame 8066 33 KB
13 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 23:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 04:05:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 23:21:39 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FC9C 143 B
166 B 26ms
25ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 3544
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 07:15:23 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B9AF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15211a81e9d16fc95d05aaf93c260a6aa6b98e46a86df3e9f7e1961522fd2760

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FC9C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

48ms
48ms

Document
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20221018/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
expires: Thu, 20 Oct 2022 08:14:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:27 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js Show response
pagead2.googlesyndication.com/bg/ Frame BDC7 36 KB
16 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15922
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 07:53:48 GMT

GET
H3 200 integrator.js Show response
adservice.google.fr/adsid/ 107 B
122 B 36ms
35ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.fr/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 37ms
36ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ttdown.org

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 68B6 87 KB
32 KB 348ms
348ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5df808538d3af0c781ec9f25a6eca72b2727567388ed9f3a05e72de265f7b841

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-encoding: br
content-length: 32371
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 1F58 6 KB
672 B 38ms
37ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 06:24:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 1F58 2 KB
902 B 27ms
25ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/ Frame 1F58 23 KB
9 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61554
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 1F58 3 KB
1 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2228
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Nov 2022 07:37:19 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 1F58 17 KB
7 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61550
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1F58 0
0 93ms
34ms Image
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTOXKSzkddzDqMmhCOxU7CGIGpiwKqY3gS4EllTTWQNdaRCjNIxteOfWzQBSR3m999ViXM1E_mK_Jl9Ne-r3UXQHN4_Cw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F58 152 KB
46 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47476
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666179788250400"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:27 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame 1F58 33 KB
13 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 23:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 04:05:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 23:21:39 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 1F58 0
0 71ms
70ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLeAGYwNRY-jcHuG1hQb5_KawBZzhhtNsj4Ch__EOkJLJ48IBEAEgjt2fA2D7AaABjezk2QLIAQmpAnpelAaGU6g-qAMByAPLBKoEygFP0JEovg4Z67QLCV0Zkurw-kETDsLvQIFR7EqA_vHB0SwrwL3YvvGI3cgzfwOP8NyZFyzm0JhmTT-Y7ZcicJ8cMh0sOXeFfiUEFVFZKHnJJra2mIZKH_O_yEqm2kBz6YPKcRur8JVWKGXkD52eG6alsQQSoSTMhmLB4BE8ZfmMFvTrf3Hz8H7Zu73o38qD27q6k6YTEBw7ZcVGzKID2TKzvOhasRq4Pe2tOXDESKLtf6iJj6S3Aeed9nB5LtVQtQ-ak1fLyLcy9pgYwASwvp3M5gOSBQQIBBgBkgUECAUYBKAGLoAH25ObpgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHAxCQNdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBuBPkA9gTDYgUCNAVAYAXAbIXHAoaCAASFHB1Yi0wOTE2NzY2ODUxMTAzMzM4GAA&sigh=MArwwQ9jUyg&uach_m=[UACH]&cid=CAQSOwDq26N9vZIeDJw28WJEhnJT17BKU5ue_bUJUA6GtuyS5jVYnCEyTTvOl4LdMcdDco0_FXYU0NdYonBPGAEgDg&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 20 Oct 2022 08:14:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6951785204276097563/ Frame 1F58 14 KB
14 KB 31ms
31ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6951785204276097563/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9eb498722b73f39157de1f8f969426c5932798b7d2e504e29d387ba80432350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:22:19 GMT
x-content-type-options: nosniff
age: 60728
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Sun, 07 Nov 2021 15:36:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 15:22:19 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10877801428445852470/ Frame 1F58 2 KB
2 KB 29ms
29ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10877801428445852470/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11efe705d4a9171616d487f55fc477e3ba6c5a1e67100f8eb379cfb80507d54b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sun, 16 Oct 2022 17:21:52 GMT
x-content-type-options: nosniff
age: 312755
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1952
x-xss-protection: 0
last-modified: Sun, 24 Jul 2022 17:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 16 Oct 2023 17:21:52 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4FB8 1 KB
643 B 41ms
38ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 84956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 08:38:31 GMT
etag: 48472445140208031
expires: Thu, 20 Oct 2022 08:38:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1F58 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41adbdbaf43349ebb2e495fa2614ba69619f841156f2f06ece0cccbe054978e5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1F58 15 KB
15 KB 26ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 474727
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1F58 15 KB
16 KB 26ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 529498
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 1F58 15 KB
15 KB 34ms
33ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 500374
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 13:14:53 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 4FB8 35 B
463 B 98ms
28ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAJajdvsXiQ8_z53c20pvI0&google_cver=1&google_push=AZmPxg_PRGSSmyy_h_iJuoeoAObup5wmjuBrhQN-2heQh3GyE5vclqMfZfg4hjXEMsOtUuI94auVmQDD3fOOSrNYfxhRfB6HNfA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB8
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg-Y2Q2R...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg-Y2Q2R...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjAwODE0MjgwMDAxNDcxNTY5MzQxNA%3D%3D&google_push=AZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXo...

170 B
188 B

36ms
36ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjAwODE0MjgwMDAxNDcxNTY5MzQxNA%3D%3D&google_push=AZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXoj1xlNjL4ufNUrlFbfYI4JyObyWAHJo

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjAwODE0MjgwMDAxNDcxNTY5MzQxNA%3D%3D&google_push=AZmPxg-Y2Q2RhgKBXjExCk2RkfdMOgxvkFTb0igCyTrtCWgM8XAZIl0u4dpG-lClLrKfXoj1xlNjL4ufNUrlFbfYI4JyObyWAHJo
pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Thu, 20 Oct 2022 08:14:28 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB8
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEE0U56Uuv8DlL-oh-Im9l98&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_Vb...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_VbMUaHH&google_hm=MTA4MTgwNjg1MTg2OT...

170 B
188 B

90ms
37ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_VbMUaHH&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:27 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg9JsA65-8ZpsdBrVI467OnOf1W0xkdv__fdMgW-cjGX4-uD9A2-eYle_YkTy10CmX-2xH71kVsn33_rUtmlinQc_VbMUaHH&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB8
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX
https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&google_hm=rg38dOlbxPEN_7WnKJTGEw==

170 B
188 B

43ms
38ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&google_hm=rg38dOlbxPEN_7WnKJTGEw==

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:27 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg_km1UsFrmdNvESkGlqqECVMXFIaOUf7JGy_PEYGtHqtCcPrDOG5yGQAgguh-hYSDN6j5h3EGsnu4KO3Gtlu9DUAk3SqmGX&google_hm=rg38dOlbxPEN_7WnKJTGEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: 9nk2j03susb397b6g16u384a3k4qvo7m

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 4FB8 0
166 B 77ms
22ms Image
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEFzvBXEhjSU8nMqRBkHv4tg&google_cver=1&google_push=AZmPxg-rDLcKn6sshKDvH4-YUXCUYKhERxrHFeaEyiMq-8K20o7H2DTQX43Grb3X1YO9qA7sgprdBQIU12t-V111vmSF23NO3dE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=1724911246&pi=t.aa~a.3732354746~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667371&bpp=1&bdt=1302&idt=1&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280&nras=6&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1495&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=ga4Q0DdbwC&p=https%3A//ttdown.org&dtd=25
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 20 Oct 2022 08:14:26 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB8
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPuquyF9NpF4O1zZbD5EVv8&google_cver=1&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKil...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVTkUtMTMtNjBYSA==&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKilOM-vT6wRHHsPtqvHz1vQdPbU5

170 B
188 B

89ms
37ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVTkUtMTMtNjBYSA==&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKilOM-vT6wRHHsPtqvHz1vQdPbU5

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVTkUtMTMtNjBYSA==&google_push=AZmPxg--DJxuOmtkko3IzqxqwCjSTMNhfqU9o1L2BlrCSPOdlKrVTjgUtQ0cRq5kRrRUYNQMKilOM-vT6wRHHsPtqvHz1vQdPbU5
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4FB8
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_push=AZ...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-...

170 B
188 B

36ms
36ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-o6T7v0qfwO0GH0JSEGKCWgKaVbOMheEjxkmlHQUf-zfjcnzXmTaDS1mc97tIsE

Requested by

Host: ttdown.org
URL: https://ttdown.org/

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ANfxx54gxZZQSdTgkwGkwVoJjl%2FLc0Yx7hG94FhRwW6XNNEGvx%2BxH%2FD1KRNGA6YCjTTkq9xAyygWLOvvmPbLrTqgw%2BlV%2BFhE76f9pyCyqTAAJC8UWVg2vz0fvR9cdRuphsdHuDZnGYFMQg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg_hMsogu1gLphY9uQM8in4DRc6Ls2F8-o6T7v0qfwO0GH0JSEGKCWgKaVbOMheEjxkmlHQUf-zfjcnzXmTaDS1mc97tIsE
cache-control: no-cache
cf-ray: 75d04cd18bf4d091-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 4FB8 0
232 B 115ms
35ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JF0BLlDexjixVbQNQ3movJ0OKyJoLPbefootEpUuwZoEPbwXt4jJVE4rzTniyIEsbfN36Z

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js Show response
pagead2.googlesyndication.com/bg/ Frame 72EF 36 KB
16 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1239
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15922
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 07:53:48 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 68B6 6 KB
672 B 42ms
42ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 20 Oct 2022 08:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 06:52:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 Oct 2022 08:14:28 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 68B6 2 KB
902 B 26ms
25ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61555
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/ Frame 68B6 23 KB
9 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61555
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:33 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 68B6 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2229
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 03 Nov 2022 07:37:19 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/ Frame 68B6 17 KB
7 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221018/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:08:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61551
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Nov 2022 15:08:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 68B6 152 KB
46 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47476
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666179788250400"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:28 GMT

GET
H3 200 fed584b8ce81e04d8838584f2ea59ee6.js Show response
www.gstatic.com/mysidia/ Frame 68B6 33 KB
13 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fed584b8ce81e04d8838584f2ea59ee6.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 23:21:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118369
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13787
x-xss-protection: 0
last-modified: Tue, 18 Oct 2022 04:05:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 16 Jan 2023 23:21:39 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 68B6 0
0 72ms
72ms Fetch
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C4XjdYwNRY6HuNIKbhQb8oYDoBpzhhtNsj4Ch__EOkJLJ48IBEAEgjt2fA2D7AaABjezk2QLIAQmpAnpelAaGU6g-qAMByAPLBKoEygFP0GtS7zX4XuCTCEzJBev5f8ldBMvx5O0ePSj2h4t5g23AylSlbsFRnXlk1v9sl8eGWTOa-If-fZ8dVtFqJTKYcovDNfdJb4PoHhkRSQvNXQRFjTXJJFUDJa0rhqhrBS8krIk27wK6mNpmxCgotCSNj6QFX-f-Xi7XnwuaPbSFGvORb-cMbu309B0KSxmL3GX9KWLPKzvMyArXbQ-KCioFaRvoBOb7wkMYsB-pCJrYAVtKXU6Hq2e788xV9tR2igdEsbVIuDhxET4RwASwvp3M5gOSBQQIBBgBkgUECAUYBKAGLoAH25ObpgGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHAxCQNdIIEQiA4YAQEAEYHzICqgI6AoBAgAoByAsBuBPkA9gTDYgUCNAVAYAXAbIXHAoaCAASFHB1Yi0wOTE2NzY2ODUxMTAzMzM4GAA&sigh=8zo2XVpsdJQ&uach_m=[UACH]&cid=CAQSOwDq26N93kPDrV8dkY40sEM5m7dkLlBNkZiesDP_r6r3L2kw_--wJXJ2BrBpAodWaGsTsNoU4NVGzRZLGAEgDg&template_id=484

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 20 Oct 2022 08:14:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/6951785204276097563/ Frame 68B6 14 KB
14 KB 26ms
26ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6951785204276097563/downsize_200k_v1?w=400&h=209

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9eb498722b73f39157de1f8f969426c5932798b7d2e504e29d387ba80432350

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 15:22:19 GMT
x-content-type-options: nosniff
age: 60729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14157
x-xss-protection: 0
last-modified: Sun, 07 Nov 2021 15:36:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 15:22:19 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/10877801428445852470/ Frame 68B6 2 KB
2 KB 28ms
28ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10877801428445852470/downsize_200k_v1?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

11efe705d4a9171616d487f55fc477e3ba6c5a1e67100f8eb379cfb80507d54b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Sun, 16 Oct 2022 17:21:52 GMT
x-content-type-options: nosniff
age: 312756
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1952
x-xss-protection: 0
last-modified: Sun, 24 Jul 2022 17:06:53 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 16 Oct 2023 17:21:52 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A3EB 1 KB
643 B 27ms
25ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 84957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 08:38:31 GMT
etag: 48472445140208031
expires: Thu, 20 Oct 2022 08:38:31 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 68B6 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cbac7ac318aa02e028d77c29b64d72cfe535c601a05f49205629a4f8202639a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAJajdvsXiQ8_z53c20pvI0&google_cver=1&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUX...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUXfnapxR4NDD6YsjcAr8eRZORhIyXx-61aVP3MKLN1-n&google_hm=YGfxsxkTod_p...

170 B
188 B

38ms
37ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUXfnapxR4NDD6YsjcAr8eRZORhIyXx-61aVP3MKLN1-n&google_hm=YGfxsxkTod_pbEIekp71mw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=AZmPxg_8j_XykpPzOXMA6C0Hc-yEnPxFSoXSiWydji9pNh9pm35GXrvcUXfnapxR4NDD6YsjcAr8eRZORhIyXx-61aVP3MKLN1-n&google_hm=YGfxsxkTod_pbEIekp71mw
pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEKtJ-u-nsY1Q8j2ML8iOMds&google_cver=1&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw&google_hm=Q0FFU0VLdEotdS1uc1kxU...

170 B
188 B

37ms
37ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw&google_hm=Q0FFU0VLdEotdS1uc1kxUThqMk1MOGlPTWRz

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 20 Oct 2022 08:14:28 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AZmPxg-Ose0J1G8Oad45MWFPQy5R3NQP0SLPUjIOMPtYbQERlXINs7zrtF1iL5KuNjskXzJ2w5of9lysPf3ArfOMPAVTTQMhjhtw&google_hm=Q0FFU0VLdEotdS1uc1kxUThqMk1MOGlPTWRz
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEE0U56Uuv8DlL-oh-Im9l98&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRN...
https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRNWtYFD&google_hm=MTA4MTgwNjg1MTg2OT...

170 B
188 B

36ms
35ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRNWtYFD&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_nid=xaxis_dmp&google_push=AZmPxg99cPcnWqR09lvwIOZK7a6Lv9u__EPJHNW5gfay_O3C1ehJkp6JiuMo8DS91DwjXnpjwKE4MhNLMlhBUvqLcwn6JRNWtYFD&google_hm=MTA4MTgwNjg1MTg2OTk3MTQwMDE
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEKQXN-f9K9cElCfG3CyxJfg&google_cver=1&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t&google_hm=rg38dOlbxPEN_7WnKJTGEw==

170 B
188 B

36ms
36ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t&google_hm=rg38dOlbxPEN_7WnKJTGEw==

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:27 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AZmPxg9Vq2p7Y8vfOQy3BT6Kv_kP7o4-NsHfGmxgtP1008Qhk-ioEvDVhNYZR4S1c2piA_dU2c26Pl7pHTA3HBxKsGexHgOuyt1t&google_hm=rg38dOlbxPEN_7WnKJTGEw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: a2cu6vscfcv6gijabacv3otb6co5cdqn

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPuquyF9NpF4O1zZbD5EVv8&google_cver=1&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLt...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVVFItMUItRFpXTg==&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLtRZUDVYTfOJrrJvj_j-9TXS5Y

170 B
188 B

39ms
38ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVVFItMUItRFpXTg==&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLtRZUDVYTfOJrrJvj_j-9TXS5Y

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlHU0VVVFItMUItRFpXTg==&google_push=AZmPxg8n0z3IurFBQ26fSA4giKiN7pywt9ZIDxwgPTVil05kLmhKUixRvndfvko-IJndeyeDvLtRZUDVYTfOJrrJvj_j-9TXS5Y
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3EB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg8KpFWTIP4iuJ8yVjtg2ghCuJy-XmVPP...

170 B
188 B

38ms
38ms

Image
image/png

172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg8KpFWTIP4iuJ8yVjtg2ghCuJy-XmVPPQi1o0g-_r-YOYXTWGniL-FFxa2CwXLZpVTzVdaAH1d2cXEEb6Q7jA65zjpTAdr3

Protocol

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50gNjGzJ%2BqY0U7gMNCN2PTYS%2FKPdIth31fXs6vWQliRtcLzJ0hR1sMZUy9zvnmqXS3L5owv3F9p8zE26wTQ3nDlhFGXCVWO38tfq9W1FJ7KqBXstbTaUEUcqXU0dkVdXf9qH%2FiQXJ1uhzA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEI-t0SLGWAwEN7TwJF6K640&google_hm=Y1EDZP2Sg9RdGmLXMv6zKgAABLkAAAIB&google_nid=index&google_push=AZmPxg8KpFWTIP4iuJ8yVjtg2ghCuJy-XmVPPQi1o0g-_r-YOYXTWGniL-FFxa2CwXLZpVTzVdaAH1d2cXEEb6Q7jA65zjpTAdr3
cache-control: no-cache
cf-ray: 75d04cd27d6ad091-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame A3EB 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A3EB 0
12 B 36ms
34ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KAjt98MNo189DOO7o5xd5EIWSRNMs9k4slR7PKyNcr3ytBnhavON9jCkj4N_ac-kxZ3NjlkA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68B6 15 KB
15 KB 28ms
26ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 20:22:20 GMT
x-content-type-options: nosniff
age: 474728
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 20:22:20 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68B6 15 KB
16 KB 29ms
27ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 05:09:29 GMT
x-content-type-options: nosniff
age: 529499
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 05:09:29 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 68B6 15 KB
15 KB 34ms
32ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Fri, 14 Oct 2022 13:14:53 GMT
x-content-type-options: nosniff
age: 500375
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Oct 2023 13:14:53 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame CF8F 42 B
64 B 115ms
62ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdf5No1mYMeqGyB-dHF8De9sNnu7HrLmVUoTHWmta2ZW77vwsy7bp_GEnIz0DY0JdGaB_YUm_1Rw-1oJQqoMk114BEr-P5PklEbrn9NeihwiktAM5o161hXDXyMAWcNFGycJtyQg&sai=AMfl-YTxEzmFVXGSUZbRxAYNT5YZ44yYFxXb5JSFA7nS_IIk7fIiecpyXwekIUHdYvghHIivcUSMJ6aDCN5mOlc&sig=Cg0ArKJSzDUFqowvJQSrEAE&cid=CAQSGwDq26N9QEGrvPGFlFG7qB-iVHu1Q-FJQy43SRgBIA4&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1266370990&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666253666505&rpt=751&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 76ms
41ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221018&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d306e26121155f887942e3c99301983ca726a9fac3ba4394d73e20b41ec7fd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11000
x-xss-protection: 0

GET
H3 200 gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js Show response
pagead2.googlesyndication.com/bg/ Frame A5E3 36 KB
16 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0916766851103338&output=html&h=280&adk=723392857&adf=523434623&pi=t.aa~a.701953935~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1666253667&rafmt=1&to=qs&pwprc=4777445207&format=1200x280&url=https%3A%2F%2Fttdown.org%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666253667374&bpp=1&bdt=1306&idt=0&shv=r20221018&mjsv=m202210120101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D053f288a91eba285-22dd1d464ace001f%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg&gpic=UID%3D00000b75a383b75c%3AT%3D1666253666%3ART%3D1666253666%3AS%3DALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw&prev_fmts=0x0%2C1200x280%2C1110x280%2C1110x280%2C1110x280%2C1200x280%2C1600x1200%2C1005x124&nras=9&correlator=1540185210824&frm=20&pv=1&ga_vid=168987194.1666253666&ga_sid=1666253666&ga_hid=1930292175&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=4662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C42531705%2C31070367%2C31070385%2C31068919&oid=2&psts=APxP-9DHdrKvGvq-7hA6dMZKLqxXldDi-yTjjkJGaS5-Gna2P0Sl-u7S4fSrwnEE0j4KzUe2fEap9JgWZdvizAE%2CAPxP-9DcgG4FgTAy-OsqQkxBh8tu9HnGcrkaIdn_CHyeM1QdX59sB7L9fh0CPW5Vz3w_6NRHJyrT_tcs0rnSx571gTzyQbAqx1bxABeM5cJu&pvsid=204741578676215&tmod=1349471094&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=6&fsb=1&xpc=9PGdnCxtb5&p=https%3A//ttdown.org&dtd=416

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15922
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 07:53:48 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 20 Oct 2022 08:14:28 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C478 13 KB
5 KB 26ms
26ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 2228
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 07:37:20 GMT
expires: Fri, 20 Oct 2023 07:37:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F5D5 783 B
534 B 37ms
37ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e982c58344519fb03e7295a7c88c3f927105724fbaef91516c198c2d698da0e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JwqbkzH-xjb0S8dbfincvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttdown.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-JwqbkzH-xjb0S8dbfincvQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 20 Oct 2022 08:14:28 GMT
expires: Thu, 20 Oct 2022 08:14:28 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js Show response
pagead2.googlesyndication.com/bg/ Frame C478 36 KB
16 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gGH5MXBYpKK8b4jYkKtywiBl7RPPQJG6QKYwKihakJE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 07:53:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1240
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15922
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 20 Oct 2023 07:53:48 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F5D5 0
0 60ms
60ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221018&jk=204741578676215&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C478 0
10 B 26ms
25ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2p8IDQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Thu, 20 Oct 2022 08:14:28 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9AF 42 B
64 B 62ms
62ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss_1J0w38Lx_lEmKQj8iitsOkpEsIbJxLIscWqlE5X8gZ8PGwmFEpNiZaegRQ_L5dfN6bwXoO3cw5MwNpZr0snBpzsz73doRZP8wA5E0e-tq6lDYl9rkhsMDW_YjgDa5fXemBVc5A&sai=AMfl-YTEnTQr-Unv17Y53peYItW6aZ-BvxwOpaCGsobC33BROthVmh3ejBaw_dkGJFfgLX57rGfhLif1k-mY6TI&sig=Cg0ArKJSzDf3fsbTWSa3EAE&cid=CAQSGwDq26N9l28MPNMw-hhvImFOWT_bjQxK0HX19hgBIA4&id=lidar2&mcvt=1001&p=0,0,124,1005&mtos=85,769,1001,1073,1175&tos=85,684,232,72,102&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2020088501&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666253667437&rpt=221&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 Oct 2022 08:14:28 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221018&jk=204741578676215&bg=!6eql6q7NAAYeOJy_Pjg7ACkAdvg8WoL1kE_gx2IVP9H6NdT0GVWnK3oHPC3bcjrjA7IkRvFN1JaTXgIAAABUUgAAAAJoAQcKAFhlka3YFu1vLvy8J7aWJN-2wH9y4ZgQWwONbuhpQ_o2tCbnZwcnwyUAPmdciCW44S3VlnOVk119yWr9vm7PgtbrJ3jHev5d-sgz_eZfciR6us3G7UQXes_mmQKR29YR5BQUofr-QQP6hEEURf9EMdG9ZNq7X6tVgujhnRkX2ByvX9ri1EOCZUKjoMQ_SREnOa_0ofgzkLYs7bcThMxeqClNJPeHyB8C2tErj4qMnTiMaQ4hasOkJ8tb5m7P8NVJhTBs9roo_BlUmUlOrTwgWbXAi-lLoGuYH1mHmxjxysM8yLHhNkUGgQQmYl9yevICSwOzzgycwR8AMD16MnBDdrWzFaOzPMKsWC3_G-9dnWqnR6FzBnfvfYqeNlonGVpUwG_e1S-iNyMWX9njKDdLaiJ97LPpjRHds6Wl5VdjCUNEFQADMl9U1LrbXkdJfzNmDifOwtP3fEKIYAUDsJFmKJyXC4NQ3F9IN-Daj8OzZ-oEoRS0CeUSxd8j48wWyTcrVHIhhuCQx3Mc1ytYBsjYmAtPiaB7SdeHE8Fw2Nh5rxdnNouERDg45N-C29G8L6Gg2hyYydTxQ4ixx3CjQ2YwyYsnGAfhIAT8i960sjGZkkN-A2QpT7hUD-cpFRUiIW2Q9T10P3HH36ePFminiHV3ImgcENdRNfJ_Cd7MJwPuSf24L2hIiy1x6Xp-Zf-OThkejF1eLiOyuKqIeoJvp2a4tBL3ckvCwSvV1dhspzcS3OXvAjAf3Vc0_qoHNXYtWwimwRiqZ4oIdIVT6CnDzaZlF9_nbb2X8JQLcAJQmF26JFH7Hn8a3JhcOWs3qL1OGC0BXMggLfP36z4Gb-fQBjxZcWp4KUl7XG-b5SQUvqVN1hLUbz6pM3psPbsQAEI00ZXKNeRRxNCifTKZKCldKGmaTRAqONGKG5gywvozirCMFQrpvokNC6_t0mBqwmibBohOB9I8QgmXsfcuRw_wwe7HZAXUOUGxqQ8e8iAiPv72
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://ttdown.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECQJ9qryaDYQHWbjFV5tt9E&google_cver=1&google_push=AZmPxg-CJ790zLF1V1OgAkhg0_XCBn354dHoC5Q2E4CznMGdF11HCKqQn0gfIczMYUvkQu9C40K5x6ogiHk1q7wy7GCZzoRNQ5Gz

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

26 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ttdown.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5268sb2ou65avgeooqrq2srelk
.ttdown.org/	1970-01-20 16:12:29	Name: __gads Value: ID=053f288a91eba285-22dd1d464ace001f:T=1666253666:RT=1666253666:S=ALNI_MaaU4drkL9O-rC1SKbKOH1-c1yYdg
.ttdown.org/	1970-01-20 16:12:29	Name: __gpi Value: UID=00000b75a383b75c:T=1666253666:RT=1666253666:S=ALNI_MZjXFBJ1vRYhGwfXILhq8WHUmNVaw
.doubleclick.net/	1970-01-20 16:12:29	Name: IDE Value: AHWqTUmjfFPe1PEgbI__KvXrrINZNEiZwHNU-EVXC0lApqogQLPXkw5QnpmR8zefd-Q
.doubleclick.net/	1970-01-20 06:50:57	Name: DSID Value: NO_DATA
.mookie1.com/	1970-01-20 16:19:41	Name: id Value: 10818068518699714001
.mookie1.com/	1970-01-20 16:19:41	Name: mdata Value: 1\|10818068518699714001\|1666253667985
.mookie1.com/	1970-01-20 16:19:41	Name: ov Value: 4c5bba1f865a59deb62355762286a67e
.openx.net/	1970-01-20 15:36:29	Name: i Value: a2f74911-e95a-4228-b15d-31f89faacf54\|1666253667
.quantserve.com/	1970-01-20 09:00:29	Name: d Value: EA8BCQGwJ4EA
.quantserve.com/	1970-01-20 16:21:08	Name: mc Value: 63510363-f4140-5acf3-ea39b
.casalemedia.com/	1970-01-20 15:36:29	Name: CMID Value: Y1EDZP2Sg9RdGmLXMv6zKgAA
.casalemedia.com/	1970-01-20 09:00:29	Name: CMPS Value: 1209
.casalemedia.com/	1970-01-20 09:00:29	Name: CMPRO Value: 1209
.casalemedia.com/	1970-01-20 09:00:29	Name: CMTS Value: 1192
.agkn.com/	1970-01-20 15:36:29	Name: ab Value: 0001%3AsJp3ZAxydAvNWmX1s17ljghTP6VqIne6
.agkn.com/	1970-01-20 15:36:29	Name: u Value: C\|0CEAq47_kKuO_5AAAAAAAAQ13AQCAAQpAAAAAAA
.e.dlx.addthis.com/	1970-01-20 16:21:08	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:21:08	Name: na_id Value: 2022102008142800014715693414
.addthis.com/	1970-01-20 16:21:08	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:21:08	Name: uid Value: 635103642a577c09
.addthis.com/	1970-01-20 16:21:08	Name: ouid Value: 63510364000168b565f73cb024fef0aeb19e6d20062089b4c197
.dlx.addthis.com/	1970-01-20 07:34:05	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 07:34:05	Name: na_sr Value: 20221020
.dlx.addthis.com/	1970-01-20 06:50:53	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 07:34:05	Name: na_sc_e Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESECQJ9qryaDYQHWbjFV5tt9E&google_cver=1&google_push=AZmPxg-CJ790zLF1V1OgAkhg0_XCBn354dHoC5Q2E4CznMGdF11HCKqQn0gfIczMYUvkQu9C40K5x6ogiHk1q7wy7GCZzoRNQ5Gz Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.fr
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
code.jquery.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
rtb.openx.net
ssum-sec.casalemedia.com
stackpath.bootstrapcdn.com
tpc.googlesyndication.com
ttdown.org
www.google.com
www.googletagservices.com
www.gstatic.com
googlecm.hit.gemius.pl
104.18.18.126
172.217.16.194
198.47.127.19
2001:4de0:ac18::1:a:2b
2606:4700::6811:190e
2606:4700::6812:acf
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:800::2003
2a00:1450:4001:801::2002
2a00:1450:4001:803::2001
2a00:1450:4001:80b::2004
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
3.121.8.30
34.98.67.61
35.186.253.211
51.83.201.29
69.173.144.138
69.192.160.219
086ef1821ec1abf73e68581524767210cbbcc879ae07def1cf46fc9fff4e9d4c
09a41032f81f048bb7a26915a7b4fb72a66759d7af4eda686d57b6b85fda268d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d540852df11d127bf96d08e3b1d14b2853afc6950cce676378c358993919848
11efe705d4a9171616d487f55fc477e3ba6c5a1e67100f8eb379cfb80507d54b
15211a81e9d16fc95d05aaf93c260a6aa6b98e46a86df3e9f7e1961522fd2760
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1f7723b6b9bfced0deba108df48e3287888dd986f1ff2d5133bacc9807ac0349
21c2d6302a4d274fba11433436022a7e1e4f076af1017031c2679b6dcf5eb230
25310b759a53802e5b26434eaa5d734c96aa4e3d7cf4db80f1c445cd2d5e820f
28ed807f18628141c38841ed4f864d372e08f8da7b91a54ef6439e142bb24246
2d52560a0b97222a18a95c89256d89765d3d821699eebc14213d531c2a93adb5
36b425707de4faa39f3d768f13f7f4c72dbc9103f0a68f6ad7e0298fd5449dba
3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45
41adbdbaf43349ebb2e495fa2614ba69619f841156f2f06ece0cccbe054978e5
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b2ddf9caf0636f523f0ce76e534131e699e82a8b79fbf7e37ca48e9c69f1f75
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
56dc0240a8b8ac3be96ef9ee6088e10bffcca7a7dfdb5d81107fa4dd1a1c48a7
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5df808538d3af0c781ec9f25a6eca72b2727567388ed9f3a05e72de265f7b841
604dcf1f11698655f75046bb92f98aaa9477e1c16b01c5fc415e78794393ffb9
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62a743da1ce1ba9936c36fe61ba3975c6c24943d1c6180ad9b654027759faef2
64fbc7f830625ecd6ff3293b96665aebec2a9be9336f02fd47508eb59f7ec23a
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
67f0e64c2ce1064496875a90bf2dbb957a2260b842052c334fd0d669a22f55b2
6b2f16d928f9ac95f54a28ca48aa43ef5196f4870789a5822d781caf6dd51375
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7cbac7ac318aa02e028d77c29b64d72cfe535c601a05f49205629a4f8202639a
8061f9317058a4a2bc6f88d890ab72c22065ed13cf4091ba40a6302a285a9091
8a091a670b6bf03510fc7a1b3c74a417c4a8c8937f7fb0c9a1517a95bdd7ab18
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b2474b764a8cfd1b5664776d16b24ba4a2a3519734ebb7d83dda5447f3c976c
8d1541ce0a18754621098a7293d5cd63c6769b497650e92e024408808ce8d271
90f1126b989142c6bc5d440d488b3cad4e6ef9d421c5735fc733eca246dc37b9
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
9879cef4177833f2835c5743dfcd5403fab2bbaf835fefbfec36020dd36ab5b5
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bea7a971b3627cf866881836881ec79decba9f5aa544552067632d3a1a6fc54
9d306e26121155f887942e3c99301983ca726a9fac3ba4394d73e20b41ec7fd5
9d7955480034e03d119d0e30e12ff0839bb64f99da9ad8845c6701e362456d7b
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
acce1fa5f2bd3b2f24e9ab28a478fde632b8ec9aeab411e3be0bf3d68697989c
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bca1d88ada544d9c80872d4da27133fab6d347361fa26e932b47ec9559088fd0
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ced66d73fd7c25b10179bcd53997722aa5d789563426ce9fb45dd0002b83f7e1
d16a677814b685d24981508f663f812bfdf848a55b57c7790ea7df2e6dbf0376
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
e000d5cecc7598a70f9dbf6a96e2bf05bc383ebc737b53047a5719357c86bcdc
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e982c58344519fb03e7295a7c88c3f927105724fbaef91516c198c2d698da0e3
e9eb498722b73f39157de1f8f969426c5932798b7d2e504e29d387ba80432350
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
ff3dad3e0cb09821ea020b7bf616e9255a536be70e71193743420ebcafa83113

ttdown.org Open in urlscan Pro 51.83.201.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

91 %HTTPS

61 %IPv6

21 Domains

25 Subdomains

18 IPs

5 Countries

1441 kBTransfer

3447 kBSize

26 Cookies

6 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ttdown.org Open in urlscan Pro
51.83.201.29 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

91 %
HTTPS

61 %
IPv6

21
Domains

25
Subdomains

18
IPs

5
Countries

1441 kB
Transfer

3447 kB
Size

26
Cookies

132 HTTP transactions
9 data transactions