masseffect2saves.com Open in urlscan Pro
144.217.248.68 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://masseffect2saves.com/
Submission: On April 15 via api (April 15th 2023, 8:02:39 am UTC) from US — Scanned from CA

Summary HTTP 68 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 68 HTTP transactions. The main IP is 144.217.248.68, located in Beauharnois, Canada and belongs to OVH, FR. The main domain is masseffect2saves.com.

This is the only time masseffect2saves.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	144.217.248.68 144.217.248.68	16276 (OVH) (OVH)
10	2607:f8b0:400... 2607:f8b0:4004:c1b::9c	15169 (GOOGLE) (GOOGLE)
13	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
10	2607:f8b0:400... 2607:f8b0:4004:c08::9b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::9b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::2002	15169 (GOOGLE) (GOOGLE)
15	2607:f8b0:400... 2607:f8b0:4004:c07::84	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::9a	15169 (GOOGLE) (GOOGLE)
2 3	2607:f8b0:400... 2607:f8b0:4004:c1b::63	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f00... 2a03:2880:f00e:13:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
68	12

13 144.217.248.68 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: p104.lithium.hosting

masseffect2saves.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4004:c1b::9c (Washington, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4004:c08::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::9b (Washington, United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::2002 (New York, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2607:f8b0:4004:c07::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::9a (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1b::63 (Washington, United States) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f00e:13:face:b00c:0:3 (Toronto, Canada)

ASN32934 (FACEBOOK, US)

scontent-yyz1-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 105 tpc.googlesyndication.com — Cisco Umbrella Rank: 138	318 KB
13	masseffect2saves.com masseffect2saves.com	377 KB
12	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 805 scontent-yyz1-1.xx.fbcdn.net — Cisco Umbrella Rank: 12044	160 KB
10	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 35	65 KB
4	google.com 2 redirects adservice.google.com — Cisco Umbrella Rank: 73 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	98 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 158	89 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	15 KB
1	google.ca adservice.google.ca — Cisco Umbrella Rank: 13840	531 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 925	337 B
68	10

	Domain	Requested by
15	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
13	masseffect2saves.com	masseffect2saves.com
11	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
10	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
9	pagead2.googlesyndication.com	masseffect2saves.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
3	www.google.com	2 redirects tpc.googlesyndication.com
2	www.googletagservices.com	googleads.g.doubleclick.net
2	connect.facebook.net	masseffect2saves.com connect.facebook.net
1	scontent-yyz1-1.xx.fbcdn.net	www.facebook.com
1	www.facebook.com	connect.facebook.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.ca	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
68	13

This site contains links to these domains. Also see Links.

Domain
www.masseffectsaves.com
www.masseffect2saves.com
www.twitter.com
twitter.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-22` - `2023-04-22`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-03-28` - `2023-06-20`	3 months	crt.sh

This page contains 12 frames:

Primary Page: http://masseffect2saves.com/
Frame ID: 70833060BB829D00FA1F4806102BB80E
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html
Frame ID: 00FF7A001338F5E97E3E267DB827E7BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143
Frame ID: D0787A89C8B59F7A9C37BC3B9951F51D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=29871647&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753196&bpp=1&bdt=172&idt=145&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=2171&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeEbr%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azTmOuEec4&p=http%3A//masseffect2saves.com&dtd=149
Frame ID: C66506B692B7A1F4FE91B342872D56B7
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&adk=1812271804&adf=3025194257&lmt=1681545753&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x1080_r&format=0x0&url=http%3A%2F%2Fmasseffect2saves.com%2F&ea=0&pra=7&wgl=1&dt=1681545753211&bpp=1&bdt=186&idt=137&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C468x60&nras=1&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=3&uci=a!3&fsb=1&dtd=145
Frame ID: A235F751E47B9ECB3321C6976F242744
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7DAC48579A299BA2DAF71F16789DFF2C
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4A4D7FE3AE83D5223221115D05204AAC
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js
Frame ID: 34DA6AAD22607C50AAAFD01905614980
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d3e8b98a2b528%26domain%3Dmasseffect2saves.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fmasseffect2saves.com%252Ff2504011944192c%26relation%3Dparent.parent&color_scheme=dark&container_width=942&header=false&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FMass-Effect-Saves-masseffectsavescom%2F235955106491958&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292
Frame ID: 8CD23ACFF2F85C2C2B9F311F0E858D1C
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js
Frame ID: 33AD6C670F24736CE7248C044096BA87
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CDD28F1864D673FE457EDAFC6C6EDB90
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6F191D1A5CE723EE82A40617FB209259
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mass Effect 2 - Masseffect2saves.com

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

68
Requests

79 %
HTTPS

91 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

1124 kB
Transfer

2599 kB
Size

4
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: http://www.masseffectsaves.com/
Title: MASS EFFECT 1

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/faq.php
Title: FAQ

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/desc.php
Title: ME1 DECISION CONSEQUENCES

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/mediamentions.php
Title: MEDIA MENTIONS

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/mods.php
Title: MOD LIST

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/links.php
Title: HELPFUL LINKS

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/xbox.php
Title: XBOX 360

Search URL Search Domain Scan URL

URL: http://www.masseffect2saves.com/about.php
Title: ABOUT/CONTACT

Search URL Search Domain Scan URL

URL: http://www.twitter.com/masseffectsaves
Title: TWITTER

Search URL Search Domain Scan URL

URL: http://www.masseffectsaves.com/sitemap.php
Title: anywhere else on the site

Search URL Search Domain Scan URL

URL: https://twitter.com/annakie
Title: @annakie

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 43

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 44

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

68 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
masseffect2saves.com/ 16 KB
6 KB 80ms
22ms Document
text/html 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 55bc11b5d899b423546a0757044aa62af9a3c2b302d4d2bb7c5e4b98dbd0cdc1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Connection: Upgrade, Keep-Alive
Content-Encoding: gzip
Content-Length: 5468
Content-Type: text/html; charset=UTF-8
Date: Sat, 15 Apr 2023 08:02:33 GMT
Keep-Alive: timeout=3, max=100
Server: Apache
Upgrade: h2,h2c
Vary: Accept-Encoding
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
X-Mod-Pagespeed: Powered By pagespeed

GET
H/1.1 200
OK shepardmale.png
masseffect2saves.com/img/ 163 KB
164 KB 16ms
16ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/shepardmale.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: d1208252314ae1325b9fde354b2b5b8a000c6c197ab87d74329bdfc5ff8776db

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Wed, 27 Jan 2010 20:12:43 GMT
Server: Apache
ETag: "28cc0-47e2b0667c4c0"
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 167104

GET
H/1.1 200
OK headerbig2text.jpg
masseffect2saves.com/img/ 69 KB
69 KB 26ms
17ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/headerbig2text.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: b9c5d9b8b92bb70cb3cd8ca816be522fcb3c2ac8f3250a4fc175ec54676c5681

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Wed, 03 Feb 2010 04:24:30 GMT
Server: Apache
ETag: "112be-47eaa98351b80"
Upgrade: h2,h2c
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 70334

GET
H/1.1 200
OK male.png
masseffect2saves.com/img/buttons/ 2 KB
2 KB 30ms
21ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/buttons/male.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: dd3aa995bb85503cc83969711c952e87c1103e091a2564fae9649bd9c46c0db9

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Thu, 28 Jan 2010 18:20:25 GMT
Server: Apache
ETag: "838-47e3d92a16c40"
Upgrade: h2,h2c
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 2104

GET
H/1.1 200
OK female.png
masseffect2saves.com/img/buttons/ 2 KB
2 KB 29ms
20ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/buttons/female.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 06651ca6e394ca09b53ebfa183d828eaf6061ea8c25842c82feb0328ba806547

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Thu, 28 Jan 2010 18:20:43 GMT
Server: Apache
ETag: "860-47e3d93b414c0"
Upgrade: h2,h2c
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 2144

GET
H/1.1 200
OK paragon.png
masseffect2saves.com/img/buttons/ 1 KB
2 KB 27ms
18ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/buttons/paragon.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: e597bbd104586c21458e9fe10a265067870f2f4d4c33ab80e4124540e367c91b

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Thu, 28 Jan 2010 18:19:56 GMT
Server: Apache
ETag: "53a-47e3d90e6eb00"
Upgrade: h2,h2c
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 1338

GET
H/1.1 200
OK renegade.png
masseffect2saves.com/img/buttons/ 1 KB
2 KB 29ms
20ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/buttons/renegade.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: cf19425eeef1ad9c3cde12786e5b9b41c368338b016cc1c50d3586d75096aa94

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Thu, 28 Jan 2010 18:19:33 GMT
Server: Apache
ETag: "5f9-47e3d8f87f740"
Upgrade: h2,h2c
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=100
Content-Length: 1529

GET
H/1.1 200
OK mixed.png
masseffect2saves.com/img/buttons/ 2 KB
3 KB 42ms
26ms Image
image/png 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/buttons/mixed.png
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 09d0fdfd8b52a2658ae74c26628b721454c4ac67f0f1f0480b58d0fd9d2e1aeb

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Thu, 28 Jan 2010 18:18:48 GMT
Server: Apache
ETag: "8b3-47e3d8cd95200"
Content-Type: image/png
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 2227

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 95ms
43ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: masseffect2saves.com
URL: http://masseffect2saves.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16a4c21553e41118f037dd37f8598ed1aa3de4bc34a758f1d623383be9135ff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47897
x-xss-protection: 0
server: cafe
etag: 14571825055250064842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H/1.1 200
OK twitter.jpg
masseffect2saves.com/img/ 2 KB
2 KB 20ms
19ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/twitter.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 812901b5e3a537213ec29fcd1038a02d2668f073af193eb46ebf7ff4f7b38f93

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Sat, 06 Feb 2010 21:55:46 GMT
Server: Apache
ETag: "889-47ef5a15a9c80"
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 2185

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

58ms
20ms

Script
application/x-javascript

2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: masseffect2saves.com
URL: http://masseffect2saves.com/

Protocol

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0bd60c95d55721010eebef638d960403c3a3b7954379e7c7900b693d5400d791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 08:02:33 GMT
content-md5: GND0pdmr2ITIad3pMFg4rA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: vmKYWqhkFQ1S1NLaUcggkrXyYxjWg+GnwF2D/x642DC9iy1wU4UcRadKiFWTffI4l4IBeKGT2iidnnYC/+j6+Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1512268381
x-fb-content-md5: aff23fb0a017e72ea45b6780cd873d39
cross-origin-opener-policy: same-origin-allow-popups
etag: "a3334f405920762cbd4f5e92daa954a9"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Sat, 15 Apr 2023 08:09:51 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/all.js#xfbml=1
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1 200
OK menurow2.jpg
masseffect2saves.com/img/ 5 KB
5 KB 34ms
18ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/menurow2.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 5b1c8eb413e45baa4284d47e297afeb6cc0a63739c88530359d76e4aff202393

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Wed, 03 Feb 2010 04:23:56 GMT
Server: Apache
ETag: "12b8-47eaa962e4f00"
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 4792

GET
H/1.1 200
OK borderleft&right.jpg
masseffect2saves.com/img/ 400 B
733 B 37ms
21ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/borderleft&right.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 66686349b33262380b2598c45cd669df3b6468a5454e6bbda05785fb4b8cb47c

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Tue, 02 Feb 2010 03:30:26 GMT
Server: Apache
ETag: "190-47e95b9023880"
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 400

GET
H/1.1 200
OK bgrepeat.jpg
masseffect2saves.com/img/ 118 KB
119 KB 47ms
32ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/bgrepeat.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 79e233d000b105b1e6bd29c1d8f5abfd379aec09ba8a2a2f2190657353c34dcf

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Wed, 27 Jan 2010 05:39:43 GMT
Server: Apache
ETag: "1d8f9-47e1ed45065c0"
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=98
Content-Length: 121081

GET
H/1.1 200
OK bottom.jpg
masseffect2saves.com/img/ 1 KB
1 KB 20ms
20ms Image
image/jpeg 144.217.248.68
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://masseffect2saves.com/img/bottom.jpg
Requested by: Host: masseffect2saves.com
URL: http://masseffect2saves.com/
Protocol: HTTP/1.1
Server: 144.217.248.68 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS: p104.lithium.hosting
Software: Apache /
Resource Hash: 4594a8263a4c0c2d2ab1593b3e53188c7e2b6631b241903f695a3c0c527d7e87

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Date: Sat, 15 Apr 2023 08:02:33 GMT
Last-Modified: Tue, 02 Feb 2010 03:30:05 GMT
Server: Apache
ETag: "43a-47e95b7c1c940"
Content-Type: image/jpeg
X-Hosted-By: Lithium Hosting, llc - https://lithiumhosting.com
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=3, max=99
Content-Length: 1082

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 308 KB
86 KB 40ms
19ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=5012af92a37aac510b43bceaa8a3a25d

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b1ba3445ca0586b72b7e7456c7a37ec6ee0427b7e46a7f17255a492c04cef4b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://masseffect2saves.com/
Origin: http://masseffect2saves.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 15 Apr 2023 08:02:33 GMT
content-md5: jeIZM6PXynD19nqAymPLIQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88421
x-fb-rlafr: 0
x-fb-debug: UryzbJQXMelPDALwBuOgftKiv7Y1K/0ljPNdNkZwOlcm4L6tVnEr+j2Lc/wWAmXjrILy7M+Dm5BDyovp0UudQQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 3c87cf7c4184e088d05fcaadaffc3bc2
cross-origin-opener-policy: same-origin-allow-popups
etag: "6fe79e282949957c31984431c4a05c49"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sun, 14 Apr 2024 05:47:50 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/ 348 KB
117 KB 71ms
70ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ab2bbaa564a45c2f626c5cdee8e1636319e198ecc2376786f2a31fa8fdce3d54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119183
x-xss-protection: 0
server: cafe
etag: 9216096235708958037
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/ Frame 00FF 10 KB
5 KB 76ms
25ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230412/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 60620
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 14 Apr 2023 15:12:13 GMT
etag: 2378337311435320485
expires: Fri, 28 Apr 2023 15:12:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 407 B
337 B 33ms
33ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=masseffect2saves.com&callback=_gfp_s_&client=ca-pub-0781343443688760

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f235cdba7b0b7ce66494391a3f3d764948e945662ab4de98fbab8cdc0799a606

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 258
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
531 B 108ms
34ms Script
application/javascript 2607:f8b0:4004:c1d::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=masseffect2saves.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 79ms
33ms Script
application/javascript 2607:f8b0:4006:81e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=masseffect2saves.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D078 74 KB
30 KB 409ms
408ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06e6e2001381ee0727bc4528ed53e4d30248bef7e349cc0893a2a95e98b8f962

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30229
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
expires: Sat, 15 Apr 2023 08:02:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C665 74 KB
30 KB 342ms
342ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=29871647&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753196&bpp=1&bdt=172&idt=145&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=2171&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeEbr%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azTmOuEec4&p=http%3A//masseffect2saves.com&dtd=149

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7af6c5fdad382bc7c2f264f60f3264d6effd442226b3a907598dbc7c66a9618e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 30133
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
expires: Sat, 15 Apr 2023 08:02:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A235 0
171 B 35ms
34ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&adk=1812271804&adf=3025194257&lmt=1681545753&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x1080_r&format=0x0&url=http%3A%2F%2Fmasseffect2saves.com%2F&ea=0&pra=7&wgl=1&dt=1681545753211&bpp=1&bdt=186&idt=137&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60%2C468x60&nras=1&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=3&uci=a!3&fsb=1&dtd=145

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
expires: Sat, 15 Apr 2023 08:02:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame C665 8 KB
4 KB 75ms
25ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=29871647&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753196&bpp=1&bdt=172&idt=145&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=2171&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeEbr%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azTmOuEec4&p=http%3A//masseffect2saves.com&dtd=149

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 23:39:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3465
x-xss-protection: 0
server: cafe
etag: 6788195977828770272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 23:39:19 GMT

GET
H2 200 17790893070164840537
tpc.googlesyndication.com/simgad/ Frame C665 8 KB
8 KB 96ms
46ms Image
image/png 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17790893070164840537?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qmSrJCzB7o-qaxeo-5LxjZGlyJgdQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6fd64664945b226aaba660b9d4d2d39cc50ff28ab7e3b996553e55c8a9d1ffb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8260
x-xss-protection: 0
last-modified: Wed, 22 Feb 2023 00:36:27 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 14 Apr 2024 08:02:33 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame C665 22 KB
9 KB 24ms
24ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame C665 3 KB
1 KB 36ms
33ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame C665 20 KB
8 KB 25ms
22ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C665 159 KB
49 KB 124ms
72ms Script
text/javascript 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame C665 33 KB
13 KB 29ms
25ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94f229715266533168e8bde4c66fc0b249d45e022cb9cc333495f4a68a702017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:31:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13518
x-xss-protection: 0
server: cafe
etag: 3101116608242260287
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:31:53 GMT

GET
H2 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D078 8 KB
3 KB 24ms
24ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 23:39:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30194
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3465
x-xss-protection: 0
server: cafe
etag: 6788195977828770272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 23:39:19 GMT

GET
H2 200 18088752919831897754
tpc.googlesyndication.com/simgad/ Frame D078 11 KB
11 KB 25ms
25ms Image
image/png 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18088752919831897754?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkmEqnl58nf3FlfmNt3BbS0d3nLDg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee52d709f771771e03ad9da0f3df770fdf41e7fce0d4b56f5c505eb038803d35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Thu, 13 Apr 2023 21:07:32 GMT
x-content-type-options: nosniff
age: 125701
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11067
x-xss-protection: 0
last-modified: Wed, 22 Feb 2023 00:36:34 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 12 Apr 2024 21:07:32 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/ Frame D078 22 KB
9 KB 34ms
33ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8756
x-xss-protection: 0
server: cafe
etag: 5179999606349116156
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D078 3 KB
1 KB 32ms
31ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D078 20 KB
8 KB 33ms
32ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:25:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45452
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8509
x-xss-protection: 0
server: cafe
etag: 3034682829645713766
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:25:01 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D078 159 KB
49 KB 83ms
38ms Script
text/javascript 2607:f8b0:4004:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49801
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1681299295334834"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/ Frame D078 33 KB
13 KB 35ms
34ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230412/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

94f229715266533168e8bde4c66fc0b249d45e022cb9cc333495f4a68a702017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Fri, 14 Apr 2023 19:31:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45040
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13518
x-xss-protection: 0
server: cafe
etag: 3101116608242260287
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 28 Apr 2023 19:31:53 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame C665 0
0 45ms
42ms Fetch
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CLlTAGVo6ZNSZF6iMzLUP1oSygAaN8NC8b-mRnaigEQoQASD4lZYdYP3oooHwA6AB7LPywAHIAQKoAwHIA8kEqgTeAU_Q40hvCA6dYjcYb_ItxeRsj8nmpJv3VWtmmshRPdjponW8rJGl10Mc4kRgqipSXH_kx4lRTnkXU7K36kOZ1JEMMpJlJfgkQzUWuz6tg4oyT88QLcl3wrKXVcnJra89yqdyEXNwMZi-rvcF1ilJHKn_jMWBSqC0OXszYTKvmxc4HUIGST2VEm2f1wIqPATpxINEZBOCDmd_ZIL-LfffltJNF31yQB-gn9KHfmkibbnHCgq4PLznZqiXfQ5CIvWZXJ_5ASI4Qe1Anyw_jcqjKJ-hy4n6zNvykkt1i7VWfsAEyeefmKsEkgUECAQYAZIFBAgFGASgBgKAB_zLjb8CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQpEzSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMDc4MTM0MzQ0MzY4ODc2MBgA&sigh=0uefKXLkkBM&uach_m=[UACH]&cid=CAQSGwBygQiD7XzJFaF3ZJfbkKKGon70wxZJ6iQozxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=29871647&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753196&bpp=1&bdt=172&idt=145&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=2171&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeEbr%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azTmOuEec4&p=http%3A//masseffect2saves.com&dtd=149
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 15 Apr 2023 08:02:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D078 0
0 39ms
39ms Fetch
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C0c0xGVo6ZI3oFo-_zLUPxbmlaLKi2_9v7IH8xIsRChABIPiVlh1g_eiigfADoAHss_LAAcgBAqgDAcgDyQSqBNsBT9DRuIoQ9fbovHnk37va5z22m9HOr5M1jakc2mZ-ednmXciNXJdAJ2JZedINOi9FVGdz5RD6_ZLaISdh4yUYnynxuBe1mi0hHX8VBkmIlzHPv0pVPwW_RBWc_dU-RbfJ6qdgZvQyNddwGWxLojdASCI-Hyof37Fvb3BZwBMqI9jLIPF00rioFqosTG2AGKz1kpAF288ZxbM1kARZ7PUVpDyL5gsnrl-CJzfm95-35vdwq_VHomvCixZrhLH48yx9Z_GoGXU3L4xCdEK2ts-NVRWV24PrFdaZ2q2-wATf_NSbngSSBQQIBBgBkgUECAUYBKAGAoAH_MuNvwKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCB8QLSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItMDc4MTM0MzQ0MzY4ODc2MBgA&sigh=P63m0wWGoCw&uach_m=[UACH]&cid=CAQSGwBygQiD0xpFc1KczcbIoICaFTQwo6y7IAlMCBgB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 15 Apr 2023 08:02:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Apr 2023 08:02:33 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7DAC 143 B
166 B 24ms
23ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=29871647&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753196&bpp=1&bdt=172&idt=145&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&prev_fmts=468x60&correlator=6129982048531&frm=20&pv=1&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=2171&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeEbr%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=azTmOuEec4&p=http%3A//masseffect2saves.com&dtd=149
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 07:40:09 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C665 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5ef7832676b66dc27954b3c06950ac15cbf9a24b1b82716fac48d01000dfad5

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4A4D 143 B
166 B 26ms
24ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 1344
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 07:40:09 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D078 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d31337fc52d64c63ab778ab63ef32683fafde896d3e24e0dcde386d927c0c9d

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7DAC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

61ms
60ms

Document
text/html

2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
expires: Sat, 15 Apr 2023 08:02:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4A4D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

32ms
32ms

Document
text/html

2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
expires: Sat, 15 Apr 2023 08:02:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:33 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js Show response
pagead2.googlesyndication.com/bg/ Frame 34DA 36 KB
14 KB 25ms
25ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0781343443688760&output=html&h=60&slotname=6304268135&adk=1146767599&adf=525012917&pi=t.ma~as.6304268135&w=468&lmt=1681545753&format=468x60&url=http%3A%2F%2Fmasseffect2saves.com%2F&wgl=1&dt=1681545753191&bpp=5&bdt=166&idt=125&shv=r20230412&mjsv=m202304120201&ptt=9&saldr=aa&abxe=1&correlator=6129982048531&frm=20&pv=2&ga_vid=1722192937.1681545753&ga_sid=1681545753&ga_hid=1713499563&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=423&ady=544&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759927%2C44759837%2C44759876%2C31071756%2C31073584%2C31073823&oid=2&pvsid=1277781579578144&tmod=2070389051&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7Cd%7CeE%7C&abl=NS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=5EhnlfKYaY&p=http%3A//masseffect2saves.com&dtd=143

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a90f66c347247549c2704fdf460fb67a9a0c68b52eae538cbf74d4e3e13cd7e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 19:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14294
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 19:29:26 GMT

GET
H2 200 like_box.php Show response
www.facebook.com/plugins/ Frame 8CD2 41 KB
15 KB 119ms
79ms Document
text/html 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d3e8b98a2b528%26domain%3Dmasseffect2saves.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fmasseffect2saves.com%252Ff2504011944192c%26relation%3Dparent.parent&color_scheme=dark&container_width=942&header=false&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FMass-Effect-Saves-masseffectsavescom%2F235955106491958&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=5012af92a37aac510b43bceaa8a3a25d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5508c449d94e4254270bb763780a783ee4687ffac20e1ac888df6bf849146339

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:34 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: sHRlwvitguIpnXqsNas87bKVS5z7C0J4AQi32erFp0h5EG+pluCOiW1f654+M5k43ZQhAmdMemjyfzRskp9+1g==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 90ms
42ms XHR
application/json 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230412&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f42d03bb74d0aeb1c8b696a8e54a817bc172e32efca740d01ae41063d548295a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11310
x-xss-protection: 0

GET
H3 200 qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js Show response
pagead2.googlesyndication.com/bg/ Frame 33AD 36 KB
14 KB 25ms
24ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a90f66c347247549c2704fdf460fb67a9a0c68b52eae538cbf74d4e3e13cd7e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 19:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14294
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 19:29:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 33ms
33ms Script
text/javascript 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304120201/show_ads_impl_fy2021.js?bust=31073823

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 08:02:34 GMT

GET
H2 200 z7wmxKtIZsi.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ Frame 8CD2 20 KB
5 KB 63ms
19ms Stylesheet
text/css 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/z7wmxKtIZsi.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d3e8b98a2b528%26domain%3Dmasseffect2saves.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fmasseffect2saves.com%252Ff2504011944192c%26relation%3Dparent.parent&color_scheme=dark&container_width=942&header=false&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FMass-Effect-Saves-masseffectsavescom%2F235955106491958&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4fbc87a75771407325342610ece2c80083d0b735dc7da625839fde08bcf66285

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: x3Wn+KCvITgs+5bNyICjZg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5108
x-fb-rlafr: 0
x-fb-debug: FLnvCaHgZHIHATMyrByO4Se5ON6oefxXYT1arrnXp69NsB7NuZXB5LBtnjV7MYoV/s0tHTHXIlZkBJ+A/aySwg==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 13 Apr 2024 18:50:59 GMT

GET
H2 200 k9frVvgZWTr.css
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/ Frame 8CD2 2 KB
1 KB 64ms
19ms Stylesheet
text/css 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/k9frVvgZWTr.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cb5c67ccd076f55e9436fb016a51b3c33f646751187a7e0053908ca5e265108b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: q6bCky1+00PrRbx3auADnQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 833
x-fb-rlafr: 0
x-fb-debug: O5z7pTagm3oXWIiyFW2Ib6/ddpITTf3qnvi/xOk3eG67uiw4Lpv75cF1JPI/So9i+Vf70PkIXb8mqMLdhsWLIA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 11 Apr 2024 00:05:15 GMT

GET
H2 200 PTAMAF8Hi8v.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y6/r/ Frame 8CD2 304 KB
80 KB 66ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/PTAMAF8Hi8v.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ad7d15812eaa6a06c1ba50fd4e12534afa72ef234e6263ddf5d633fe1ea7a9d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: +upM8hBNCoEzgKWYl/AzGg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 81667
x-fb-rlafr: 0
x-fb-debug: SJTsf+5qFde7/nDyvMfs6G31NFJlZBlee9yA4VVVr/CuyLQ9YT5SvPfTMaMimHQvwF6zlli3+tpm11pYEK0lQg==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 11 Apr 2024 02:30:43 GMT

GET
H2 200 GG1Y0sYc7My.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 8CD2 5 KB
2 KB 66ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8b95825e949e0d6c15b2cea8657756404426fe621d9c187dafb1c7b5133fad87

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: koakLGY1v5R2GWTxsSnA3g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1615
x-fb-rlafr: 0
x-fb-debug: O1EvsGERMgNGapOZXELDdARejjuA0JMlfLJWFvVu4qDeUGOvf50a9mWrdUq6c1LZsWPLu61q+kVwDnX32bmwRQ==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 10 Apr 2024 06:28:06 GMT

GET
H2 200 TXms_HrZwKP.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y9/r/ Frame 8CD2 57 KB
18 KB 66ms
22ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y9/r/TXms_HrZwKP.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

30a288f4b8350f8121ceab4313aa78320d3a313c7425136323191ced5b6a0b65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 5xeNXxWs1OEER8b29ktDpw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17978
x-fb-rlafr: 0
x-fb-debug: OFxJwGjxWSzPoyuVSbKe5t0NIq9nY7E9O8wtRZF9qjYoYCf27+WrG+A5KCdawNHBZhoIqlL+fvgDH7E2pIzAlg==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 10 Apr 2024 23:57:49 GMT

GET
H2 200 tsYdVHJ-hR3.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yp/r/ Frame 8CD2 56 KB
18 KB 66ms
23ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yp/r/tsYdVHJ-hR3.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

541aa8107ab5589ef7f8da4481836ffeef358d9dba7a3fad482d0bda1c7f9960

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: SuHECju1lDa01xQE0qV9nA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17750
x-fb-rlafr: 0
x-fb-debug: bC5EbUQIlV/GXEFom5wI2Pa/duqlwDOJKEvwopFj4bxc3FnFUaf3OQFw9wY1oIp+qlEq7Jl7erLSh0PxURvhtA==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 13 Apr 2024 05:46:48 GMT

GET
H2 200 Pv0iK0zPy4O.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y-/l/en_US/ Frame 8CD2 76 KB
22 KB 67ms
23ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/y-/l/en_US/Pv0iK0zPy4O.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8974530f358dc6bbfebba9505256b40cc59f232bc1af94345af19812708e77d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Kh41dmFozgy03fqFEzwPVA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 22452
x-fb-rlafr: 0
x-fb-debug: axzZVNraYX3Xcw0YpCQho7cp5EW9tF0M+YtkRgTYhbnScFV8hQy3O1NsXmTaKmko6HTbzeAt31cheTMKx7jILQ==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 11 Apr 2024 20:07:21 GMT

GET
H2 200 p55HfXW__mM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame 8CD2 507 B
486 B 66ms
23ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: L5E9gSgR735vyjAzTFly4g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 293
x-fb-rlafr: 0
x-fb-debug: P3eVJi2JRflDRneXdgoHYN9ZoXo4KVsN6F23rvOEUZh9Qubp1WOXiQzSZxdnh/koCI2dJ+mGyNsd+rXXc5H3Iw==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Wed, 10 Apr 2024 22:48:10 GMT

GET
H2 200 298958075_443506447836204_8164208546418249173_n.jpg
scontent-yyz1-1.xx.fbcdn.net/v/t39.30808-1/ Frame 8CD2 1 KB
2 KB 65ms
18ms Image
image/jpeg 2a03:2880:f00e:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-yyz1-1.xx.fbcdn.net/v/t39.30808-1/298958075_443506447836204_8164208546418249173_n.jpg?stp=c0.0.50.50a_cp0_dst-jpg_p50x50&_nc_cat=110&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=eLAdp8yVAbgAX_8wO0W&_nc_ht=scontent-yyz1-1.xx&edm=ANSO7JkEAAAA&oh=00_AfD6KnGBhCgZukMOkZte7S91v9f8GMtOeXRSHuDAwCI6kg&oe=643F4FE0
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/like_box.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2d3e8b98a2b528%26domain%3Dmasseffect2saves.com%26is_canvas%3Dfalse%26origin%3Dhttp%253A%252F%252Fmasseffect2saves.com%252Ff2504011944192c%26relation%3Dparent.parent&color_scheme=dark&container_width=942&header=false&href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FMass-Effect-Saves-masseffectsavescom%2F235955106491958&locale=en_US&sdk=joey&show_faces=false&stream=false&width=292
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 910c3894ef647eec77edd7cf051a94ea117515a8f98fb98e186661c007e03418

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

x-haystack-needlechecksum: 3161216287
date: Sat, 15 Apr 2023 08:02:34 GMT
x-fb-trip-id: 1512268381
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 19 Aug 2022 13:05:45 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=3691177363
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 46191646
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1493

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CDD2 13 KB
5 KB 26ms
24ms Document
text/html 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 310701
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Apr 2023 17:44:13 GMT
expires: Wed, 10 Apr 2024 17:44:13 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6F19 783 B
971 B 44ms
43ms Document
text/html 2607:f8b0:4004:c1b::63
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::63 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

270a6731d9dd84fca961ba9371c975aa7108c5878037198a5c7b58ff3c1f28c1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rMjtHZyTywW5d6Z4CkyRuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://masseffect2saves.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-rMjtHZyTywW5d6Z4CkyRuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 15 Apr 2023 08:02:34 GMT
expires: Sat, 15 Apr 2023 08:02:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js Show response
pagead2.googlesyndication.com/bg/ Frame CDD2 36 KB
14 KB 25ms
24ms Script
text/javascript 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/qQ9mw0ckdUnCcE_fRg-2epoMaLUurlOMv3TU4-E81-A.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a90f66c347247549c2704fdf460fb67a9a0c68b52eae538cbf74d4e3e13cd7e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Wed, 12 Apr 2023 19:29:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 217988
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14294
x-xss-protection: 0
last-modified: Tue, 11 Apr 2023 10:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 11 Apr 2024 19:29:26 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6F19 0
0 32ms
32ms Image
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230412&jk=1277781579578144&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 UXtr_j2Fwe-.png
static.xx.fbcdn.net/rsrc.php/v3/yw/r/ Frame 8CD2 573 B
629 B 39ms
17ms Image
image/png 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yw/r/UXtr_j2Fwe-.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/z7wmxKtIZsi.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/z7wmxKtIZsi.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
x-content-type-options: nosniff
content-md5: 07aG/2AEtDHVAZ5LUajMDQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 573
x-fb-rlafr: 0
x-fb-debug: 4fFZinlHznBEST2yy6l1Ya5OGl021A9FEOPgyb493KIALIjz3NCr0sJWQAbqu+HwPYf9fjHEbD1S/jBAcYptHA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1,i
expires: Sat, 13 Apr 2024 11:58:50 GMT

GET
H3 200 -YfYBc41JI7.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y1/r/ Frame 8CD2 25 KB
8 KB 19ms
18ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y1/r/-YfYBc41JI7.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/PTAMAF8Hi8v.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e95cae8d40d54a66307d061c442dd08b982292891e91a92be1cb21eec8a2d22d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: dWoEb7wLFR6Z3VHvF0fu4A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 8322
x-fb-rlafr: 0
x-fb-debug: Ytrvd710YsKuJIg+QtHugq/BE7uWofMf+AsN0zJJjSBU3hF2elYrbbmCVXlw5nye5jeNGiFqEUWFnZ/eFdi1FQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Fri, 12 Apr 2024 15:24:41 GMT

GET
H3 200 BW7a5tS7MH9.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yT/r/ Frame 8CD2 10 KB
3 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yT/r/BW7a5tS7MH9.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y6/r/PTAMAF8Hi8v.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b4e8897f617acf8c561309a5d51674bc1cbef024b66acf21ceb35ddf76a0c16b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 35ezpiND1KsgnE8MWEcrlA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3500
x-fb-rlafr: 0
x-fb-debug: CQpQcmYmVUQAFpHq4T47xf7yFAuqIvZdnM3XpM1e+o9xoQLV/L6O6Bk3d6F0Ua9FhQoNlC2QYKTPyUZffkVLqg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Fri, 12 Apr 2024 02:03:04 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CDD2 0
10 B 24ms
24ms Image
text/plain 2607:f8b0:4004:c07::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?AHMcXg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c07::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

date: Sat, 15 Apr 2023 08:02:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 36ms
35ms Image
text/html 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230412&jk=1277781579578144&bg=!BgWlBVHNAAZA7GLoYOw7ADkAdvg8WsYtnsDGpqQVxdmZhy6_Ga_57RLAw0bqgmrRkEbTQKIb1heNBYIA_oEblswqdo067MTfO4YCAAAAX1IAAAAEaAEHmQLhBf1UmbLp0CL3T7qPPvahgftylBr1t8rWF8J1H6ykqScvIiehsLl2lQ5SDFZPYxLZS2CFdkobewkoQL8tnOAP6u-h3BqSJcCbBPdrCSCRA-CLjYuNn5kyd91i6BZnS61EhpDzVZv6Ebwgs6xCWHGl-DwJtt21KzxWRJ0hzjwdsS113l2AFU7mjqlKvcLgR-FQ1hLEFM78olEsyzEC1ZT-PJNlFYfwkEG6J9iNVlqgriex57zRGmDxtK4qQpqWj1cfRsyRgcBY4iTT7flqPXS9u8lmZimgQFF3hsDSJMxXX1tKVZ40shjifMm1zyS9lhvDoXjSBBia_Zli9CT978zS25qqNJ1rtA6FfQcNigBT9Wyg10QvQdbZih0iQserq1zE9LB-TEE_29Ny42vCY8ZleVqsLz2Xz_2NBEGFW2cKpyADPM8uX_Tpza1bW7fz2r8fT4T_sJi03IxlzpO9SLp3HkgJYLK_9S9docYm_QdItMQ3nskuekgsw4Y8b7A8Q43O2ai5Tbn8WhtdJyrfHn7FqILsX7KMNcNtE08XYeHDlsfTCQ2AO0w8rYjyrStedFI6t-ARPHQzxhzJ8n_ghZmArJ7xHdcLSv9fNsVN_5_2XHY9kGyOOSAfHWjjkhwY8aojVZ7roEkgySDcF6xuOEN-L_JH_-lr6zZPEwkR0kutJ4f8eFktn1IWIVu_PJ0RlP-kM7Pyd2ICBY8Nx1KhjwSotIZUdcPoNbytqR1EFQYVfuTsdVSPrYtTBTuKZ_n-C9RTTMmy9RymmhBh1OdpLVcrh9BsqT2oDQ4Ar5R8ZP2hbyZDr85eRjQwFN19EK59iSM7QuqsaHcsUVWh8SbUWYeeXUtDUpmAgEakAUQT0-t0R-adAaFOM1kFmJKy-0G1g-dfMsA_RsG33811qxZC7NqdB9LQSqHYsBGDIOGMDw0buqu7anFwNLyuK-RvP2pTS3xI-hydi4emX5XB9jHybX4MvfM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: http://masseffect2saves.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D078 42 B
64 B 35ms
34ms Fetch
image/gif 2607:f8b0:4004:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstCC2wrBr_Zj-OK2m_5b0BAnY9-L9ve9Dn4gFxdqtPRP3dBq1Z5y1qjuwkYSxoKyLS0Du09Lme74LzlBsssGT93ArPGlWJCSxSf3CnRD_dc1yFutvLmwByqppGDzLGSFOqreog&sai=AMfl-YSI7N71dPckkZ_uoI1iIvbcrQFFyt0gxuukpwU9Y5_62N85NJ7JRMkfLVhwSrhhKiSwAgYYR8ZOUGEO&sig=Cg0ArKJSzJQWR2_C2FAoEAE&cid=CAQSGwBygQiD0xpFc1KczcbIoICaFTQwo6y7IAlMCBgB&id=lidar2&mcvt=1000&p=0,0,58,468&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230412&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1146767599&rs=2&la=0&cr=0&vs=4&r=v&rst=1681545753336&rpt=601&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.49 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Apr 2023 08:02:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.masseffect2saves.com/	1970-01-20 20:27:21	Name: __gads Value: ID=23675d653af28d3f-225f4bfb12df00fe:T=1681545753:RT=1681545753:S=ALNI_Mb7cOg0NAqKEM1JCsQfd2DoRwywHQ
.masseffect2saves.com/	1970-01-20 20:27:21	Name: __gpi Value: UID=00000be2bdcb39af:T=1681545753:RT=1681545753:S=ALNI_MbyM0RqFJZgLVFs3m8rzCYDMn9YmQ
.doubleclick.net/	1970-01-20 20:41:45	Name: IDE Value: AHWqTUmrv0ILkzdtrU_XiSKQx8Oriyf5j0UXLp_HZxCUiBWEcJs43Q88S3iJ-ItQDb0
.doubleclick.net/	1970-01-20 11:05:49	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.ca
adservice.google.com
connect.facebook.net
googleads.g.doubleclick.net
masseffect2saves.com
pagead2.googlesyndication.com
partner.googleadservices.com
scontent-yyz1-1.xx.fbcdn.net
static.xx.fbcdn.net
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
144.217.248.68
2607:f8b0:4004:c06::9a
2607:f8b0:4004:c07::84
2607:f8b0:4004:c08::9b
2607:f8b0:4004:c1b::63
2607:f8b0:4004:c1b::9c
2607:f8b0:4004:c1d::9b
2607:f8b0:4006:81e::2002
2a03:2880:f00e:13:face:b00c:0:3
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
06651ca6e394ca09b53ebfa183d828eaf6061ea8c25842c82feb0328ba806547
06e6e2001381ee0727bc4528ed53e4d30248bef7e349cc0893a2a95e98b8f962
09d0fdfd8b52a2658ae74c26628b721454c4ac67f0f1f0480b58d0fd9d2e1aeb
0bd60c95d55721010eebef638d960403c3a3b7954379e7c7900b693d5400d791
16a4c21553e41118f037dd37f8598ed1aa3de4bc34a758f1d623383be9135ff6
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
26f2c1abc7720059c2f88aac37f0b15cd551c1b69b522eef0bf782cefcc98dc5
270a6731d9dd84fca961ba9371c975aa7108c5878037198a5c7b58ff3c1f28c1
30a288f4b8350f8121ceab4313aa78320d3a313c7425136323191ced5b6a0b65
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
4594a8263a4c0c2d2ab1593b3e53188c7e2b6631b241903f695a3c0c527d7e87
4fbc87a75771407325342610ece2c80083d0b735dc7da625839fde08bcf66285
541aa8107ab5589ef7f8da4481836ffeef358d9dba7a3fad482d0bda1c7f9960
5508c449d94e4254270bb763780a783ee4687ffac20e1ac888df6bf849146339
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55bc11b5d899b423546a0757044aa62af9a3c2b302d4d2bb7c5e4b98dbd0cdc1
5b1c8eb413e45baa4284d47e297afeb6cc0a63739c88530359d76e4aff202393
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66686349b33262380b2598c45cd669df3b6468a5454e6bbda05785fb4b8cb47c
6d31337fc52d64c63ab778ab63ef32683fafde896d3e24e0dcde386d927c0c9d
78cad1fb95d1e9bbe4a7b1f90fa38ef699314ee65bf914e65ffae62005103a8e
79e233d000b105b1e6bd29c1d8f5abfd379aec09ba8a2a2f2190657353c34dcf
7af6c5fdad382bc7c2f264f60f3264d6effd442226b3a907598dbc7c66a9618e
812901b5e3a537213ec29fcd1038a02d2668f073af193eb46ebf7ff4f7b38f93
8974530f358dc6bbfebba9505256b40cc59f232bc1af94345af19812708e77d7
8b95825e949e0d6c15b2cea8657756404426fe621d9c187dafb1c7b5133fad87
910c3894ef647eec77edd7cf051a94ea117515a8f98fb98e186661c007e03418
94f229715266533168e8bde4c66fc0b249d45e022cb9cc333495f4a68a702017
96e3e8dfde6b1042514824bac1b44282d4a76bac028f2d767f6534dce2cf3db0
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a90f66c347247549c2704fdf460fb67a9a0c68b52eae538cbf74d4e3e13cd7e0
ab2bbaa564a45c2f626c5cdee8e1636319e198ecc2376786f2a31fa8fdce3d54
ad7d15812eaa6a06c1ba50fd4e12534afa72ef234e6263ddf5d633fe1ea7a9d0
b1b3b73852f7856f1a0f317701846bc7853eb5b127ba882c23c5073dbe6d022d
b1ba3445ca0586b72b7e7456c7a37ec6ee0427b7e46a7f17255a492c04cef4b5
b4e8897f617acf8c561309a5d51674bc1cbef024b66acf21ceb35ddf76a0c16b
b9c5d9b8b92bb70cb3cd8ca816be522fcb3c2ac8f3250a4fc175ec54676c5681
c5ef7832676b66dc27954b3c06950ac15cbf9a24b1b82716fac48d01000dfad5
c6fd64664945b226aaba660b9d4d2d39cc50ff28ab7e3b996553e55c8a9d1ffb
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cb5c67ccd076f55e9436fb016a51b3c33f646751187a7e0053908ca5e265108b
cbeee230de9adc4b4765d4387c54fa936a5c26f8306fe0e6f5f8415284f56c33
cf19425eeef1ad9c3cde12786e5b9b41c368338b016cc1c50d3586d75096aa94
d1208252314ae1325b9fde354b2b5b8a000c6c197ab87d74329bdfc5ff8776db
dd3aa995bb85503cc83969711c952e87c1103e091a2564fae9649bd9c46c0db9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e597bbd104586c21458e9fe10a265067870f2f4d4c33ab80e4124540e367c91b
e95cae8d40d54a66307d061c442dd08b982292891e91a92be1cb21eec8a2d22d
ee52d709f771771e03ad9da0f3df770fdf41e7fce0d4b56f5c505eb038803d35
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f235cdba7b0b7ce66494391a3f3d764948e945662ab4de98fbab8cdc0799a606
f42d03bb74d0aeb1c8b696a8e54a817bc172e32efca740d01ae41063d548295a

masseffect2saves.com Open in urlscan Pro 144.217.248.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

68 Requests

79 %HTTPS

91 %IPv6

10 Domains

13 Subdomains

12 IPs

2 Countries

1124 kBTransfer

2599 kBSize

4 Cookies

11 Outgoing links

Redirected requests

68 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

masseffect2saves.com Open in urlscan Pro
144.217.248.68 Public Scan

Screenshot
Live screenshot

Full Image

68
Requests

79 %
HTTPS

91 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

1124 kB
Transfer

2599 kB
Size

4
Cookies

68 HTTP transactions
2 data transactions