safehaven.com
Open in
urlscan Pro
52.24.164.59
Public Scan
Submission: On March 31 via automatic, source hackernews
Summary
TLS certificate: Issued by Amazon on December 31st 2018. Valid for: a year.
This is the only time safehaven.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-164-59.us-west-2.compute.amazonaws.com
safehaven.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
d2p6ty67371ecn.cloudfront.net |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
d1o9e4un86hhpc.cloudfront.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
d32r1sh890xpii.cloudfront.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
d2t794khe5w43b.cloudfront.net |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.twitter.com |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s46-in-f2.1e100.net
www.googleadservices.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdn.pushcrew.com |
ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net | |
www.googletagservices.com |
ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
a.optmstr.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-50-17-52-222.compute-1.amazonaws.com
api.optmnstr.com |
ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
a.optmnstr.com |
Domain | Requested by | |
---|---|---|
18 | d2p6ty67371ecn.cloudfront.net |
safehaven.com
platform.twitter.com |
11 | d2t794khe5w43b.cloudfront.net |
safehaven.com
|
4 | pagead2.googlesyndication.com |
safehaven.com
pagead2.googlesyndication.com |
3 | fonts.gstatic.com |
safehaven.com
www.googletagservices.com |
3 | googleads.g.doubleclick.net |
www.googleadservices.com
pagead2.googlesyndication.com |
3 | safehaven.com |
safehaven.com
d2p6ty67371ecn.cloudfront.net |
2 | fonts.googleapis.com |
ajax.googleapis.com
d2p6ty67371ecn.cloudfront.net |
2 | www.facebook.com |
safehaven.com
connect.facebook.net |
2 | maxcdn.bootstrapcdn.com |
safehaven.com
|
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
2 | connect.facebook.net |
safehaven.com
connect.facebook.net |
2 | platform.twitter.com |
safehaven.com
platform.twitter.com |
2 | d1o9e4un86hhpc.cloudfront.net |
safehaven.com
|
2 | cdnjs.cloudflare.com |
safehaven.com
|
2 | www.googletagmanager.com |
safehaven.com
|
1 | ajax.googleapis.com |
a.optmnstr.com
|
1 | a.optmnstr.com |
a.optmstr.com
|
1 | api.optmnstr.com |
a.optmstr.com
|
1 | www.googletagservices.com |
pagead2.googlesyndication.com
|
1 | a.optmstr.com |
safehaven.com
|
1 | adservice.google.com |
pagead2.googlesyndication.com
|
1 | adservice.google.de |
pagead2.googlesyndication.com
|
1 | www.google.de |
safehaven.com
|
1 | www.google.com |
safehaven.com
|
1 | stats.g.doubleclick.net |
safehaven.com
|
1 | cdn.pushcrew.com |
safehaven.com
|
1 | www.googleadservices.com |
www.googletagmanager.com
|
1 | d32r1sh890xpii.cloudfront.net |
safehaven.com
|
72 | 28 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
twitter.com |
plus.google.com |
www.linkedin.com |
reddit.com |
www.reuters.com |
d2t794khe5w43b.cloudfront.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
safehaven.com Amazon |
2018-12-31 - 2020-01-31 |
a year | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-02 - 2019-09-08 |
6 months | crt.sh |
*.twimg.com DigiCert SHA2 High Assurance Server CA |
2018-11-19 - 2019-11-27 |
a year | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2019-03-08 - 2019-06-06 |
3 months | crt.sh |
www.googleadservices.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.pushcrew.com Go Daddy Secure Certificate Authority - G2 |
2016-06-02 - 2019-07-31 |
3 years | crt.sh |
www.google.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
www.google.de Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.optmstr.com Go Daddy Secure Certificate Authority - G2 |
2018-01-24 - 2020-01-24 |
2 years | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.optmnstr.com Go Daddy Secure Certificate Authority - G2 |
2018-07-10 - 2020-07-10 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
This page contains 6 frames:
Primary Page:
https://safehaven.com/investing/investing-other/American-Companies-Still-Stashing-Trillions-Abroad.html
Frame ID: BCB5E8D9CFF19DB88DDFDF03B95F6724
Requests: 67 HTTP requests in this frame
Frame:
https://pagead2.googlesyndication.com/pagead/js/r20190327/r20190131/show_ads_impl.js
Frame ID: C2BF085146AF91703228B3E614E1BB93
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20190327/r20190131/zrt_lookup.html
Frame ID: 3C5D932C29A44C4AC2BED41AC2C200BE
Requests: 1 HTTP requests in this frame
Frame:
https://platform.twitter.com/widgets/widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html?origin=https%3A%2F%2Fsafehaven.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 19ED997618D4FB08B8FC4C09C2DDBCBC
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3591192809579527&output=html&h=600&slotname=4567744068&adk=3565467066&adf=149215067&w=286&fwrn=4&fwrnh=100&lmt=1554067975&rafmt=1&guci=1.2.0.0.2.2.0.0&format=286x600&url=https%3A%2F%2Fsafehaven.com%2Finvesting%2Finvesting-other%2FAmerican-Companies-Still-Stashing-Trillions-Abroad.html&flash=0&fwr=0&resp_fmts=4&wgl=1&dt=1554067975601&bpp=14&bdt=272&idt=80&shv=r20190327&cbv=r20190131&saldr=aa&abxe=1&correlator=5575223813263&frm=20&pv=2&ga_vid=1322841656.1554067975&ga_sid=1554067976&ga_hid=923550949&ga_fc=0&iag=0&icsg=8589945352&dssz=29&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1034&ady=819&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=20040013%2C21060853&oid=3&rx=0&eae=0&fc=656&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&ppjl=u&pfx=0&fu=8336&bc=15&osw_key=3689765663&ifi=1&uci=1.c8pejajtnld8&fsb=1&xpc=IIrqm5M6DL&p=https%3A//safehaven.com&dtd=101
Frame ID: FB3EAE1C60EFA3445BAAFF7EFDAAE808
Requests: 1 HTTP requests in this frame
Frame:
https://www.facebook.com/tr/
Frame ID: 9B0D6790CB4453D0DC84D08637F59390
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
Amazon EC2 (Web Servers) Expand
Detected patterns
- headers server /\(Amazon\)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Facebook (Widgets) Expand
Detected patterns
- script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Google AdSense (Advertising Networks) Expand
Detected patterns
- script /googlesyndication\.com\//i
- env /^google_ad_/i
- env /^__google_ad_/i
- env /^Goog_AdSense_/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Google +
Search URL Search Domain Scan URL
Title: Linkedin
Search URL Search Domain Scan URL
Title: Reddit
Search URL Search Domain Scan URL
Title: whereby reinvested foreign earnings have suddenly shot up.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 37- https://www.google-analytics.com/r/collect?v=1&_v=j73&aip=1&a=923550949&t=pageview&_s=1&dl=https%3A%2F%2Fsafehaven.com%2Finvesting%2Finvesting-other%2FAmerican-Companies-Still-Stashing-Trillions-Abroad.html&ul=en-us&de=UTF-8&dt=American%20Companies%20Still%20Stashing%20Trillions%20Abroad%20%7C%20SafeHaven.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1638068910&gjid=1905820238&cid=1322841656.1554067975&tid=UA-2249023-27&_gid=190852098.1554067975&_r=1>m=2oa3i1&z=1383701369 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=1322841656.1554067975&jid=1638068910&_gid=190852098.1554067975&gjid=1905820238&_v=j73&z=1383701369
72 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
American-Companies-Still-Stashing-Trillions-Abroad.html
safehaven.com/investing/investing-other/ |
67 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
63 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
63 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/articles/style.css,a/css/category/ |
88 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.12.3.min.js
d2p6ty67371ecn.cloudfront.net/a/js/third_party/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-no-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chart_green.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ |
32 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chart.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ |
27 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blend_45_2.png
d32r1sh890xpii.cloudfront.net/header_graphs/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
featherlight.css
safehaven.com/a/css/third_party/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5e394010ca24fda8483109789a057951.jpg
d2t794khe5w43b.cloudfront.net/article/110x92/ |
13 KB 13 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e479df23c580ad291f23aada7d92266c.jpg
d2t794khe5w43b.cloudfront.net/article/110x92/ |
14 KB 14 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3539eccbef14e969d758f338d524fb91.jpg
d2t794khe5w43b.cloudfront.net/article/110x92/ |
9 KB 9 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6a5090856c04db454b9ec8faba036fac.jpg
d2t794khe5w43b.cloudfront.net/avatars/small/ |
4 KB 4 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
46b001e6478631a33f00132947ef83c8.jpg
d2t794khe5w43b.cloudfront.net/article/718x300/ |
146 KB 147 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1553880307-screen_shot_2019-03-29_at_11.24_.57_am_.png
d2t794khe5w43b.cloudfront.net/tinymce/2019-03/ |
224 KB 224 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1553880351-screen_shot_2019-03-29_at_11.25_.38_am_.png
d2t794khe5w43b.cloudfront.net/tinymce/2019-03/ |
84 KB 85 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1553880385-screen_shot_2019-03-29_at_11.26_.11_am_.png
d2t794khe5w43b.cloudfront.net/tinymce/2019-03/ |
97 KB 97 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
widgets.js
platform.twitter.com/ |
93 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9741d4ad577ab2b4f24e02f4714e592d.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ |
81 KB 81 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d9a7eba895773530060903f16a846323.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ |
148 KB 148 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fc9679bc0bc9535a0f33bac8e9aaabf8.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ |
140 KB 140 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
83 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
envolope.png
d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-plus.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
52 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rss.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/third_party/featherlight.js,a/js/articles/view/script.js,a/js/third_... |
29 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conversion_async.js
www.googleadservices.com/pagead/ |
23 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ee70c0a7d2f14ec08939692fc7857b11.js
cdn.pushcrew.com/js/ |
228 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search.png
d2p6ty67371ecn.cloudfront.net/a/img/ |
770 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
376852353080525
connect.facebook.net/signals/config/ |
174 KB 41 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/814550776/ |
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.de/pagead/1p-user-list/814550776/ |
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-side.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gplus.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linkedin-side.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reddit-side.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_bullet.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
238 B 605 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
linkedin.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reddit.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.de/adsid/ |
109 B 481 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
109 B 481 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190327/r20190131/ |
203 KB 76 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190327/r20190131/ Frame C2BF |
203 KB 76 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ca-pub-3591192809579527.js
pagead2.googlesyndication.com/pub-config/r20160913/ |
133 B 276 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190327/r20190131/ Frame 3C5D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.min.js
a.optmstr.com/app/js/ |
172 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
46657
safehaven.com/ajax/ac/ |
0 543 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
widget_iframe.2e9f365dae390394eb8d923cba8c5b11.html
platform.twitter.com/widgets/ Frame 19ED |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame FB3E |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
osd.js
www.googletagservices.com/activeview/js/current/ |
77 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 251 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20987
api.optmnstr.com/v2/embed/ |
101 KB 9 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
legacy-api.min.js
a.optmnstr.com/app/js/ |
106 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ |
16 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
www.facebook.com/tr/ Frame 9B0D |
0 0 |
Document
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 794 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 638 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v16/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN8rsOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v16/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
fonts.gstatic.com/s/opensans/v16/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
113 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| gtag object| dataLayer function| fbq function| _fbq object| google_tag_manager string| GoogleAnalyticsObject function| ga function| $ function| jQuery object| _pcq object| cookieconsent object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| __twttrll object| twttr object| __twttr object| adsbygoogle string| box2_html string| banner_html string| article_id number| captcha_completed object| google_js_reporting_queue object| google_ad_modifications boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd number| google_lpabyc number| google_unique_id object| google_sv_map object| google_t12n_vars function| getCookie function| menu_underline function| scrollWin function| dump function| addOption function| removeAllOptions function| externalLinks function| country function| hidelinks function| loginFocus function| authorBoxSize object| jQuery1123021137748691282998 function| cb function| raf object| om1720_20987 function| om1720_20987_poll function| google_sa_impl object| google_persistent_state_async object| google_pub_config object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| google_jobrunner object| ampInaboxIframes object| ampInaboxPendingMessages function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired object| __core-js_shared__ function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| PC object| VWO object| _vwo_exp_ids object| _vwo_exp string| _vwo_server_url object| _vis_opt_queue function| bowser object| __pc object| _pushcrewDebuggingQueue object| _pc_u boolean| ecomEventsInit object| _omapp object| OptinMonsterAppOptins boolean| OptinMonsterAppParsedLinks object| OptinMonsterAppLinksParsed object| OptinMonsterAppLinkSlugs object| OptinMonsterAppSettings object| OptinMonsterAppVariables boolean| OptinMonsterAppStorage number| OptinMonsterAppPosition boolean| OptinMonsterAppPopupLoaded object| OptinMonsterAppLocation boolean| OptinMonsterAdbl boolean| OptinMonsterJqLoaded boolean| OptinMonsterJqGlobal object| OptinMonsterSiteData boolean| OptinMonsterSiteLoaded object| OptinMonsterSiteInit number| OptinMonsterInactivityTime object| kicgi3dcy9uczmndcq3e object| up0fldhva12klauirely object| WebFont number| spacingDist11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
safehaven.com/ | Name: _omappvp Value: VIv7LCXQrqWln307RThwdvQb7dg0wyEGW1lSoniaiBh9uBJQa5KvMsW1D2r7nGuEyNZcrSp0MO04cDPa3Goky7rYqFVJSxGL |
|
.doubleclick.net/ | Name: DSID Value: NO_DATA |
|
safehaven.com/ | Name: AWSALB Value: ylBaTjkuXojygOTTQkt/QRbG2CVd6WQu+r9l/UZs8xrwc2A1VcDnAR9oO+6da4/c9gR5lE6wi9KawRqiaN7aSOxwpOp/aQ64HvQAbqHS//LAteQRm87xKErYkZyD |
|
.safehaven.com/ | Name: _fbp Value: fb.1.1554067975724.1039489888 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUkOCb4mvgMr1xi8ybtK4xJWqEellKasV7G6eL1ZKGDnUVtgfhEOPOwih4wl |
|
.safehaven.com/ | Name: _gat_gtag_UA_2249023_27 Value: 1 |
|
.safehaven.com/ | Name: _ga Value: GA1.2.1322841656.1554067975 |
|
safehaven.com/ | Name: _omappvs Value: 1554067975733 |
|
safehaven.com/ | Name: safehaven_ci Value: 27eb4781b3fc02b90cc9f83552373f6b2383d14a |
|
.safehaven.com/ | Name: _gid Value: GA1.2.190852098.1554067975 |
|
safehaven.com/ | Name: csrf_safehaven_cookie Value: 686826567ebacda651e2d94b96de4d31 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
a.optmnstr.com
a.optmstr.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
api.optmnstr.com
cdn.pushcrew.com
cdnjs.cloudflare.com
connect.facebook.net
d1o9e4un86hhpc.cloudfront.net
d2p6ty67371ecn.cloudfront.net
d2t794khe5w43b.cloudfront.net
d32r1sh890xpii.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
platform.twitter.com
safehaven.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
172.217.16.130
209.197.3.15
23.111.11.100
23.111.9.217
2600:9000:200c:3600:c:5250:79c0:21
2600:9000:200c:6e00:17:eca0:da80:21
2600:9000:200c:8000:10:4f52:7800:21
2600:9000:200c:8000:3:442:6dc0:21
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:3777
2606:4700::6813:c797
2a00:1450:4001:806::200e
2a00:1450:4001:809::2003
2a00:1450:4001:814::2002
2a00:1450:4001:814::2003
2a00:1450:4001:815::2002
2a00:1450:4001:816::2004
2a00:1450:4001:818::200a
2a00:1450:4001:81c::2002
2a00:1450:4001:820::2008
2a00:1450:4001:825::200a
2a00:1450:400c:c08::9d
2a00:1450:4016:801::2002
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
50.17.52.222
52.24.164.59
0404d54ec09de610b5a6cfdb8718367c8498ea3a7bf9936236ae6562bcf721e6
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1791fa8e288f5588d40390d47d47bdf4163b4176bb892804ae3c8a10d54e83c4
1b5d89b8233ac5ecab58c5e23524a6ac83c10ded37c837f2667ffe9f340dfbec
28bc95613c388fca0b84b909d79b44eac7999a4cf1652f8759503bc90dba986f
2a4089745746d595e7f738385d82d629e90ecd682fb378f2f61528a0f28e8138
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cffe1761bbbed1269aa87649feef6adf3197dba01c0701b01bafaa7bc6d301c
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d
3647cb4d72a5035b8d5580e571f570eb91c5e808b39493ca98139206db4ca28c
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
4084a3b7f2261366b489389d91015f9deb6511eaad6b80002e6126fbf98a4f7e
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
460c112ca18e517ef1a6c6abb2ba5ae55187138503a10177bf1908d9261c3a19
4b3db6d166303befa4b0437c76a2c1cd05e7641805f4c13b1bf8a68ae5737654
527991904df72a2a693d7b510572c5a6cada8faea8e4f3b849c71b8860e6a770
5421a46ed49356771f46f27d2b696c01aa2a45176e4a92dbe8ac5aadbff4ac62
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
5b79691f208714bc2805b0a2d1a225e89ed1d85f8e7b09698b423fb78c3c1b4d
62e3da429e18f0447582cd679b708f286421b9fe1507a49066e447daf310ac17
6658bb04ff4cf74ad1dd77da6f809539f4dd6bb56ec030a3e1c3d184fc8d743a
68df13dcaaa07dbca304e3eaafbff63fd91c248c1dd6cf2f70c6c4b3459d538b
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174
6cc5287bc6358d333b825b051817089b446c255afa6dd81d3d5e79f6b0c67ce5
6f023a6ff39f91547bad71637e127374fdcbdeab0ab4a1c102e6251f90e4369b
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c96d76c4a27d39cc3e1b4dbbd643c18206764ee4db211c3ebb43ec01eeea320
7d858bbadc7cce39e10f8f57fea3e64377c57581b9ac7b3384dca9a1c70de895
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
875bd1662eba391059413d79f5f5dd8d9c275181d1ea8fa970eaf4adffcb0f27
89e543f6bf50785990384775f04b6407b0b5338df519afe8c933f3d8a11528d4
8bcb3d2ab9b1365447ec86850f505166faa3921fa969f03f3de80734a2a8a8dc
9164a396afe6b52a5d62d855e3ebb3b8f2ac9414026d49ca207389bdbb127b7d
966b756c643ff9ccca295b733af3ea11c0f88712d5de6f79dae9a3e8e21db27d
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9
969e713b68b8b212b07a6762d411e6eb08c864f765bf5f9c3bd4b5de73d0b35a
98e6149e0dd23eebfdbf2e3b83452d6de261456135e50d9113715919f36633de
9ed6308b644f91c953d318635ae4c5ea03977a40badb5c0ea94e963dd343a8dc
a0af9b94d4af9efbbf6cffb6be0fb273f4661db3877097414ee9db2a62131552
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b8e333a7e7d41dc143fa31303e6175732605e4623c845f51bf3cda398fe50e99
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3
c523c83a403ad7e19d221619c2c18ff467c024c21e45e361e2f868a51c5d2f75
c840a30ec004409ebb6cc0b3e2024b60c9b2d5e7599c736290e837b31926d6fb
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d1e03f1b87187d95299061c44de8f2be0d5825f37950c25ac2a098ba54f2bda9
d84055449e7bf562cc1fe76fbca28f26fcafabc78cadf1b81f8d5b8566ea13a8
d8ccc36d648469ae72535a1ec5e23def10a53deff594eabfe2a6fa5d4ee4ce2e
e0476713c1a4b54e3119fdbd5a9ee90777a34c42ff27505b875d645acda126aa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293
ed3e582b6cfa27256ace000c8dff6b60c1c9f37690c8b4513cd2ed944a6f83e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458
f22bfc7d1d23b8f18cf34fdcb08ab9c8450ef130964c9bf0af653393f703a1ee
f328527ebef4201e6dc08aa595414c3a9e315489d93a09c71eb25057b77935d4
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c
fc38688e87ed3a5743769ef5dd709fdd75671932f83ba385717d1a88d40341db
ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305