urlscan.io logo urlscan.io
SecurityTrails logo

safehaven.com Open in urlscan Pro
52.43.18.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://safehaven.com.admin-us.cas.ms/
Effective URL: https://safehaven.com/
Submission: On May 08 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 54 IPs in 8 countries across 42 domains to perform 257 HTTP transactions. The main IP is 52.43.18.65, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is safehaven.com.
TLS certificate: Issued by Amazon on December 3rd 2019. Valid for: a year.
This is the only time safehaven.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 51.137.136.14 8075 (MICROSOFT...)
1 52.43.18.65 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
13 52.222.190.30 16509 (AMAZON-02)
4 2606:4700:303... 13335 (CLOUDFLAR...)
47 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 2600:9000:21f... 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:20e... 16509 (AMAZON-02)
1 2600:9000:201... 16509 (AMAZON-02)
17 2600:9000:209... 16509 (AMAZON-02)
20 185.220.205.220 41436 (CLOUDWEBM...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 216.58.206.2 15169 (GOOGLE)
7 172.217.22.34 15169 (GOOGLE)
6 104.16.190.66 13335 (CLOUDFLAR...)
5 52.222.191.80 16509 (AMAZON-02)
5 69.173.144.140 26667 (RUBICONPR...)
1 72.251.249.13 29791 (VOXEL-DOT...)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
1 167.172.1.14 14061 (DIGITALOC...)
2 185.33.221.50 29990 (ASN-APPNEX)
1 185.64.189.112 62713 (AS-PUBMATIC)
8 13 2606:2800:233... 15133 (EDGECAST)
2 34.95.120.147 15169 (GOOGLE)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 185.33.221.14 29990 (ASN-APPNEX)
1 2a00:1450:400... 15169 (GOOGLE)
1 9 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 23.111.11.100 33438 (HIGHWINDS2)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
4 2a03:2880:f11... 32934 (FACEBOOK)
1 54.230.183.4 16509 (AMAZON-02)
13 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 72.247.225.32 16625 (AKAMAI-AS)
20 45.83.41.102 204548 (CLOUDWEBM...)
1 2 35.157.221.204 16509 (AMAZON-02)
1 1 138.201.34.178 24940 (HETZNER-AS)
1 35.157.88.129 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 35.156.87.52 16509 (AMAZON-02)
1 185.86.138.32 201081 (SMARTADSE...)
2 104.111.230.142 16625 (AKAMAI-AS)
1 2 2a00:1288:110... 34010 (YAHOO-IRD)
2 3 52.16.238.200 16509 (AMAZON-02)
5 5 52.59.138.183 16509 (AMAZON-02)
1 5 18.156.0.31 16509 (AMAZON-02)
1 1 216.58.207.66 15169 (GOOGLE)
1 72.247.225.17 16625 (AKAMAI-AS)
1 1 178.128.135.80 14061 (DIGITALOC...)
1 205.185.216.42 20446 (HIGHWINDS3)
1 1 91.228.74.147 27281 (QUANTCAST)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
257 54
1    51.137.136.14 (Cardiff, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
safehaven.com.admin-us.cas.ms
1    52.43.18.65 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-43-18-65.us-west-2.compute.amazonaws.com
safehaven.com
4    2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
13    52.222.190.30 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-190-30.ham50.r.cloudfront.net
tagan.adlightning.com
4    2606:4700:3037::6812:2030 (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
47    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
adservice.google.de
pagead2.googlesyndication.com
adservice.google.com
1    2606:4700::6812:623c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.ca
11    2600:9000:21f3:c600:c:5250:79c0:21 (United States)

ASN16509 (AMAZON-02, US)
d2p6ty67371ecn.cloudfront.net
5    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2600:9000:20eb:2200:10:4f52:7800:21 (United States)

ASN16509 (AMAZON-02, US)
d1o9e4un86hhpc.cloudfront.net
1    2600:9000:2016:2c00:17:eca0:da80:21 (United States)

ASN16509 (AMAZON-02, US)
d32r1sh890xpii.cloudfront.net
17    2600:9000:2093:400:3:442:6dc0:21 (United States)

ASN16509 (AMAZON-02, US)
d2t794khe5w43b.cloudfront.net
20    185.220.205.220 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)
live.sekindo.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net
www.googleadservices.com
7    172.217.22.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f2.1e100.net
securepubads.g.doubleclick.net
6    104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.io
dmx.districtm.io
5    52.222.191.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-191-80.ham50.r.cloudfront.net
c.amazon-adsystem.com
5    69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
1    2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
1    167.172.1.14 (United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
2    185.33.221.50 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
13    2606:2800:233:97b6:26be:138a:cba8:bb01 (United States)

ASN15133 (EDGECAST, US)
adserver-us.adtech.advertising.com
2    34.95.120.147 (United States)

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com
teachingaids-d.openx.net
eu-u.openx.net
3    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700:10::6814:3677 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pushcrew.com
5    185.33.221.14 (Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
1    2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
9    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2a00:1450:4001:815::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    23.111.11.100 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
a.optmstr.com
2    2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
4    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    54.230.183.4 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-183-4.ham50.r.cloudfront.net
api.omappapi.com
13    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    72.247.225.32 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-32.deploy.static.akamaitechnologies.com
ads.pubmatic.com
20    45.83.41.102 (Frankfurt am Main, Germany)

ASN204548 (CLOUDWEBMANAGE-IL-FR, GB)
video.sekindo.com
2    35.157.221.204 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-221-204.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    138.201.34.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.34.201.138.clients.your-server.de
csync.loopme.me
1    35.157.88.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-88-129.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
3    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    35.156.87.52 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-87-52.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
1    185.86.138.32 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
2    104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
pr-bh.ybp.yahoo.com
3    52.16.238.200 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-238-200.eu-west-1.compute.amazonaws.com
match.adsrvr.org
5    52.59.138.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-138-183.eu-central-1.compute.amazonaws.com
pixel.advertising.com
5    18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
1    216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net
cm.g.doubleclick.net
1    72.247.225.17 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-17.deploy.static.akamaitechnologies.com
acdn.adnxs.com
1    178.128.135.80 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.serverbid.com
1    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1    91.228.74.147 (United Kingdom)

ASN27281 (QUANTCAST, US)
pixel.quantserve.com
1    2a02:fa8:8806:13::1400 (Sweden)

ASN41041 (VCLK-EU-, SE)
aol-match.dotomi.com
Apex Domain
Subdomains		 Transfer
40 sekindo.com
live.sekindo.com
video.sekindo.com
3 MB
37 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
669 KB
32 cloudfront.net
d2p6ty67371ecn.cloudfront.net
d1o9e4un86hhpc.cloudfront.net
d32r1sh890xpii.cloudfront.net
d2t794khe5w43b.cloudfront.net
2 MB
20 advertising.com
adserver-us.adtech.advertising.com
ads.adaptv.advertising.com
pixel.advertising.com
10 KB
18 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
97 KB
13 adlightning.com
tagan.adlightning.com
332 KB
12 googletagservices.com
www.googletagservices.com
317 KB
9 google.de
adservice.google.de
www.google.de
2 KB
8 google.com
www.google.com
adservice.google.com
2 KB
8 adnxs.com
ib.adnxs.com
secure.adnxs.com
acdn.adnxs.com
5 KB
8 rubiconproject.com
fastlane.rubiconproject.com
prebid-server.rubiconproject.com
eus.rubiconproject.com
9 KB
7 yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
6 KB
6 districtm.io
cdn.districtm.io
dmx.districtm.io
326 B
5 amazon-adsystem.com
c.amazon-adsystem.com
59 KB
5 cloudflare.com
cdnjs.cloudflare.com
106 KB
5 googleapis.com
fonts.googleapis.com
ajax.googleapis.com
9 KB
4 facebook.com
www.facebook.com
533 B
4 admetricspro.com
qd.admetricspro.com
162 KB
4 googletagmanager.com
www.googletagmanager.com
119 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 gstatic.com
fonts.gstatic.com
29 KB
3 facebook.net
connect.facebook.net
272 KB
3 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
114 B
2 bidswitch.net
x.bidswitch.net
916 B
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
83 KB
2 openx.net
teachingaids-d.openx.net
eu-u.openx.net
568 B
2 serverbid.com
e.serverbid.com
sync.serverbid.com
266 B
2 dotomi.com
web.hb.ad.cpe.dotomi.com
aol-match.dotomi.com
741 B
2 google-analytics.com
www.google-analytics.com
18 KB
1 quantserve.com
pixel.quantserve.com
843 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 smartadserver.com
prg.smartadserver.com
1 KB
1 loopme.me
csync.loopme.me
227 B
1 omappapi.com
api.omappapi.com
10 KB
1 optmstr.com
a.optmstr.com
59 KB
1 pushcrew.com
cdn.pushcrew.com
68 KB
1 lijit.com
ap.lijit.com
701 B
1 googleadservices.com
www.googleadservices.com
11 KB
1 districtm.ca
cdn.districtm.ca
23 KB
1 safehaven.com
safehaven.com
13 KB
1 cas.ms
safehaven.com.admin-us.cas.ms
253 B
0 adap.tv Failed
sync.adap.tv Failed
257 42
Domain Requested by
24 pagead2.googlesyndication.com tagan.adlightning.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
20 video.sekindo.com safehaven.com
live.sekindo.com
20 live.sekindo.com safehaven.com
live.sekindo.com
17 d2t794khe5w43b.cloudfront.net safehaven.com
13 tpc.googlesyndication.com tagan.adlightning.com
13 adserver-us.adtech.advertising.com 8 redirects safehaven.com
13 tagan.adlightning.com safehaven.com
tagan.adlightning.com
12 www.googletagservices.com safehaven.com
tagan.adlightning.com
securepubads.g.doubleclick.net
11 d2p6ty67371ecn.cloudfront.net safehaven.com
9 googleads.g.doubleclick.net 1 redirects tagan.adlightning.com
7 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
safehaven.com
6 adservice.google.de tagan.adlightning.com
5 ups.analytics.yahoo.com 1 redirects safehaven.com
5 pixel.advertising.com 5 redirects
5 adservice.google.com tagan.adlightning.com
5 secure.adnxs.com cdn.districtm.ca
5 dmx.districtm.io cdn.districtm.ca
5 fastlane.rubiconproject.com qd.admetricspro.com
5 c.amazon-adsystem.com safehaven.com
c.amazon-adsystem.com
live.sekindo.com
5 cdnjs.cloudflare.com safehaven.com
tagan.adlightning.com
ajax.googleapis.com
4 www.facebook.com safehaven.com
connect.facebook.net
4 qd.admetricspro.com safehaven.com
4 fonts.googleapis.com safehaven.com
live.sekindo.com
ajax.googleapis.com
4 www.googletagmanager.com safehaven.com
3 match.adsrvr.org 2 redirects
3 fonts.gstatic.com safehaven.com
securepubads.g.doubleclick.net
3 www.google.de safehaven.com
3 www.google.com 1 redirects safehaven.com
3 connect.facebook.net safehaven.com
connect.facebook.net
3 d1o9e4un86hhpc.cloudfront.net safehaven.com
2 pr-bh.ybp.yahoo.com 1 redirects safehaven.com
2 eus.rubiconproject.com live.sekindo.com
qd.admetricspro.com
2 ads.adaptv.advertising.com live.sekindo.com
2 x.bidswitch.net 1 redirects safehaven.com
2 ads.pubmatic.com live.sekindo.com
qd.admetricspro.com
2 maxcdn.bootstrapcdn.com safehaven.com
live.sekindo.com
2 ib.adnxs.com qd.admetricspro.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 aol-match.dotomi.com
1 pixel.quantserve.com 1 redirects
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 eu-u.openx.net qd.admetricspro.com
1 acdn.adnxs.com qd.admetricspro.com
1 cm.g.doubleclick.net 1 redirects
1 prg.smartadserver.com live.sekindo.com
1 prebid-server.rubiconproject.com live.sekindo.com
1 csync.loopme.me 1 redirects
1 ajax.googleapis.com tagan.adlightning.com
1 api.omappapi.com a.optmstr.com
1 a.optmstr.com tagan.adlightning.com
1 stats.g.doubleclick.net safehaven.com
1 cdn.pushcrew.com safehaven.com
1 teachingaids-d.openx.net qd.admetricspro.com
1 hbopenbid.pubmatic.com qd.admetricspro.com
1 e.serverbid.com qd.admetricspro.com
1 web.hb.ad.cpe.dotomi.com qd.admetricspro.com
1 ap.lijit.com qd.admetricspro.com
1 cdn.districtm.io tagan.adlightning.com
1 www.googleadservices.com www.googletagmanager.com
1 d32r1sh890xpii.cloudfront.net safehaven.com
1 cdn.districtm.ca safehaven.com
1 safehaven.com
1 safehaven.com.admin-us.cas.ms 1 redirects
0 sync.adap.tv Failed safehaven.com
257 65

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
plus.google.com
Subject Issuer Validity Valid
safehaven.com
Amazon		 2019-12-03 -
2021-01-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.adlightning.com
Amazon		 2019-08-19 -
2020-09-19		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-04 -
2020-10-09		 8 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
www.sekindo.com
Go Daddy Secure Certificate Authority - G2		 2019-05-23 -
2020-06-18		 a year crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
districtm.io
CloudFlare Inc ECC CA-2		 2020-02-25 -
2020-10-09		 7 months crt.sh
c.amazon-adsystem.com
Amazon		 2019-10-07 -
2020-09-29		 a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2020-03-11 -
2021-05-10		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2020-03-30 -
2022-06-25		 2 years crt.sh
e.serverbid.com
Let's Encrypt Authority X3		 2020-03-24 -
2020-06-22		 3 months crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
*.adtech.advertising.com
DigiCert SHA2 Secure Server CA		 2020-04-16 -
2022-04-21		 2 years crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2018-01-04 -
2020-07-09		 3 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
*.pushcrew.com
Go Daddy Secure Certificate Authority - G2		 2019-07-23 -
2021-07-31		 2 years crt.sh
www.google.de
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.optmstr.com
Go Daddy Secure Certificate Authority - G2		 2020-01-10 -
2022-01-24		 2 years crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
www.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
api.opmnstr.com
Amazon		 2020-04-09 -
2021-05-09		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-03-01 -
2020-08-28		 6 months crt.sh
*.smartadserver.com
DigiCert Global CA G2		 2020-02-03 -
2022-02-03		 2 years crt.sh
*.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-01-04 -
2020-07-02		 6 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-02-13 -
2020-08-11		 6 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2020-01-02 -
2021-04-02		 a year crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert SHA2 Secure Server CA		 2020-03-11 -
2021-04-14		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2019-03-07 -
2021-04-19		 2 years crt.sh

This page contains 29 frames:

Primary Page: https://safehaven.com/
Frame ID: 9C91BC5A2DD563E1CC38A2ADAF231B20
Requests: 122 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 9106DD44ADCDFE82E2DE311ABF3C2CC0
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Frame ID: 149B7766A06CB870534FE414B71C3FD1
Requests: 32 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: BC671C1E4E66B8C6FA4DB75C97D024E3
Requests: 6 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 5E83B217199B4B45E0A27AEB6E1FB9D7
Requests: 17 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 09AD314858DE57091AC3F1E67631F65B
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Frame ID: 06685B434681E6ED2D21001CD0F32155
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Frame ID: E54DEDE99C0711447ECEAF19544A7053
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Frame ID: 5BF4D97B1C48DCE02E0896F787EF0817
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Frame ID: 0EAF8679ACE4B8187751093C355C50C7
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Frame ID: 922C8A905A3B35AB543FB250A7D6B8DA
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html
Frame ID: 330FA2463A4C101C4054A0F9A521AC8F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: EEEEF15DD53C80D5D8CFC830A904629B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908355&bpp=18&bdt=424&idt=204&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=2&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=294590354&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085%2C410075106&oid=3&pvsid=1451982518464677&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.k8ioyo7x8oss&fsb=1&dtd=219
Frame ID: 06B5F9B0C0DB8FA62CE83D01FB7E6E77
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908410&bpp=2&bdt=469&idt=178&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=163064506&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21065925%2C21066085%2C44716866&oid=3&pvsid=4471374619827331&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.c1yj7frffwoh&fsb=1&dtd=184
Frame ID: D87B28B4338BA2F70222223D0E19EBA9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908436&bpp=2&bdt=487&idt=169&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=1809153635&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2537&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2727213638569737&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.pibbp7hd6s1s&btvi=1&fsb=1&dtd=174
Frame ID: AB17B8E67AFACBB16C179D7FA7E1A5FE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 243EDE72C72DED77AB2BECF8E71E2205
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908459&bpp=2&bdt=504&idt=183&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=20251397&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1221&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21065070%2C21066085&oid=3&pvsid=3731329283698508&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.rcraxfot11nt&btvi=1&fsb=1&dtd=188
Frame ID: 3F4865697948A2F5E49A4FB3816A7BCB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908474&bpp=2&bdt=512&idt=184&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=340854106&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3156&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2955730773698501&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.13fnuvmfdvyt&btvi=1&fsb=1&dtd=188
Frame ID: 00148475C1DEEE51DDFC1DDF6F97DB35
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: EA00800A1381E7709C938EED556B5D84
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 0135F629A3C3CEF563875CB9138FDD25
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 52086CCD049A2A126DB98285FCF05B98
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 158C0A391B28522BC7C50D62BB0EA9FC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: DAE4D668E319F1F8AC86BADD197FB6ED
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 26197AF493B7AA6F3BFCFD6EA27E9693
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: E0F057C863D90C23EC621827AECF1D03
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Frame ID: E98EE3107D562FA509F09DDAA2B0641F
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 98213605853570E77B6541ACBD05EF31
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 901DADC55E9E89A4B88D44140A8FBDEE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://safehaven.com.admin-us.cas.ms/ HTTP 307
    https://safehaven.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i
Overall confidence: 100%
Detected patterns
  • script /adnxs\.(?:net|com)/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/prebid\.js/i

Page Statistics

257
Requests

99 %
HTTPS

44 %
IPv6

42
Domains

65
Subdomains

54
IPs

8
Countries

7308 kB
Transfer

12732 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://safehaven.com.admin-us.cas.ms/ HTTP 307
    https://safehaven.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508
Request Chain 65
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A440caee8-916d-11ea-8758-12569b584e72;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508
Request Chain 66
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508
Request Chain 67
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A440c6c4e-916d-11ea-a823-1245d65848a4;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508
Request Chain 68
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A440b2d02-916d-11ea-9165-12a08556f668;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508
Request Chain 85
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=2106052854&t=pageview&_s=1&dl=https%3A%2F%2Fsafehaven.com%2F&ul=en-us&de=UTF-8&dt=Safehaven.com%20%7C%20Preservation%20of%20Capital&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1393948454&gjid=363984502&cid=990459807.1588970907&tid=UA-2249023-27&_gid=1024614512.1588970907&_r=1&gtm=2oa4t0&z=576364816 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=990459807.1588970907&jid=1393948454&_gid=1024614512.1588970907&gjid=363984502&_v=j82&z=576364816
Request Chain 89
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/?random=1588970906839&cv=9&fst=1588970906839&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1 HTTP 302
  • https://www.google.com/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&is_vtc=1&random=2597652609&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&is_vtc=1&random=2597652609&resp=GooglemKTybQhCsO&ipr=y
Request Chain 130
  • https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent=
Request Chain 131
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
  • https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=e34c6f66-a493-4973-8b83-cb8c785668e5
Request Chain 215
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://pixel.advertising.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c&apid=1A440caee8-916d-11ea-8758-12569b584e72
Request Chain 216
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XrXFnAAAALZFj1vC HTTP 302
  • https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrXFnAAAALZFj1vC&_test=XrXFnAAAALZFj1vC
Request Chain 217
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1&apid=1A440caee8-916d-11ea-8758-12569b584e72
Request Chain 253
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 255
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6&apid=1A440caee8-916d-11ea-8758-12569b584e72
Request Chain 258
  • https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1A440caee8-916d-11ea-8758-12569b584e72 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/adtech/1A440caee8-916d-11ea-8758-12569b584e72?gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0 HTTP 302
  • https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0&apid=1A440caee8-916d-11ea-8758-12569b584e72

257 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
safehaven.com/
Redirect Chain
  • https://safehaven.com.admin-us.cas.ms/
  • https://safehaven.com/
92 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.43.18.65 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-43-18-65.us-west-2.compute.amazonaws.com
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
45913703c74cb955da0951dfd673395a0cf5873b641ef990eae5cac4f7dbc016

Request headers

:method
GET
:authority
safehaven.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 08 May 2020 20:48:25 GMT
content-type
text/html; charset=UTF-8
content-length
12965
set-cookie
AWSALB=TVYigVJscgd+Uv6ICsoCkDkLEPxDiJGGQUNUDAb1rQT/gV/boOhkjKUXmEn5Q27uSYoYbPW21RH2mJHhr0+8hCv9Exw4uL6N+RFvX9G2IGCR7OoSNDK9WQTeemBD; Expires=Fri, 15 May 2020 20:48:25 GMT; Path=/ AWSALBCORS=TVYigVJscgd+Uv6ICsoCkDkLEPxDiJGGQUNUDAb1rQT/gV/boOhkjKUXmEn5Q27uSYoYbPW21RH2mJHhr0+8hCv9Exw4uL6N+RFvX9G2IGCR7OoSNDK9WQTeemBD; Expires=Fri, 15 May 2020 20:48:25 GMT; Path=/; SameSite=None; Secure csrf_safehaven_cookie=868a5dfca93468f30de9c35e640e6afa; expires=Fri, 08-May-2020 22:48:25 GMT; Max-Age=7200; path=/ safehaven_ci=7d73d3f42427efbc1bb2dd825b15bbb4a8f1f27e; path=/; HttpOnly
server
Apache/2.4.41 (Amazon) PHP/5.6.40
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding,User-Agent
content-encoding
gzip

Redirect headers

Date
Fri, 08 May 2020 20:48:25 GMT
Connection
keep-alive
Location
https://safehaven.com/
Strict-Transport-Security
max-age=31536000
Content-Length
136
X-MCAS-Request-Id
62bcec96-f2f7-4881-9393-d93db784520a
js
www.googletagmanager.com/gtag/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1bd53efe84b6a618969547454d130c81f7f3ad6eee5142470aa4d53af4ff709e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30426
x-xss-protection
0
last-modified
Fri, 08 May 2020 19:58:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 May 2020 20:48:26 GMT
js
www.googletagmanager.com/gtag/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-814550776
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
993c5b26ef904c967e0562c698fe42bb21a7d684aa0910dac487b879d9706fe1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30425
x-xss-protection
0
last-modified
Fri, 08 May 2020 19:58:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 May 2020 20:48:26 GMT
css
fonts.googleapis.com/ 		2 KB
678 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 20:48:26 GMT
server
ESF
date
Fri, 08 May 2020 20:48:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 20:48:26 GMT
op.js
tagan.adlightning.com/math-aids/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/op.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a2dc1fc5e97b68aa01a5832a3b0ed9dd66a286eeb395894e67dd0f615f948bb4

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
3JMOyZhprTt7xr0khAvCMvO9WVb0wCBL
content-encoding
gzip
etag
"784c6b07a9096ec20975cc342842d981"
age
849
x-cache
Hit from cloudfront
status
200
content-length
12061
x-amz-meta-git_commit
0d4dfcb
last-modified
Fri, 08 May 2020 17:45:32 GMT
server
AmazonS3
date
Fri, 08 May 2020 20:34:18 GMT
content-type
application/javascript
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
x-amz-cf-id
26V7_nBkTMbFhUKSla6txpgevHpgZkSmyF2Ryr5CDE8CTULN9ZppgA==
layout.js
qd.admetricspro.com/js/safehaven/ 		14 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/layout.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
267de44d3e0da48ea910544cc6ae698dc28c977de6cb7baf62a4913765f49a2b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
cf-cache-status
HIT
age
332
status
200
cf-request-id
0297a4fa3a00006491ca856200000001
last-modified
Fri, 03 Apr 2020 17:20:45 GMT
server
cloudflare
etag
W/"3905-5a266233b698f-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
59060aa39e7b6491-FRA
expires
Fri, 08 May 2020 20:48:10 GMT
gpt.js
www.googletagservices.com/tag/js/ 		44 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7183edf0baaac5bf4ce452af3b2d6e65e1af6604e06d43d4230ce7f48b42b6cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"510 / 532 of 1000 / last-modified: 1588968900"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
14590
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:26 GMT
cmp.js
qd.admetricspro.com/js/safehaven/ 		218 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/cmp.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
cf-cache-status
HIT
age
332
status
200
cf-request-id
0297a4fa3a00006491ca857200000001
last-modified
Fri, 27 Sep 2019 21:07:46 GMT
server
cloudflare
etag
W/"367ba-5938f47194c80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
59060aa39e7d6491-FRA
expires
Fri, 08 May 2020 20:48:10 GMT
merge.142016.js
cdn.districtm.ca/merge/ 		96 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.ca/merge/merge.142016.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:623c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
cf-cache-status
HIT
age
183239
cf-polished
origSize=98705
status
200
last-modified
Mon, 09 Sep 2019 19:18:19 GMT
x-amz-request-id
9445A9EB2D8C95D0
x-amz-id-2
qd4YUTJ7ej/awokk1hdGiEuKwY43QuD55Jy+MEAYZiJPsVg16PAZcyXugM9DGW0KcY/AgIlzRao=
cf-bgj
minify
server
cloudflare
etag
W/"af89e858721db33fe8776b832f2f75a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
x-amz-version-id
W3M7ZtQBM6rvV9.80JF8eLB1ASMBDZAU
cf-request-id
0297a4fa21000007aed5946200000001
cf-ray
59060aa36c7b07ae-FRA
expires
Sat, 09 May 2020 00:48:26 GMT
prebid.js
qd.admetricspro.com/js/safehaven/ 		294 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/prebid.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
cf-cache-status
HIT
age
332
status
200
cf-request-id
0297a4fa3a00006491ca858200000001
last-modified
Wed, 26 Feb 2020 03:30:32 GMT
server
cloudflare
etag
W/"49929-59f723a0fd39e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
59060aa39e7e6491-FRA
expires
Fri, 08 May 2020 20:48:10 GMT
engine.js
qd.admetricspro.com/js/safehaven/ 		16 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/engine.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
cf-cache-status
HIT
age
332
status
200
cf-request-id
0297a4fa3a00006491ca859200000001
last-modified
Sun, 24 Nov 2019 00:06:08 GMT
server
cloudflare
etag
W/"41f6-5980c69fe949d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
59060aa39e806491-FRA
expires
Fri, 08 May 2020 20:48:10 GMT
js
www.googletagmanager.com/gtag/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-820290545
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5054d73927dfe6c2687147ba43d6b03b7b760a4eff38ae462fead984985d0e83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30423
x-xss-protection
0
last-modified
Fri, 08 May 2020 19:58:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 May 2020 20:48:26 GMT
js
www.googletagmanager.com/gtag/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-802310072
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2063eab38430cf48ee45086a5ff03e350bac89da9ae38dbaec3fec04061d840f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30424
x-xss-protection
0
last-modified
Fri, 08 May 2020 19:58:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 May 2020 20:48:26 GMT
style.css
d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/ 		72 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:59:06 GMT
content-encoding
gzip
age
632960
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
10330
last-modified
Fri, 01 May 2020 12:38:59 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1588336739;gz"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
DuSC4QF5MAEnn-bn5AUrFIEOnrn73biuQ-LrNRJE_4Uwf9PFzLGeUA==
expires
Sat, 01 May 2021 12:59:06 GMT
jquery-1.12.3.min.js
d2p6ty67371ecn.cloudfront.net/a/js/third_party/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/js/third_party/jquery-1.12.3.min.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 13:11:22 GMT
content-encoding
gzip
last-modified
Fri, 01 May 2020 15:47:55 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
27424
etag
"17b9c-5a4981ad75a46-gzip"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
33794
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
x-amz-cf-id
A1d5GGG04MeASGud4JdVmQSUm8Aid_dmXbpnb1sDhTDCvNtxLxglkg==
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
16465133
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0297a4fa1200001f2d523d1200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:18:36 GMT
server
cloudflare
etag
W/"5afd48ec-f62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59060aa35e421f2d-FRA
expires
Wed, 28 Apr 2021 20:48:26 GMT
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
24930042
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0297a4fa1200001f2d523d2200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:18:32 GMT
server
cloudflare
etag
W/"5afd48e8-4d5a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59060aa35e431f2d-FRA
expires
Wed, 28 Apr 2021 20:48:26 GMT
logo-no-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-no-light.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:57 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28122
etag
"470b-5a4981af12ba9"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
18187
x-amz-cf-id
dfpGseIGsH6BbWjGslMaNzOn_KFraypeRMZuHH59JqXp3rvYj3N-iw==
expires
Fri, 15 May 2020 12:59:44 GMT
logo-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-light.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:53 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28122
etag
"3d01-5a4981ab9b082"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15617
x-amz-cf-id
MaV0CCMVviQORjPMWa0G9xA0294bi_WezbAmOJ6c4CI6a69nRLF1mg==
expires
Fri, 15 May 2020 12:59:44 GMT
chart_red_flip.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		15 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_red_flip.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:2200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 04:58:04 GMT
content-encoding
gzip
age
1353022
x-cache
Hit from cloudfront
status
200
content-length
1798
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"3ca0-591a1da7a5eac-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
KmxO55_pMhVQpbwvbmCNQRZzdwpydJMQm7LY49Cx2-rVSwHv7N51mg==
expires
Fri, 23 Apr 2021 04:58:04 GMT
chart_green.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		32 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_green.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:2200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 21 Apr 2020 22:21:45 GMT
content-encoding
gzip
age
1463201
x-cache
Hit from cloudfront
status
200
content-length
4218
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"80e2-591a1da78e7ac-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
LNjg350pU1NQIf5TfGTGXDLWGXi1vDZXTHGGDRINjN95GGpXs-ntNA==
expires
Wed, 21 Apr 2021 22:21:45 GMT
chart.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		27 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:2200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 21 Apr 2020 16:54:49 GMT
content-encoding
gzip
age
1482817
x-cache
Hit from cloudfront
status
200
content-length
4143
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"6c58-591a1da77804c-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-amz-cf-id
7m8OPbww8ggmOdWs7EVr5DqAbqCDpkKtqVtcAKIsdoPbQFtL50Qw8Q==
expires
Wed, 21 Apr 2021 16:54:48 GMT
blend_45_2.png
d32r1sh890xpii.cloudfront.net/header_graphs/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d32r1sh890xpii.cloudfront.net/header_graphs/blend_45_2.png?cb=1588970702
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2016:2c00:17:eca0:da80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
846d684239586ff543f073984f7ee22dde4ac3b2b8752b640509a21951d1d762

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:46:14 GMT
via
1.1 9e9acb04b02acc35d5f161ce03745e26.cloudfront.net (CloudFront)
last-modified
Fri, 08 May 2020 20:46:03 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C2
etag
"592cf8a714ef4c3ad257ea630fcf5d7e"
x-cache
RefreshHit from cloudfront
x-amz-version-id
pGUk8X0XJKi73qF7WRpL8ZjUcr5WXWM8
status
200
accept-ranges
bytes
content-type
image/png
content-length
9436
x-amz-cf-id
de6GtQohxc1fYkteYTuQB1D-na5CSar5fpEVdkjcIDWpn1lEGDAEYg==
2e2e849526c1e28e58a2892bbd90abb3.jpg
d2t794khe5w43b.cloudfront.net/article/718x300/ 		180 KB
181 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/718x300/2e2e849526c1e28e58a2892bbd90abb3.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
89fd25f563fa25b96dda0131fb6c95d1f15b58bc1cfb8fc763d071e10570f0cb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Fri, 08 May 2020 15:30:47 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C1
etag
"4fe7aa88c20f0ff6bee86791dd75a584"
x-cache
Miss from cloudfront
content-type
application/octet-stream
status
200
accept-ranges
bytes
content-length
184522
x-amz-cf-id
Rxd24Hlm1pxH8QNdV9jn5PS03nZFdOSMIC_BvcJO8WSs_5RnTUOnng==
6621b228fc8ca701e71b6b6dce79ee45.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/6621b228fc8ca701e71b6b6dce79ee45.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d40fc6a27a558f6f09b142ba587591cfe9d4f86ab0fd015a0c39ae9fb90e8eb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:11:18 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 21:53:38 GMT
server
AmazonS3
age
52629
etag
"33bbc0ca370e6b0d264c2cb577496e2c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
66622
x-amz-cf-id
IeerrEM8l4y9XFGbt-2Rmw0AaKIVrITloB2uZ748oD-cEj4kyP-xcw==
06685a2a5b9c31966c9019d4bbe755e2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		106 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/06685a2a5b9c31966c9019d4bbe755e2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
40fddc2a37b32e799d931b5bf87c338cc2eaf4be9591afb587e0ccb565f4fd65

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 17:25:15 GMT
server
AmazonS3
age
50513
etag
"8f1b5455e9872a5243e7f8b9341ed1e5"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
108242
x-amz-cf-id
dphBC3rlJ2xVpkeIsu9NEQnWQCbiifATVg0XQ_QIw3PK9lE8E0l_SQ==
ce90c17bd3f82f17513ec156d1ba9210.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/ce90c17bd3f82f17513ec156d1ba9210.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
95db8a9b223e23289fdaca9a64bceddf52771d09ab7fabf6f72fa450c414810e

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 22:43:36 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C1
etag
"e56d9e5b0b408b0e577ff0e04fa76476"
x-cache
Miss from cloudfront
content-type
application/octet-stream
status
200
accept-ranges
bytes
content-length
85501
x-amz-cf-id
_yKpBQofZku2zyu2LwdLbYzf9J1PzkDMGQwfm63zKVQGorgAdXbNEg==
d525cbbcfcc58cae512c785390df5573.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		112 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/d525cbbcfcc58cae512c785390df5573.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8692cd4ddb5cfbb950e58696bb04c06d3f7bf5a8f927e385bdfb5d8e20fede62

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:11:18 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 22:06:15 GMT
server
AmazonS3
age
52629
etag
"af548c2ff81f0b12e21e46a7aa0a330d"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
114426
x-amz-cf-id
iEfZDGHGqEzl1w5SobcbenkcZmc0fdwdI4v6I2ETmFa-6FBxA2h32A==
18ce4a9a9ea22f74b625a00aeca39e83.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		91 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/18ce4a9a9ea22f74b625a00aeca39e83.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a96de9b5cab3a965483ca1974e4c89f6e16b77ce6aa09ec9b58921a3da0778cd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 13:50:16 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 22:46:19 GMT
server
AmazonS3
age
25091
etag
"d45723af9b2303ea969d039a636798f0"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
92895
x-amz-cf-id
UV1Wr79fbKS7vB6nmxiTafqZDSX4Ez6dGVriP7ydguXTpeEZY_27Bg==
fddaed69a2bed88ad92c38982f93686e.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		183 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/fddaed69a2bed88ad92c38982f93686e.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b028c2df0b60ae6849af0ddee92ff49d080d5cf91041bae321397f5bb046d1e9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 14:21:32 GMT
server
AmazonS3
age
50513
etag
"73a453c9a0128143f366b1e5e56572ea"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
187395
x-amz-cf-id
RYq545bDkBnm4iSkrUt4f7t_gECpO3nFzZ4kf42PPR_RY3x8yRm9SQ==
ccfa8ff892d2412b5b1ae6c85cf706a2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		128 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/ccfa8ff892d2412b5b1ae6c85cf706a2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8c17613217b11da7589afe53aa138606274ad5c49d5638d5275b5ab4bbd76dcb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 14:32:10 GMT
server
AmazonS3
x-amz-cf-pop
HAM50-C1
etag
"d7cd76130dc2ef962b685abedf8ef9c7"
x-cache
Miss from cloudfront
content-type
application/octet-stream
status
200
accept-ranges
bytes
content-length
131326
x-amz-cf-id
dqcdtAWkU1EVO-WfZWe5wn2Ambfg36cz4EatIUgCrgCIAuOHJLKmWw==
30b468439cea58f3e4135f3fbb2e20d2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/30b468439cea58f3e4135f3fbb2e20d2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a02e6cb846a5e7a2d7f10a40c60be5d5f6bf9f432e994e688990712714cd4eb0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 22:47:38 GMT
server
AmazonS3
age
50513
etag
"4c6d29b561bb462e16ef8238940f2ead"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
112086
x-amz-cf-id
1wE-r2CZ-aH1X7_v_dSKVu0rZKjcATDs50IrT01sW9Jonw7Ct_lRgA==
2467be954d2ff73b7199a69b51464cd1.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/2467be954d2ff73b7199a69b51464cd1.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29bb72af92ce3a332ed2315043b17307ae458d3e3b7e24db3bb47417d6e433f8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 22:46:32 GMT
server
AmazonS3
age
50513
etag
"18e1f4f94202668fce19bf47650863b1"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
100506
x-amz-cf-id
uvkPRmf_jzy-5FXtLsUy6q4c2JKYbI9ybgS4MypOxqnRCzZ-_HLLgg==
5025bd44e126ebf179feab18da0eaa47.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/5025bd44e126ebf179feab18da0eaa47.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
968f52680af792b0d892af779cdfc6a197c35698450088340c6a471b2e056a7d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 13:50:16 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 16:38:51 GMT
server
AmazonS3
age
25091
etag
"840ef35851453999ff445bb7251a9167"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
79470
x-amz-cf-id
nM7jAVMvyKRbuW2pmB7lX_7wt6tCIkZHJT7Pboho6U25cO8sCxFnxg==
6309ec9f3c9fc848f32290cb165930ec.png
d2t794khe5w43b.cloudfront.net/article/495x320/ 		280 KB
281 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/6309ec9f3c9fc848f32290cb165930ec.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
579d29f71b15657f86363fa09f655d4f41e3023e9601e46d81f56010eef88844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 15:01:19 GMT
server
AmazonS3
age
50513
etag
"a46dbed618ed4de0683aff8615941684"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
286986
x-amz-cf-id
NcWmhwUd3nwf8k_mx6hy_S-KN6fSco24zkivlQUHXk-AzIK2PCJPEg==
f51c4a5589c03415f84e2013ed34afe5.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/f51c4a5589c03415f84e2013ed34afe5.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a032bc143a0d78657b8ef39bd54084bfe9d5857f89cede4e17029bf6b7b08c91

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 21:14:18 GMT
server
AmazonS3
age
50513
etag
"28fd66f11a884598c0f05804eccb57eb"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
75274
x-amz-cf-id
ni82Dqv-fYbqnUTZFUIjoJ7I4CaMbdS5w_NNbq3bTYdwd1jFPI7EtA==
bae06b43a843f4d575bc458f3e8516d7.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/bae06b43a843f4d575bc458f3e8516d7.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 06:46:34 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 21:11:36 GMT
server
AmazonS3
age
50513
etag
"309925db1294d77fe170e0e602c308ea"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
70279
x-amz-cf-id
IlULO1dSfAGfzCHZ8ZjE4QgSGzDtaQQ2eVBaGLe0Q-lQCHwO4ggSpA==
18554b728b50fbabca02c5555043c903.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		104 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/18554b728b50fbabca02c5555043c903.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f6a0f2ed3d7266da65abffc40108aff7ec33d6d63a020893de90235e66dc78f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 13:50:16 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 20:55:49 GMT
server
AmazonS3
age
25090
etag
"f33bb7c52c6a52dbb1616989d9df9da4"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
106310
x-amz-cf-id
SZSLf11itJsHbvv6PzkW708B0rxoeD8kuvaz3OpsNyct2N08vfm92w==
8f97c6eb6a891ccd9e1a41bf68d1b2be.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/8f97c6eb6a891ccd9e1a41bf68d1b2be.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62e5d5f4a0db067e567962cfe7b9b938e4a0b6a7c5cc2c72f822caad1d5388f9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 13:50:16 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 20:12:18 GMT
server
AmazonS3
age
25091
etag
"0678700f5cec00da4f71216a1492efe7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
150844
x-amz-cf-id
YTvK97q1FP1Y5NtyR6hIaAYb39aIBvKVw6ET7iAKQRTBIZm1ei6JhQ==
dfd685fa44ac7fd67fc0e81c31bce7da.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/dfd685fa44ac7fd67fc0e81c31bce7da.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2093:400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9c80f88c3b68f5aa70d72e6cc3ee2b63c7304ae2d7d5a0699b2fde98d4e1100

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 08:20:30 GMT
via
1.1 8425e6875af3862b0f8a816b9812f408.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 18:02:34 GMT
server
AmazonS3
age
44877
etag
"2242d3872e81ce688b35032a4cabf0cf"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-length
89850
x-amz-cf-id
rhzXJfoR8_ouUp0pMytSM-KzsKxPw2epueGTzfy2XfhDKM_Kw3y1KQ==
liveView.php
live.sekindo.com/live/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
77a835440ab44f567fde76ba41ac53f4e06644f7831c0949ddf5f591499f4204

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:25 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
envolope.png
d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/envolope.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28121
etag
"543c-5a498181a0472"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
21564
x-amz-cf-id
tp6bWBusG_RHXFuc3JktgVZEUxDG39bkwgXNslzZo_JD1kcaZMDMNg==
expires
Fri, 15 May 2020 12:59:44 GMT
twitter.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/twitter.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28122
etag
"3bd9-5a4981810ec65"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15321
x-amz-cf-id
DUEKNcJ0vNk80sEVwh-GWX9KiQdgCX_miGWkthYc5fVyME_cvK7ODw==
expires
Fri, 15 May 2020 12:59:44 GMT
facebook.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/facebook.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28121
etag
"3b58-5a4981814381e"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15192
x-amz-cf-id
p6ysUhafn_S0SaFpKAtfgshHsw5h4PFi_xDv1reit7xhSG4lq-Ihiw==
expires
Fri, 15 May 2020 12:59:44 GMT
google-plus.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/google-plus.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:53 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28122
etag
"3c67-5a4981ab6b2e1"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15463
x-amz-cf-id
ow7El5IlWY_CcCou9fQ4LB9bRTI9TBvqnLBmmaYCs3Jasg_3cwuFpg==
expires
Fri, 15 May 2020 12:59:44 GMT
rss.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/rss.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:44 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:55 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28122
etag
"3c51-5a4981acf8a44"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15441
x-amz-cf-id
ZO8nnZqe_YHAqzlPFCCI7dGOnrFCLYAoO2behR1wtN2HIarIbdEEAA==
expires
Fri, 15 May 2020 12:59:44 GMT
script.js
d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/script.js?v=27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:59:07 GMT
content-encoding
gzip
age
632959
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
4389
last-modified
Fri, 01 May 2020 12:39:00 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1588336740;gz"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
v3qnTNKhRtpvSxqZMpYDSkw81aRgrLkKpN1Kd01noDx9NPXdTrvSsA==
expires
Sat, 01 May 2021 12:59:07 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-814550776
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
591
date
Fri, 08 May 2020 20:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Fri, 08 May 2020 22:38:35 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-814550776
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f2.1e100.net
Software
cafe /
Resource Hash
65a1850028118c64febbde9b109da293910bfff6ee261caf0087d3d3364359ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
10877
x-xss-protection
0
server
cafe
etag
12200185889747903800
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:26 GMT
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792461
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
y0Zo84eFSDRSEZBmfT6jW3Q1-FzITb7S-sDb1-hrN-VrjEc1o-z-ig==
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10940
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
RpJDZ5o26yWVmYRw-sdtcd9RSJTrMhMNoMyyuXI0GCc2F2exzYdaaw==
pubads_impl_2020050602.js
securepubads.g.doubleclick.net/gpt/ 		243 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
sffe /
Resource Hash
c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 06 May 2020 17:23:28 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
89224
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:26 GMT
integrator.sync.js
adservice.google.de/adsid/ 		113 B
898 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
108
x-xss-protection
0
index.html
cdn.districtm.io/ids/ Frame 9106 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
204
date
Fri, 08 May 2020 20:48:26 GMT
set-cookie
__cfduid=d11a62cdb3ed73748840407c1d0e7b10f1588970906; expires=Sun, 07-Jun-20 20:48:26 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
59060aa59d1c0c6d-AMS
cf-request-id
0297a4fb7c00000c6d5c8a4200000001
apstag.js
c.amazon-adsystem.com/aax2/ 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 19:07:34 GMT
content-encoding
gzip
server
Server
age
6051
etag
ad48a5f558eb50f381edaa87211f6c91
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
9Ur3d_PLyemJNORv16Bxqs1ty-91aoXOooiRnAQ671YdnmCd1fXnKg==
via
1.1 3ef9a20d3fa6ab2cb9dbcc2f635621ce.cloudfront.net (CloudFront)
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=15&p_pos=atf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=b33653cd-700f-42a9-b646-c97423c58b6d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7440723389267125
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
90d58f0b6d3a6fdccdde3d8aa2e1f783b5fc67d5297f27eb6448ec6c57d16d5d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=165
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=15&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=5b935de2-7932-469b-b615-76255e3b475e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.23534588887620278
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
f980a25b4a323062de416f5a5c828298f4046b9c07966d235f61b2969afbfc75

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=102
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244366&size_id=15&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=e846e87d-3087-4e8e-a31f-e0cf3cdb924e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.7423798126564929
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
9be0dc1f35c9a8872429467091569d8319159f85a01a590e35807f3db73eca0f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=243
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=2&p_pos=atf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=d50896fb-941f-4d38-83fb-44670c6b0676&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3575650275344784
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
6947356fb41c90185c5d1f5f31ed1ae71ef5d7ef19c0b067a0c2f12821e95c74

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=500
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=2&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=f0c8a6d6-f05e-475d-a40d-de6c5ea42c0f&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.44453460922622545
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
d23d12ed9f4bf9901e68c3715a430ee79d3db494ec9d22e7b726cbcc65db5340

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=253
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bid
ap.lijit.com/rtb/ 		24 B
701 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.8.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
557f8814df4bdb8e8d237b0d9a1a08398a3451100584daab08a816c4b4ae1944

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://safehaven.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
44
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		454 B
637 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
f998b17b2883b5a80b29dd874037f582836becef55ff4ae83ce604fedab58d95

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://safehaven.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
454
expires
0
v2
e.serverbid.com/api/ 		16 B
167 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.172.1.14 , United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Fri, 08 May 2020 20:48:26 GMT
access-control-allow-credentials
true
access-control-allow-origin
https://safehaven.com
content-length
16
vary
Origin
content-type
application/json
prebid
ib.adnxs.com/ut/v3/ 		19 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 728.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.73:80
AN-X-Request-Uuid
401dcfc4-47f5-47c1-bbfc-751a72d9496c
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Fri, 08 May 2020 20:48:26 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://safehaven.com
ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508
944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
38ded976a61b6329177951072ec699495579c9a7646a8d20722bf4805ced9541

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
x-adtech-meta
{"Debug": {"IP": "0.0.0.0", "Selector": "pri-select021c.us-east-1.prod.adtech.aolcloud.net", "UserId": "20BDA38053249AEA8319458CFC822467"}}
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=564ecd6c44eae2b;misc=1588970906508
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A440caee8-916d-11ea-8758-12569b584e72;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A440caee8-916d-11ea-8758-12569b584e72;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=15...
945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A440caee8-916d-11ea-8758-12569b584e72;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
7e76c5ef91ac1e5a6d0c88df97853e3d118368f9dc9631e850d0a4ef549329f2

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A440caee8-916d-11ea-8758-12569b584e72;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=578dec51bca874b;misc=1588970906508
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508
945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
bfb15ec72874a9f2ba73cdc696d3f2f413f3e7a73c831101c7f4557fe193d3af

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=580fa2cf990727a;misc=1588970906508
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A440c6c4e-916d-11ea-a823-1245d65848a4;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A440c6c4e-916d-11ea-a823-1245d65848a4;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=15...
945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A440c6c4e-916d-11ea-a823-1245d65848a4;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
30350db5df308d3c1ee7e294d040ad4e762420c107f040d7c51c81585ae84866

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A440c6c4e-916d-11ea-a823-1245d65848a4;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=591bddaf3326e06;misc=1588970906508
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A440b2d02-916d-11ea-9165-12a08556f668;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1588970905;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A440b2d02-916d-11ea-9165-12a08556f668;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=15...
945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A440b2d02-916d-11ea-9165-12a08556f668;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
a3c88b68a858eb8b147f04ecdcdfb12f44aed2ae05fe2fda84d7965c1321d7a6

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
x-adtech-meta
{"Debug": {"IP": "0.0.0.0", "Selector": "pri-select010c.us-east-1.prod.adtech.aolcloud.net", "UserId": "BF3A99D8EBF07E1BAE52F751F3C210BA"}}
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A440b2d02-916d-11ea-9165-12a08556f668;cfp=1;rndc=1588970906;v=2;cmd=bid;cors=yes;alias=6032cf584d6065b;misc=1588970906508
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 728.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.176:80
AN-X-Request-Uuid
d8e84075-e4e4-49b2-9ba9-bc28670dd7a7
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		172 B
568 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsafehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=b33653cd-700f-42a9-b646-c97423c58b6d%2C5b935de2-7932-469b-b615-76255e3b475e%2Ce846e87d-3087-4e8e-a31f-e0cf3cdb924e%2Cd50896fb-941f-4d38-83fb-44670c6b0676%2Cf0c8a6d6-f05e-475d-a40d-de6c5ea42c0f&nocache=1588970906511&pubcid=9311150b-bf40-4a86-b3db-d341f92836e3&schain=1.0%2C1!admetricspro.com%2C102%2C1%2C%2C%2C&aus=300x250%7C300x250%7C300x250%7C728x90%7C728x90&divIds=div-gpt-ad-1553475674669-0%2Cdiv-gpt-ad-1553475817787-0%2Cdiv-gpt-ad-1553475909622-0%2Cdiv-gpt-ad-1553475988342-0%2Cdiv-gpt-ad-1553476044183-0&auid=540800705%2C540800706%2C540800707%2C540800708%2C540800709&
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.185.0 /
Resource Hash
ed96941facc11fd72062ef88f946e7f535134728b8298b1b1b09b7b6b417dd32

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
server
OXGW/16.185.0
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
163
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		131 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
31766
x-xss-protection
0
pragma
public
x-fb-debug
VssFUk+ChGtbOdsabAXn2EWQbg6MOEarD7cQvQQe7lTqJkvoR4phdZIYwyuFhaxXYHGp/GvmYoSAQ3ikc4J5kw==
x-fb-trip-id
1425083115
x-frame-options
DENY
date
Fri, 08 May 2020 20:48:26 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
ee70c0a7d2f14ec08939692fc7857b11.js
cdn.pushcrew.com/js/ 		237 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pushcrew.com/js/ee70c0a7d2f14ec08939692fc7857b11.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3677 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c79ada16090cc7e94af116173695bfd88da9efe580f89749e1160ba9d49c54c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
access-control-allow-origin
*
status
200
cf-request-id
0297a4fbe2000005c83e88e200000001
last-modified
Thu, 09 Apr 2020 07:33:27 GMT
server
cloudflare
etag
W/"5e8ecfc7-3b3a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 google
cache-control
max-age=43200
cf-ray
59060aa6388905c8-FRA
expires
Fri, 08 May 2020 21:18:26 GMT
search.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		770 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/search.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:c600:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d

Request headers

Referer
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:59:46 GMT
via
1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:47:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
28120
etag
"302-5a498180d910c"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
770
x-amz-cf-id
mCtTKlUpXEsPvfANo3twvSHdBMm2Ou-6_PjAEyHCFAYUI6AGk_XB3Q==
expires
Fri, 15 May 2020 12:59:46 GMT
v1
dmx.districtm.io/b/ 		0
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59060aa6afa90c6d-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0297a4fc2900000c6d5c8ad200000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=zj1PD0u2UfEfqEpfsGJvih9GfWKRxO~450~div-gpt-ad-1553475674669-0&psa=0&zone=450&id=15024977&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.21:80
AN-X-Request-Uuid
96bd30ba-2120-4adf-9cdd-7141cfd2b8f4
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59060aa6c8060c6d-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0297a4fc3e00000c6d5c8b0200000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=DELzqjwMxfizCRSX57oGN47eUeM9bA~451~div-gpt-ad-1553475817787-0&psa=0&zone=451&id=15024978&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.56:80
AN-X-Request-Uuid
f6cb6c83-1340-4284-a500-a7ffc8eb2a9b
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59060aa6c80d0c6d-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0297a4fc4000000c6d5c8b1200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=l5xBRGl28DG65Xd5Gz02hEBtjgiOQ6~452~div-gpt-ad-1553475909622-0&psa=0&zone=452&id=15024979&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.236:80
AN-X-Request-Uuid
af82d655-c4d2-4f19-b26e-95c65820c6cc
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59060aa6c80e0c6d-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0297a4fc4000000c6d5c8b2200000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=5WW8nFpj9Xr4LTY6mnIRRsDLo4fV7A~453~div-gpt-ad-1553475988342-0&psa=0&zone=453&id=15024980&member_id=1908&size=728x90&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.41:80
AN-X-Request-Uuid
664f5107-37c9-46ab-9ef3-790edc67184e
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59060aa6c8100c6d-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0297a4fc4000000c6d5c8b3200000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=BrZhvubAwmpsG5bhPN9IFedkk00mZk~454~div-gpt-ad-1553476044183-0&psa=0&zone=454&id=15024981&member_id=1908&size=728x90&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:28 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 730.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.47:80
AN-X-Request-Uuid
489dc1da-688a-45ef-8040-3f77c3a421da
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 149B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3576b4a4810dff301fa7fdcc43fd6cafc96a76a7ac33ba975b04a3190c748ab

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=2106052854&t=pageview&_s=1&dl=https%3A%2F%2Fsafehaven.com%2F&ul=en-us&de=UTF-8&dt=Safehaven.com%20%7C%20Preservation%20of%20Capital&sd=...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=990459807.1588970907&jid=1393948454&_gid=1024614512.1588970907&gjid=363984502&_v=j82&z=576364816
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=990459807.1588970907&jid=1393948454&_gid=1024614512.1588970907&gjid=363984502&_v=j82&z=576364816
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 08 May 2020 20:48:26 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=990459807.1588970907&jid=1393948454&_gid=1024614512.1588970907&gjid=363984502&_v=j82&z=576364816
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
247445556002302
connect.facebook.net/signals/config/ 		475 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/247445556002302?v=2.9.18&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
173bf971478c26c62d39568f01aba75e836f04fe65b35d755803382abea7e5f5
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
122178
x-xss-protection
0
pragma
public
x-fb-debug
t9VaFeRpkv/fI5/PbiXUAdpcRLxVHTF8casp0GnOZZTIOW+NeFFud7z5nQciZ0xnUQLsaz8eDAAMWriUthzYBQ==
x-fb-trip-id
1425083115
x-frame-options
DENY
date
Fri, 08 May 2020 20:48:26 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/?random=1588970906837&cv=9&fst=1588970906837&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f2f2e7c9cad9a6af140c08213dda050da743a65ce533035a951662d3ef8f936
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1028
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/?random=1588970906839&cv=9&fst=1588970906839&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
af95482b05b2313f231a27fdc6637a1fe2210f735c28481bd9791d862ddd56c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1025
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/802310072/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/?random=1588970906839&cv=9&fst=1588970906839&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
  • https://www.google.com/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
  • https://www.google.de/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&is_vtc=1&random=2597652609&resp=GooglemKTybQhCsO&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:26 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/802310072/?random=1588970906839&cv=9&fst=1588968000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&is_vtc=1&random=2597652609&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
368 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsafehaven.com%2F&pid=2UlDkluVAM4sA&cb=0&ws=1600x1200&v=7.49.02&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF2%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-ATF%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-BTF%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
via
1.1 3ef9a20d3fa6ab2cb9dbcc2f635621ce.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
HAM50-C2
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
4K31F_n8c9u9KEgJMdqDaXy9uBwheHjS7T0pzh_zDI1vKKgdXDc10g==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 11:54:30 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
32037
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 09 Apr 2020 23:46:54 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 c3e656776c8a9f0e1ea24405ab1dcc85.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
x-amz-cf-id
EElob8XIfTJLDi04Phi1yF9hhx9qEPNoHH3ipCLap5Dd3etKnfIzSQ==
api.min.js
a.optmstr.com/app/js/ 		199 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.optmstr.com/app/js/api.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.100 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
6dea8865dbcf331b73dbdd5969a09f69bf6be3f0a4b76a6c14acece427b3a828

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:26 GMT
content-encoding
gzip
last-modified
Fri, 08 May 2020 17:30:52 GMT
server
NetDNA-cache/2.2
x-amz-request-id
DA2E221B9EDB7E87
etag
W/"ebff8892b7f75a12a225fa7566f1d9d1"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
4RzW6L+9JmHTZGvTyS5oTCTv5pxZtSIBBOMObs9rd3LMY/blCY/KCN0qN2oKOOMAMw7yLSU8uAE=
expires
Mon, 03 May 2021 20:48:26 GMT
iab_consent_sdk.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 149B 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Feb 2020 15:01:36 GMT
Server
nginx
ETag
W/"5e441350-4be0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 20:48:26 GMT
DetectGDPR2.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 149B 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 18:48:12 GMT
Server
nginx
ETag
W/"5e2ddeec-211f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 20:48:26 GMT
DetectGDPR.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 149B 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 11:58:13 GMT
Server
nginx
ETag
W/"5e2d7ed5-1d87"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 20:48:26 GMT
hls.0.12.4_1.min.js
live.sekindo.com/content/video/hls/ Frame 149B 		247 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Jan 2020 15:31:56 GMT
Server
nginx
ETag
W/"5e1352ec-3dcb9"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 20:48:27 GMT
prebidVid.2.44.3_4.min.js
live.sekindo.com/content/prebid/ Frame 149B 		272 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 May 2020 09:21:08 GMT
Server
nginx
ETag
W/"5eafde84-4415a"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 20:48:26 GMT
liveVideo.php
live.sekindo.com/live/ Frame 149B 		413 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588970906&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
c623c5cd6e514353d341428d2a65b40119e63f275d54b7bc4e7034afeab6c164

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
/
www.google.com/pagead/1p-user-list/814550776/ 		42 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/814550776/?random=1588970906837&cv=9&fst=1588968000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=3803354009&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/814550776/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/814550776/?random=1588970906837&cv=9&fst=1588968000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=3803354009&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/820290545/ 		42 B
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/820290545/?random=1588970906839&cv=9&fst=1588968000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=419045151&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/820290545/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/820290545/?random=1588970906839&cv=9&fst=1588968000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=419045151&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
651529765710614
connect.facebook.net/signals/config/ 		475 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/651529765710614?v=2.9.18&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
370f89f6ebcec94f6a529911989dc8cd601a3cf2795b36cc3b5ba92fae8af47d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id
1425083115
pragma
public
x-fb-debug
g6C/J/RIvAJCF4fKzy+kTMwdXvRXr5qx9Ci0C8ogbjnRoqpAtjq1AhPiHWu3vMsjCJZJVqku8nNPjnoJu11Zvw==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Fri, 08 May 2020 20:48:27 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=247445556002302&ev=PageView&dl=https%3A%2F%2Fsafehaven.com%2F&rl=&if=false&ts=1588970907052&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1588970907051.2086047348&it=1588970906802&coo=false&rqm=GET
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT, Fri, 08 May 2020 20:48:27 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Fri, 08 May 2020 20:48:27 GMT
20987
api.omappapi.com/v2/embed/ 		82 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.omappapi.com/v2/embed/20987
Requested by
Host: a.optmstr.com
URL: https://a.optmstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.183.4 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-183-4.ham50.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
813628535187fe19c6e20047ec1987cb69c53a0fdc33b3bec28d2876a683a6d9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
HAM50-C3
x-cache-status
HIT
x-cache
Miss from cloudfront
status
200
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
1720
x-user-agent
standard
server
Pagely Gateway/1.5.1
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
via
1.1 259359d7ff61dd984af98fc0a1b513fa.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Account
access-control-allow-origin
*
x-amz-cf-id
3tLoCNQ-_xzaBG7Yasp_fXjoWiSQny0PS82aCqdsMXxl_9-biOpq5g==
/
www.facebook.com/tr/ 		44 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=651529765710614&ev=PageView&dl=https%3A%2F%2Fsafehaven.com%2F&rl=&if=false&ts=1588970907141&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1588970907051.2086047348&it=1588970906802&coo=false&rqm=GET
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT, Fri, 08 May 2020 20:48:27 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Fri, 08 May 2020 20:48:27 GMT
apstag.js
c.amazon-adsystem.com/aax2/ Frame 149B 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 19:07:34 GMT
content-encoding
gzip
server
Server
age
6052
etag
ad48a5f558eb50f381edaa87211f6c91
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
uMAZYh3eImZ8Y_Z6rDaQ8MQv-Cr-YhHsa1x0GIYWDS4pmZCTtwX1fw==
via
1.1 3ef9a20d3fa6ab2cb9dbcc2f635621ce.cloudfront.net (CloudFront)
ads
securepubads.g.doubleclick.net/gampad/ 		19 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=349303580636691&correlator=2653188967231303&output=ldjh&impl=fifs&adsid=NT&eid=21066130%2C21064370%2C21065513%2C21065975&vrg=2020050602&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200508&iu_parts=192633929%2Csafehaven-300x250-ATF%2Csafehaven-300x250-BTF%2Csafehaven-300x250-BTF2%2Csafehaven-728x90-ATF%2Csafehaven-728x90-BTF&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=300x250%2C300x250%2C300x250%2C728x90%2C728x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1588970907&dt=1588970907217&dlt=1588970906122&idt=284&frm=20&biw=1585&bih=1200&oid=3&adxs=1068%2C1068%2C240%2C241%2C429&adys=661%2C943%2C2308%2C1221%2C3001&adks=814543115%2C3046793618%2C190242331%2C1732354106%2C2965735416&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsafehaven.com%2F&dssz=56&icsg=2818572928&mso=32&std=41&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x532%7C320x532%7C395x250%7C824x90%7C1585x90&msz=320x250%7C320x250%7C395x250%7C824x90%7C1585x90&ga_vid=990459807.1588970907&ga_sid=1588970907&ga_hid=2106052854&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
6a532e1f3e3115b407254fa8b8200b5836adb7ca854739266c2fccdefb17e5ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4768
x-xss-protection
0
google-lineitem-id
5012158941,5012537195,5012542490,5012545628,5012261260
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138265267020,138265545376,138265545085,138265545127,138265239347
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://safehaven.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 149B 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 11:54:30 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
32038
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 09 Apr 2020 23:46:54 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 c3e656776c8a9f0e1ea24405ab1dcc85.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
x-amz-cf-id
tctOnvpZmqNNi01N4QDLvg6E5JBx-C49d1uNB7mzzX_ySPWb8aYy9w==
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 07 Apr 2020 11:32:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2711767
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6490
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Apr 2021 11:32:20 GMT
mobile-detect.min.js
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/ 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7907431
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0297a4fe8800001f2d52056200000001
served-in-seconds
0.002
timing-allow-origin
*
last-modified
Sat, 08 Sep 2018 10:00:50 GMT
server
cloudflare
etag
W/"5b939dd2-9624"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59060aaa7ade1f2d-FRA
expires
Wed, 28 Apr 2021 20:48:27 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://safehaven.com

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
status
200
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
77171
css
fonts.googleapis.com/ Frame BC67 		2 KB
672 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 20:48:27 GMT
server
ESF
date
Fri, 08 May 2020 20:48:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 20:48:27 GMT
css
fonts.googleapis.com/ Frame 5E83 		2 KB
626 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 20:48:27 GMT
server
ESF
date
Fri, 08 May 2020 20:48:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 20:48:27 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 09AD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.32 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-32.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:28:34 GMT
ETag
"1300708-2eae-5a33da96f833f"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
4169
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=78127
Expires
Sat, 09 May 2020 18:30:34 GMT
Date
Fri, 08 May 2020 20:48:27 GMT
Connection
keep-alive
Vary
Accept-Encoding
placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:26 GMT
Last-Modified
Sun, 11 Jun 2017 08:04:06 GMT
Server
nginx
ETag
"593cf976-5dbf"
Content-Type
image/png
Cache-Control
no-cache, private
Accept-Ranges
bytes
Content-Length
23999
Expires
Fri, 08 May 2020 20:48:25 GMT
logo_5146.png
video.sekindo.com/uploads/video/users/logo/19668/ Frame BC67 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/video/users/logo/19668/logo_5146.png?cbuster=1563896491
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:47 GMT
Last-Modified
Tue, 23 Jul 2019 15:41:25 GMT
Server
Tengine
ETag
"5d372aa5-470b"
X-Cache-Status
MISS
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
max-age=604800, private
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
18187
Expires
Fri, 15 May 2020 20:48:36 GMT
vid5eb5780cd5116229212092.jpg
video.sekindo.com/uploads/cn15/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn15/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.jpg?cbuster=1588951054
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
5d4f3bc6a4c8cb9c10f7e194e025f3854e6d0ca0165459ec4e51188b3ae26565
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 15:32:44 GMT
Server
Tengine
ETag
"5eb57b9c-2038"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
8248
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733ee9052239075304.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733ee9052239075304.jpg?cbuster=1588884290
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
39ac46b13bedb7f0fdf649e1b604d551d1070130f08b8bfe74583bde4cc4ebbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Thu, 07 May 2020 21:46:59 GMT
Server
Tengine
ETag
"5eb481d3-224e"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
8782
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4caedec0d6585245123.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4caedec0d6585245123.jpg?cbuster=1588906734
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
fdc84429b7f2a1703c067639750740277969336f6831a99226ca2bf5abd8ac4a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 03:06:03 GMT
Server
Tengine
ETag
"5eb4cc9b-43bc"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
17340
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4caeb9b531176034771.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4caeb9b531176034771.jpg?cbuster=1588906733
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
603ba8158c1e41ade6b5e48b7fcfff47f84c9eaedbd2553dd21a9365f833da76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 03:05:58 GMT
Server
Tengine
ETag
"5eb4cc96-794b"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
31051
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4caea0bd59728631184.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4caea0bd59728631184.jpg?cbuster=1588906731
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
e7a08afc034e6a422f276d22ec29bdf9edcc8d6257134a73cf380f17d08f7eb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 03:05:38 GMT
Server
Tengine
ETag
"5eb4cc82-36f1"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
14065
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4cae8e8989824727973.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4cae8e8989824727973.jpg?cbuster=1588906729
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
14d7880d4a59cc5fba63c47e3bdcd787e6f9307cd06b5769954aa579dc79f708
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 03:05:16 GMT
Server
Tengine
ETag
"5eb4cc6c-5a56"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
23126
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4734456669337503990.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4734456669337503990.jpg?cbuster=1588884293
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
fe8cf7dbb11da4054986faf6fb75c6112038d9ca1943656f822eeeb3d9f4b754
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Thu, 07 May 2020 21:52:53 GMT
Server
Tengine
ETag
"5eb48335-4d5b"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
19803
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb473435ecaa680620106.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb473435ecaa680620106.jpg?cbuster=1588884292
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
ffb0a6d25f27a6cba794b629b7eb934a54b4cf8986df1a388fc96e0ac477c495
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Thu, 07 May 2020 21:47:16 GMT
Server
Tengine
ETag
"5eb481e4-5211"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
21009
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb473426e0ac850528608.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb473426e0ac850528608.jpg?cbuster=1588884291
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
52d2f9b18b7c867e732a42bc82a20077e54a9c5137d2429b48dc4fc34fd7f699
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Thu, 07 May 2020 21:47:05 GMT
Server
Tengine
ETag
"5eb481d9-4bd6"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
19414
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733d9afab339860429.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 5E83 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733d9afab339860429.jpg?cbuster=1588884286
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
96a1afb1b91fa08558e5a5eb58c0497a7ae508c4d2134fda29fbb66df408168e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Thu, 07 May 2020 21:46:03 GMT
Server
Tengine
ETag
"5eb4819b-5760"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
22368
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sync
x.bidswitch.net/ul_cb/ Frame 149B
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent=
43 B
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.221.204 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-221-204.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 08 May 2020 20:48:27 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status
302
date
Fri, 08 May 2020 20:48:27 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb5c59abcdf9&custom_data=5eb5c59abcdf9&gdpr=1&gdpr_consent=
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
liveCS.php
live.sekindo.com/live/ Frame 149B
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
  • https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=e34c6f66-a493-4973-8b83-cb8c785668e5
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=e34c6f66-a493-4973-8b83-cb8c785668e5
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:27 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-store
Content-Type
text/html; charset=utf-8

Redirect headers

status
307
date
Fri, 08 May 2020 20:48:27 GMT
content-length
0
location
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=e34c6f66-a493-4973-8b83-cb8c785668e5
vid5eb5780cd5116229212092.jpg
video.sekindo.com/uploads/cn15/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame BC67 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn15/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.jpg?cbuster=1588951054
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
5d4f3bc6a4c8cb9c10f7e194e025f3854e6d0ca0165459ec4e51188b3ae26565
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://amli.sekindo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 15:32:44 GMT
Server
Tengine
ETag
"5eb57b9c-2038"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
8248
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame BC67 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame BC67 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
liveView.php
live.sekindo.com/live/ Frame 149B 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn15%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb5780cd5116229212092.mp4&vid_content_id=788743&vid_content_desc=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_title=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_duration=413&debugInformation=&x=396&y=223&fpl=0&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&cbuster=1588970907366&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
1684309711d4646b02f7c3a93016774586e95208d237f1df6acd64f249bf132d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1277
liveView.php
live.sekindo.com/live/ Frame 149B 		22 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn15%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb5780cd5116229212092.mp4&vid_content_id=788743&vid_content_desc=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_title=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_duration=413&debugInformation=&x=350&y=197&fpl=0&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&cbuster=1588970907366&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
b1d8a8db4af827ed25ab109aa6c8d21f4a42e58cb1c5dab1630f8cdbf6c15461

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1792
liveView.php
live.sekindo.com/live/ Frame 149B 		2 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn15%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb5780cd5116229212092.mp4&vid_content_id=788743&vid_content_desc=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_title=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_duration=413&debugInformation=&x=396&y=223&fpl=0&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&cbuster=1588970907367&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
22
liveView.php
live.sekindo.com/live/ Frame 149B 		2 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn15%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb5780cd5116229212092.mp4&vid_content_id=788743&vid_content_desc=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_title=Paychex+CEO+Says+60%25+of+PPP+Loan+Applicants+Waiting+for+Approval&vid_content_duration=413&debugInformation=&x=350&y=197&fpl=0&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&cbuster=1588970907505&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F32337D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb5c59abcdf9&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:27 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
22
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 149B 		184 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.157.88.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-88-129.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
357456e39066469ea5c8b3f1d9e1101882788a152d225ca673c1e40b490bb273

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
status
200
content-type
application/json
access-control-allow-origin
https://safehaven.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
173
expires
0
chunklist_640.m3u8
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/chunklist_640.m3u8
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
38fd94d554b3ef0e19aa494dfb055cc4e5c03042f716f5d6e2ab370388953708

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 15:35:38 GMT
Server
Tengine
ETag
"5eb57c4a-8cc"
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:38 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
2252
X-Proxy-Cache
HIT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame BC67 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin
https://safehaven.com

Response headers

date
Fri, 08 May 2020 19:19:05 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
5362
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Sat, 08 May 2021 19:19:05 GMT
/
www.facebook.com/tr/ 		0
80 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryYaRoTM2GgmtAfwc8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 08 May 2020 20:48:27 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
content-length
0
openrtb
ads.adaptv.advertising.com/rtb/ Frame 149B 		0
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.87.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-87-52.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://safehaven.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
openrtb
ads.adaptv.advertising.com/rtb/ Frame 149B 		0
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.156.87.52 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-87-52.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://safehaven.com
Access-Control-Allow-Credentials
true
Server
adaptv/1.0
Connection
keep-alive
Content-Length
0
Content-Type
application/json
v1
prg.smartadserver.com/prebid/ Frame 149B 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:27 GMT
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://safehaven.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-type
application/json
content-length
0
expires
-1
liveView.php
live.sekindo.com/live/ Frame 5E83 		43 B
463 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=6&serverTime=1588970907&s=58057&sta=13398078&x=350&y=197&msta=11010936&vid_vastType=3&vid_viewabilityState=1&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&playbackMethod=auto&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&rvn=${VP_RVN_MACRO}&attemptMultiplier=10&contentFileId=0&mediaPlayListId=0&playerVer=3.0.0&cbuster=1588970907614&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:27 GMT
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Content-Disposition
inline; filename="pixel.gif"
Content-Type
image/gif
Expires
Thu, 31 Dec 2037 23:55:55 GMT
/
www.facebook.com/tr/ 		0
29 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryIPzmYUmbIdGoxCpo

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 08 May 2020 20:48:27 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
content-length
0
w_640_000.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		337 KB
337 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_000.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
41d71d3278aa4f99fc5a5dd1402d2f7c877b7551dbd326da4beab5b76769796a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 15:35:14 GMT
Server
Tengine
ETag
"5eb57c32-542d8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:38 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
344792
X-Proxy-Cache
HIT
dcb29ff3-ed66-4dcb-a078-b854f425ed4d
https://safehaven.com/ Frame 149B 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://safehaven.com/dcb29ff3-ed66-4dcb-a078-b854f425ed4d
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length
64352
Content-Type
text/javascript
w_640_001.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		310 KB
310 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_001.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
7aa10b979a50936cedde8f68220c29d8bc1eca0b1561d27e26f94541dba0b3be

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:38 GMT
Last-Modified
Fri, 08 May 2020 15:35:14 GMT
Server
Tengine
ETag
"5eb57c32-4d6e4"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:38 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
317156
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 5E83 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1588970907&s=0&sta=11010936&x=350&y=197&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&contentFileId=788743&mediaPlayListId=4637&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1588970907772&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:26 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
css
fonts.googleapis.com/ 		5 KB
738 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
76c828df931848541d008f5df340db07e1fd29788cd50f9f86198c9c452fdc9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 20:48:27 GMT
server
ESF
date
Fri, 08 May 2020 20:48:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 20:48:27 GMT
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
2932847
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0297a5008c00001f2d52087200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
W/"5afd4939-9226"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
59060aadaca41f2d-FRA
expires
Wed, 28 Apr 2021 20:48:27 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Origin
https://safehaven.com

Response headers

date
Wed, 06 May 2020 00:50:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
244690
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Thu, 06 May 2021 00:50:17 GMT
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Origin
https://safehaven.com

Response headers

date
Fri, 10 Apr 2020 08:39:52 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:44 GMT
server
sffe
age
2462915
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9180
x-xss-protection
0
expires
Sat, 10 Apr 2021 08:39:52 GMT
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ Frame 0668 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10941
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
pd8slUg9pTSslXl506d4p6pp8unb721Xugp7oA4i32Y-JiNbzs87VQ==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 0668 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792462
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
HEZsoN7m3ktEqmBxiKMBCMyftB0cZKXK9yPa8_Puek1vjt9lOiZ5Tg==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 0668 		107 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:27 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 0668 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914rxlidarcontrol
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
osd.js
www.googletagservices.com/activeview/js/current/ 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ Frame E54D 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10941
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Rehtg1SfqAqUjLq8W0gM-rQ2o-ORSIpo3MBCXTIC3nroeuWhLIrQWA==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame E54D 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792462
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
-Mijc63VUVNLHm6Deozt-vZFoeKc5XLrAwczyQwyt6GwaPl3uHQTSg==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame E54D 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:27 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame E54D 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914rxlidarcontrol
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ Frame 5BF4 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10941
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
XDYnAIVH4cNInzLjr26H0BQ3Q_ffBtSZz6GUiXnOhEoEr5Rks1kbJw==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 5BF4 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792462
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
aYX5IHtH2-2rHtS71TVQEq2DuD55QQJmTmz1U3UkhqhZEA68Aq4bwQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 5BF4 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:27 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 5BF4 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914rxlidarcontrol
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a89f32f8e18c47e0826a37855b9502cf22d0dc85fc08ed27eec0d5fdf36a669
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588937666621414"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28368
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ Frame 0EAF 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10941
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
wSQyXUCppA_tLxZvQOq2f2VR0J8DcLrdRfE-RpWbYschvwpld914Yw==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 0EAF 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792462
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
fL3XShcNxFS36E7nlU4Y2z_-dm3g_jHVxxyqcr-Z8Bk1vGlEScIFeQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 0EAF 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:27 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 0EAF 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914rxlidarcontrol
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
bl-2a28c82-2f9f9a4a.js
tagan.adlightning.com/math-aids/ Frame 922C 		97 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-2f9f9a4a.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:46:07 GMT
content-encoding
gzip
age
10941
x-cache
Hit from cloudfront
status
200
content-length
40984
x-amz-meta-git_commit
2a28c82
last-modified
Fri, 08 May 2020 17:45:11 GMT
server
AmazonS3
etag
"f2654e0fbd8848dcb90d4b88dffb38c8"
x-amz-version-id
1FK5iWtQ1PqRBFrapiugR52taALSmWAD
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
jzaoD3FdmwUrrUoeGqvXxYf6_c7D6wQ-c79roXSbsRZw7jT6aqzfjw==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 922C 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.190.30 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-190-30.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 16:40:46 GMT
content-encoding
gzip
age
792462
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 52c7de80c6ff92b7b540ab39e3ca1184.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
7U_mnP-rMSS2YxLvNzwg1vHS9TRMg5_8J9lsEet3PJCwfqCxxf1LeQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 922C 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:27 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 922C 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914rxlidarcontrol
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:27 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020050602&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020050602.js?21066130
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1dbf7dc88d7f733170645e0cfee3b17d79bd1a0a97d37989f635a59d907c41ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5595
x-xss-protection
0
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://safehaven.com

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
8633083
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
77160
cf-request-id
0297a5015b0000d6b5f0847200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
"5afd4939-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
59060aaefceed6b5-FRA
expires
Wed, 28 Apr 2021 20:48:28 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 0668 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssgTi2T0ag0tCNjbk8O7KlyggPB8ReSp9TKDnHGYg0K9jVBu7_QA2HkDfsTqKTq4-Sbc0H9yS6OXIzbIzINmVHh_KsDkoLhP4JX4dA5uK1H1xhSQ1wDh7HkPR6o9ctXxF1mFizPFEDYVhcP6bgdvUKxZ4t6sNMCLrysAaXH2ocIr2mlOo8MlzfeakIVBdrk2L1-PL8x7CZMeDqIrGflYSyv0bGyboH26gXWATgX0K_xSsG66moUEldCWBfxJVJwmGh0gUuzl4koET4SthopoAU&sig=Cg0ArKJSzJxIq-ms_8eMEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 0668 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e589fcdb97ae0574aca655138cf84772689d9fa100838c0897242f91ec6c820

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E54D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYhbdQvE03oNBnZ-QnFTHMCvLsenfVkFuX4aY4soXeQFQqHKaYlEvGf-H3rJ1LbY1GKtQlHmizzDy0U4RWDn7ESW7ttB9g48-T_901oclQg607bVKJhZ6JvlUyjcYERA-NG3BldjVwIRjSdxBJVQF_h7dv42gVT4U8EggVGInE97ZI8SBycic0tCyvcgpGtCpExHwOIdfKYTaXwTXOJq3WW5UReYIB6v-JyoJ0iD1qoipwv7_UkucIMMawnWN0GCBlZ9XUhtDnMhhb4nIyN44&sig=Cg0ArKJSzBw3q97e_RIJEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame E54D 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a6eb5398463cc56995eea7219820967f95baf0ceee8afcf0d472db945a3e6161

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 5BF4 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvQp9Rjuo7ynWFKttyWm7e-Ap5QljnqcPGhu0sIF_r6iIT6Fn1SZqaDuai7Hj8XtAwtP6BdYa6AGRsBh7SPkrCyGE6DIF8OmylUlkBgvV51cflHTsCuE3JujvBolcUqHBWA7IYY7uL25eT6tXiBNcPjO3p0ETp_f-GPZFcvzCY9djpJ2TqxMqW9g0SIuEHX3A0Vc6HeJ0gWCGZnrLqmckhmrj6vrjs8hZpDFQXBk5FRAxnIuQxQkvTtG4auSrNiUZMfIs4AhFMvBI6iqYYWgHjb&sig=Cg0ArKJSzGloO8hzDtNQEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 5BF4 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a380d37acf958a861a402d8829456fb958fd6910a549fbf9cb57488f29cca63b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 0EAF 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssnPBIQ_gYdPfMhJGMIIPW94q2-9DS7EhDw_IJGXNn8_pxDrZmF4k2_vo8lNM5LSjwONKrPsZZirWtLPWpDX9NgmYXUASRc8uN1qRnxeUF8nxBb6FOt6ch_911foF4DSn1NX_SDGvf7PWD6POFRyhhWAwcO6VIywZQ-oNYWNe3h1aCRnAteTzTfzW9uuHeDMJsH-bqoNFlIxGHJKCCR73SH0kyRfEoxEOo66s_QaYOCGIIvI75sJ5hQVgencfxzr7euaCzt0ETJOJwygLT0Jw&sig=Cg0ArKJSzEvcILZUbQ_8EAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 0EAF 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d068c5068f374be6f4a58d718241b54478877bd3dc9d65932b478c3a05cd402c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 922C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstFqg33cnhiK6WwOtyK1-XrXxvPM2tlqg2zfBWcC68jmxUxAtA-1Z0Lc6E46HEIrAkHXCAv758ARzwVgpT1twDAokwUDxIV--n4UWt-BHK5LtKiQfCb4l2xWWPyzeHJlaaMoudvHKuDEhJjDaW3GwKLtNoHvMuiKmN4bkF1dys-HjwU27P6Vxwd-uviWMvT5riNtQ5y8C1emFZ2yyVkq9x4QaoQfzvzsrOWWQq1lsBvZ3DpEvDAwtKjs3HwSczLe6LGAovQsWYtwO3gD9itGg&sig=Cg0ArKJSzLn7NXHAC4AAEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 922C 		208 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
176d97446b7321da289807aacf7d4132bb257bf706e1c567498864cbc739db54

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame 0668 		109 B
174 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 0668 		109 B
894 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 0668 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:28 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/ Frame 330F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200506/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Thu, 07 May 2020 02:45:36 GMT
expires
Thu, 21 May 2020 02:45:36 GMT
content-type
text/html; charset=UTF-8
etag
4094386822458569044
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4444
x-xss-protection
0
cache-control
public, max-age=1209600
age
151372
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
integrator.js
adservice.google.de/adsid/ Frame E54D 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame E54D 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame E54D 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:28 GMT
integrator.js
adservice.google.de/adsid/ Frame 5BF4 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 5BF4 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 5BF4 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:28 GMT
integrator.js
adservice.google.de/adsid/ Frame 0EAF 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 0EAF 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 0EAF 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:28 GMT
integrator.js
adservice.google.de/adsid/ Frame 922C 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 922C 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 922C 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 20:48:28 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame EEEE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
googleads.g.doubleclick.net/pagead/ Frame 06B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908355&bpp=18&bdt=424&idt=204&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=2&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=294590354&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085%2C410075106&oid=3&pvsid=1451982518464677&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.k8ioyo7x8oss&fsb=1&dtd=219
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908355&bpp=18&bdt=424&idt=204&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=2&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=294590354&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085%2C410075106&oid=3&pvsid=1451982518464677&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.k8ioyo7x8oss&fsb=1&dtd=219
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 20:48:28 GMT
server
cafe
content-length
200
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 0668 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame D87B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908410&bpp=2&bdt=469&idt=178&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=163064506&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21065925%2C21066085%2C44716866&oid=3&pvsid=4471374619827331&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.c1yj7frffwoh&fsb=1&dtd=184
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908410&bpp=2&bdt=469&idt=178&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=163064506&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21065925%2C21066085%2C44716866&oid=3&pvsid=4471374619827331&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.c1yj7frffwoh&fsb=1&dtd=184
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 20:48:28 GMT
server
cafe
content-length
198
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame E54D 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame AB17 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908436&bpp=2&bdt=487&idt=169&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=1809153635&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2537&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2727213638569737&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.pibbp7hd6s1s&btvi=1&fsb=1&dtd=174
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908436&bpp=2&bdt=487&idt=169&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=1809153635&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2537&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2727213638569737&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.pibbp7hd6s1s&btvi=1&fsb=1&dtd=174
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 20:48:28 GMT
server
cafe
content-length
198
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 5BF4 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
usync.html
eus.rubiconproject.com/ Frame 243E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|G9C2NkZC7frDQSirzNt8MRPvuJlRI6aSli1gEtfhZ1co9sDCaATiL5HZCune57OIAnOxtVOqDmauFyjIXSP/K1XE6wBU121TpS94OfHaS3J5oG+vEPIAYMXyJPObaA/FUuvBwH9kPTD5z5A0ea1Ww/V+UrWefz+Q; ses2=; vis2=250874^1; ses15=; vis15=250874^1; khaos=K9YO92AY-K-B16; audit=1|hLZGFuTafB1J1pxJNi/97M1+1ZYfrZ/aRq/Pv+xykC5dO59IwQTX1z3f1lt30QrPwFCfoC+4IsX46ntQRotz/wIs4X5J+Y5r
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding
gzip
Content-Length
9123
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=61565
Expires
Sat, 09 May 2020 13:54:33 GMT
Date
Fri, 08 May 2020 20:48:28 GMT
Connection
keep-alive
Vary
Accept-Encoding
%7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 149B 		43 B
793 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
ups.analytics.yahoo.com/ups/55953/ Frame 149B
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://pixel.advertising.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c&apid=1A440caee8-916d-11ea...
0
989 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c&apid=1A440caee8-916d-11ea-8758-12569b584e72
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:29 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Fri, 08 May 2020 20:48:28 GMT
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=cec6a836-e86a-4c61-a7f8-04a9861ae49c&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=cec6a836-e86a-4c61-a7f8-04a9861ae49c&apid=1A440caee8-916d-11ea-8758-12569b584e72
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
sync.adap.tv/ Frame 149B
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?redir=https%3A%2F%2Fsync.adap.tv%2Fsync%3Ftype%3Dgif%26key%3Dtubemogul%26uid%3D%24%7BUSER_ID%7D&_test=XrXFnAAAALZFj1vC
  • https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrXFnAAAALZFj1vC&_test=XrXFnAAAALZFj1vC
0
0
sync
ups.analytics.yahoo.com/ups/57304/ Frame 149B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1&apid=1A440caee8-916d-11ea-8758-12569b584e72
0
977 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1&apid=1A440caee8-916d-11ea-8758-12569b584e72
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:28 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Fri, 08 May 2020 20:48:28 GMT
location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEOJoBphkIaRYJl-PaRc-rkg&google_cver=1&apid=1A440caee8-916d-11ea-8758-12569b584e72
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
ads
googleads.g.doubleclick.net/pagead/ Frame 3F48 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908459&bpp=2&bdt=504&idt=183&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=20251397&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1221&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21065070%2C21066085&oid=3&pvsid=3731329283698508&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.rcraxfot11nt&btvi=1&fsb=1&dtd=188
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908459&bpp=2&bdt=504&idt=183&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=20251397&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1221&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21065070%2C21066085&oid=3&pvsid=3731329283698508&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.rcraxfot11nt&btvi=1&fsb=1&dtd=188
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 20:48:28 GMT
server
cafe
content-length
198
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 0EAF 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 0014 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908474&bpp=2&bdt=512&idt=184&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=340854106&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3156&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2955730773698501&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.13fnuvmfdvyt&btvi=1&fsb=1&dtd=188
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588970908474&bpp=2&bdt=512&idt=184&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=1669979291845&frm=23&ife=4&pv=1&ga_vid=990459807.1588970907&ga_sid=1588970909&ga_hid=340854106&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3156&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=2955730773698501&pem=298&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.13fnuvmfdvyt&btvi=1&fsb=1&dtd=188
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmXT7blUS2HBTscEm_WyxExYAWb7JoNturi9zV9kHrK2Qgk3CwqlO7K5eMM
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 20:48:28 GMT
server
cafe
content-length
199
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 922C 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 0668 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0a1a3c761f100b6f30ad2cca4d2f4856f98be3ab1246ed3a5a1a4508031a4fc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5542
x-xss-protection
0
w_640_002.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		315 KB
316 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_002.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
5cad7da6bee78b977eec3dd580d316ee5355b1655e21ca55a332a9334a6acadd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:39 GMT
Last-Modified
Fri, 08 May 2020 15:35:15 GMT
Server
Tengine
ETag
"5eb57c33-4eda8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:39 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
322984
X-Proxy-Cache
HIT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 5BF4 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
da8dc55d23be3d467c6c82f0a4cb834208b813977312dcd51f86d7eea29ddc15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5596
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0668 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 0EAF 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
abb4df9149b8dc0656136fa0830dc5ddc1b3dc0f64c0250130dd31a9fe07ff32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5576
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame E54D 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f0f07cb48e8dc5170b9f37b76a723b3c6b8b95cbdd36a508b9fb7e12c89e2d9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5607
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 922C 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0aa5f5c7a7f8a464d1ef474c46c5d1895e5e9b384c4055d7e31696986b86160
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5481
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 5BF4 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020050602&jk=349303580636691&bg=!4-Cl4PhYQA0i6PmH8qACAAAAZ1IAAAANmQF1vI42JCjRqNAwyi0z07jq9J9-WEMz0s4-JW_iZQgUfrzPgySIuptteUeWBL_wMZAWYI0Bhdog1GmC_lvGnqpb1g9noLUF0OJhZoIz-_D8-ApNc1B9W0bdZS4Cigac13yGBi8XwH_mNcPynbpbLI0w4UR4N6fKbpJ_KvoBL-53_VkXbdvc7ilzKhz-7Sfrg6pHqobUUgeh9LcCELfe32hwtnOoZvnfDmT-b7HJ3PcWW6m1-8c53MuxVRO1Zn2rdIcqa40Bn5mNfG5krVX4DD0LXVX2QqoEuIcGbc6CRQN1sri53ltBlySBxxjneEy4kYRVQE76dYn4Fg6LmNI2AVSJ45ujg4BtvTLv1tmWz5TqV-WdtEgdW97KqALinqFX5qU8_5vS8AdbueeRvWV53ZYTGPS9buHE994TYNt4C47z0DEWCd4e8pLUvkjFVX7HJ9NGKt5HK4Oo02MRKrBOHzmt2ZaoV64YCFsZI7SS4pIK0RAf1hPVOQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:28 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 0EAF 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 922C 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame E54D 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 20:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 20:48:28 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame EA00 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 0135 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 5208 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 158C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame DAE4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 19:39:14 GMT
expires
Sat, 08 May 2021 19:39:14 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4154
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
w_640_003.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		267 KB
268 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_003.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
ba9907461566546802b4023e077d92c7ce6176055e6f97f4a035045a657bf502

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:39 GMT
Last-Modified
Fri, 08 May 2020 15:35:15 GMT
Server
Tengine
ETag
"5eb57c33-42d40"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:39 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
273728
X-Proxy-Cache
HIT
w_640_004.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		271 KB
271 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_004.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
a24254e199e2c8591d597ad1f177d0ffc413f567545fa8cf20f7f6b478b1b06e

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:39 GMT
Last-Modified
Fri, 08 May 2020 15:35:16 GMT
Server
Tengine
ETag
"5eb57c34-43bf0"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:39 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
277488
X-Proxy-Cache
HIT
w_640_005.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		291 KB
291 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_005.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
b18ff0742231c9fc415b855c76afa82448616195dd7afbe87b9328720dd0a5c5

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:39 GMT
Last-Modified
Fri, 08 May 2020 15:35:16 GMT
Server
Tengine
ETag
"5eb57c34-48b40"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:39 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
297792
X-Proxy-Cache
HIT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0668 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=1451982518464677&bg=!LC-lLzdY4zx-Velh7OYCAAABKlIAAAAmmQF7QlhkBB8jyJ4YR1LqdHM3NdcjRJ1ZVX2kU_6vRY15o9fI9wy-wTvpEKLZfqQFpVlcMlu2d9LlHpAloaBMDLsA4h70mdKXPCbfl90tNAettBzhfqcWSWsQCHaQcj3KHEo7MfzlCrNTD3IGf80Y3l4mXd3U__y13AZleAZZeOoNSgHendwWJ0FQBqF6itr8-2UEwWh9tAe1LUEflzmI7WxOx70y6aPxdR16MPSyV5i7Gwo-tZgGczNZFl3W_REFb09ubUhXBr-Fe1gc-xJs_1EyaWNNwjt65Nr-sP5r8kdxswba1hR7Eh8eyoRe_9QtdxWrnbbumge8s0WD1-pQeDOkbJxjW8rLjkOpFQRAL22wv4Xkc2YiyR0va7wdMNEGNvJav2SJ5W4V04oRDductBEmugzdMCxI5caw1ssdLl0Z9DzLdc64YZPzu-ByEKg_cCZD2Cp1YxGOPjq2Gu6CU12akNbawPAWfL8f187JxB7jE315UDwf8DfiZtSikA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0EAF 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=3731329283698508&bg=!2dql2sJY6qryyesfp4ICAAABKFIAAAAkmQF7teb2hzind3BEonxa6A0bdM2vbzgfGGOwHjY8T-JzMto8jyxFVVsLJxTus99Kp0rKnyB8_rjr3-nF4Cy5To2kvCSKrGEgFfnk6-d6hRcjFh9mh-_3Is1ZDGC8VHkOSHhhRzVqMkchMJouNv2KEYAVfOskCAssCKR31qMf8dGsszkKVgKhtMCL3JGPJobjLD50s1f9vXuOoaACpYPcYH105HRcXS23d7Qa8O621_uC_xphf1H60lL7MMFmJOfBbPuYTaar5i5hf0rO9EL1AWk3SV1oHJi2XLP4CFNbN-BzW1DWRO0fWLuZGYVB4zJPszg1M9gbL7bcOO5dORKbuHEgjBk6p9UUyNnbymC1cHM3TTVpwarYNiKRMmIVxEbYGB7kg1ulqX5vEGMelqttkMyW7B-zKklIMp7DPn_y5OzDoE-YwWALyMndENu7KDPz60ESpnZjzvZFa-DnZddsRcSZW9m9oKCzevzpRvekd2jTEdPKYUWQyyk7KPbKUw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5BF4 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=2727213638569737&bg=!CAulCxNYI7Bqkmy2mDECAAABO1IAAAAjmQF7VdBOmhwIDNrVkaRlg7fnCC4n6Z8gVD7GtHvSJ3Qalq3t_ODewN8yag2lDhxHqD9GEpWvmh2FS0tPj_tMtThzzHum4CX7fAYjHnVH0HoFTlI8493tmCZolHmSX5thT_pHqSOW7J9NBkNbrlzKR76alcPSsv7bDq-bExcbDYwaYLHOGCKdg63Q1mYSYeAylE1CIICe_7ht_92n-M4x0MO2jt56zu9kfk430yVJC-ggFyQnNCk9XsV6THppJ1VCf1IDtmSYxqd_pG59C128_2LTfxiNmbGwoS8BltwPCPQeOZjlY5CyAj7bnC17BPuDDh8ePF1_Azc2XqGgDPEM9u6iK6sBl7eoYIHCfDux_wwAdXN738FAWYtW0c5qqOFp6wthNP_BdcU9Y3PpM6bZDVbqMNEnowg0g-6oC3Ypq94cKv-R9zafzWFWUv9OiPXahonbjLcXvVpJ4xvQorHTMIhKkDqEqOKvj3VUULRBfShzMyIBu00Ayd5AFf0j4Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E54D 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=4471374619827331&bg=!b2ylbHRYshVSOK6sIVMCAAAA11IAAAAimQF7Gh9zLmJ2Sy9iSomcGD9QpiGgZ2jEiWRfokgF6lfffc_hfc-fbjl-iWKAxaq3miZYx8JyNQ5l2Y0rhI2xv8lwaqlQXECNpz96XRfD4D2wioKmUhQQoM81tb3hpKxkvGAQDV_aw4PRSCxNpjHTQ_fUhmZfqmnf48eivVgiiGKpu4Kpk6MNkRxny3LbUYMEO-prXBrYRmi4stoo3Dw0yKVX568h7csXMLD4uF-ojfQtDRZ5Q4IAiEzmLVBZ9jWofleLp_qmb_dkNWlzlflDgbSE2iPdIhrhERjdU6yPwjxtxedkwvmzST9h-HifURisEEqvWJOb4DVQa2RiR2hkAberqBneO7z4sNRN2J_yXtlRWmAJqT20PoFaTxvJCEtlVN_da5k7vU-slOrdEqoVNtAkzPfbk5Fl5Wl0dsewtj17NHgDHbwXHSjme_LOxob46Q63OJxnn37ytng3ZdaMryaXiLLZ9CZOLu2xqGlRqT9o-T88yoCqCGlvjNtIFw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 922C 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=2955730773698501&bg=!hoWlhZ1YiNejW8W16SACAAAA_1IAAAAkmQF7lfM5wPGnl3o8yAQhxsBYpLyfWdMyEuUZ9_X0rY0pGUmlCBlmlwDxui3zy-6RJAc23M8O5V9uzq6PUDrxVIeBicNeN5pFjob3Y8RzXn5TRhoVOcyUPMGRynCedAx4ppIb852f0GXDZ7BRgeA2bSGLTlL3Paf3oMcFDt7jgue9NaNT53E0Q8A0hkr4xvTUkBPkxKipdOCgaYMr8mrPq1_1bfCNLXcqxoauw52ohM1bNKqkWCAbOdocciLzJ-ruKqIWxPU2W5RIHdnhCBb5XTHImsucuZfOgdhca4tAcimgDKgoV5Qnq-aZQ6IAVo9YS4UfbLLPVvYzTtpaTc7I5VHyUI3WqKKst8fg6R_xNItIG3TyKp1tzoMwbxWA4I_pJzBCqVDi_OoHEmjaF2rhhyirDc4x3NQpo3BIunQGvnC11Um4pdzX-HTMYeq9SBaqFx3BVoVZASHNXiGnQeXXFHzdlfvR5hFO4fjo9h3ociSilLafL5jzoQH6umzz7A
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 5E83 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1588970907&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&contentFileId=0&mediaPlayListId=0&cbuster=1588970909577&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:29 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
activeview
pagead2.googlesyndication.com/pcs/ Frame 0668 		42 B
115 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthN4h-Jy9gw_pMTXB7UcjL5DR1He8_EoysTdvIkTZ_ElB2mIBFS1hrwuF_GAExHUSBzitHMFs_AskYhOp2tl_IOz_BSPVqitAtNYeq2_E&sig=Cg0ArKJSzIGxPrlfBQreEAE&adk=814543115&tt=-1&bs=1585%2C1200&mtos=1087,1087,1087,1087,1087&tos=1087,0,0,0,0&p=661,1068,911,1368&mcvt=1087&rs=0&ht=0&tfs=514&tls=1555&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1588970907939&dlt&rpt=558&isd=0&msd=0&ext&xdi=0&ps=1585%2C3676&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-12-11-11-0-0-0&tvt=1546&is=300%2C250&iframe_loc=https%3A%2F%2Fsafehaven.com%2F&r=v&id=osdim&vs=4&uc=12&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200506
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E54D 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsst72H7FZ5hRKzREa1tFyKlK--8gI210p8R828dPGM1lpzcGXenN2Z4qoVjwqOQYh7vUDF-EkkVFM6dYt0sKHWnrD-QRu_xnDifWQGPIW4&sig=Cg0ArKJSzM1dwC8mlhixEAE&adk=3046793618&tt=-1&bs=1585%2C1200&mtos=1086,1086,1086,1086,1086&tos=1086,0,0,0,0&p=943,1068,1193,1368&mcvt=1086&rs=0&ht=0&tfs=466&tls=1508&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1588970907947&dlt&rpt=554&isd=0&msd=0&ext&xdi=0&ps=1585%2C3676&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-12-8-11-11-0-0-0&tvt=1503&is=300%2C250&iframe_loc=https%3A%2F%2Fsafehaven.com%2F&r=v&id=osdim&vs=4&uc=12&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200506
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:29 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 2619 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|G9C2NkZC7frDQSirzNt8MRPvuJlRI6aSli1gEtfhZ1co9sDCaATiL5HZCune57OIAnOxtVOqDmauFyjIXSP/K1XE6wBU121TpS94OfHaS3J5oG+vEPIAYMXyJPObaA/FUuvBwH9kPTD5z5A0ea1Ww/V+UrWefz+Q; ses2=; vis2=250874^1; ses15=; vis15=250874^1; khaos=K9YO92AY-K-B16; audit=1|hLZGFuTafB1J1pxJNi/97M1+1ZYfrZ/aRq/Pv+xykC5dO59IwQTX1z3f1lt30QrPwFCfoC+4IsX46ntQRotz/wIs4X5J+Y5r; pux=1512%3D90741%262231%3D90741%262249%3D90741%262307%3D90741%262974%3D90741%263778%3D90741%26goog%3D90741%26brx%3D90741%26
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding
gzip
Content-Length
9123
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=61563
Expires
Sat, 09 May 2020 13:54:33 GMT
Date
Fri, 08 May 2020 20:48:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame E0F0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.17 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-17.deploy.static.akamaitechnologies.com
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
"573e714d-3e3"
Server
nginx/1.9.13
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Sat, 08 May 2021 20:48:30 GMT
Date
Fri, 08 May 2020 20:48:30 GMT
Connection
keep-alive
pd
eu-u.openx.net/w/1.0/ Frame E98E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.185.0 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=9311150b-bf40-4a86-b3db-d341f92836e3|1588970906
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=9311150b-bf40-4a86-b3db-d341f92836e3|1588970906; Version=1; Expires=Sat, 08-May-2021 20:48:30 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1588970910|mOgikimWiygu; Version=1; Expires=Sat, 23-May-2020 20:48:30 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.185.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Fri, 08 May 2020 20:48:30 GMT
content-type
text/html
content-length
374
content-encoding
gzip
via
1.1 google
alt-svc
clear
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 9821
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Host
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Date
Fri, 08 May 2020 20:48:30 GMT
Connection
Keep-Alive
Cache-Control
max-age=86291
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges
bytes
ETag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx0000000000000186c08e3-005eb5c531-351f0f4-nyc3a
Strict-Transport-Security
max-age=15552000; includeSubDomains; preload
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1588970910.dop003.pa1.t,1588970910.cds001.pa1.shn,1588970910.dop003.pa1.t,1588970910.cds030.pa1.c

Redirect headers

status
302
content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
showad.js
ads.pubmatic.com/AdServer/js/ Frame 901D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.32 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-32.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
KTPCACOOKIE=YES; KCCH=YES; pi=159196:2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:27:52 GMT
ETag
"13006b6-a4bb-5a33da6f1a023"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
15243
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=83298
Expires
Sat, 09 May 2020 19:56:48 GMT
Date
Fri, 08 May 2020 20:48:30 GMT
Connection
keep-alive
Vary
Accept-Encoding
sync
ups.analytics.yahoo.com/ups/55965/
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6
  • https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6&apid=1A440caee8-916d-11ea-8758-12569b584e72
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6&apid=1A440caee8-916d-11ea-8758-12569b584e72
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:30 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Fri, 08 May 2020 20:48:30 GMT
location
https://ups.analytics.yahoo.com/ups/55965/sync?_origin=0&gdpr=1&uid=P-kikWm5ecEnuXKTb71tkTLuJMUnv3fBab4gc6p6&apid=1A440caee8-916d-11ea-8758-12569b584e72
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
current
aol-match.dotomi.com/match/bounce/ 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A440c6c4e-916d-11ea-a823-1245d65848a4&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:13::1400 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 08 May 2020 20:48:30 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
generic
match.adsrvr.org/track/cmf/ 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.238.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-238-200.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 20:48:30 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
200
cache-control
private,no-cache, must-revalidate
content-type
image/gif
content-length
70
sync
ups.analytics.yahoo.com/ups/56465/
Redirect Chain
  • https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=&apid=1A440caee8-916d-11ea-8758-12569b584e72
  • https://pr-bh.ybp.yahoo.com/sync/adtech/1A440caee8-916d-11ea-8758-12569b584e72?gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0
  • https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0&apid=1A440caee8-916d-11ea-8758-12569b584e72
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0&apid=1A440caee8-916d-11ea-8758-12569b584e72
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:48:30 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Fri, 08 May 2020 20:48:30 GMT
location
https://ups.analytics.yahoo.com/ups/56465/sync?uid=y-C62tpPl1lxld11jRuvvuONdrUQPPLWMy4dIh&_origin=0&nsync=0&apid=1A440caee8-916d-11ea-8758-12569b584e72
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
liveView.php
live.sekindo.com/live/ Frame 5E83 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1588970907&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1588970912553&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:31 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_006.ts
video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/ Frame 149B 		268 KB
269 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn15/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb5780cd5116229212092.mp4/w_640_006.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.83.41.102 Frankfurt am Main, Germany, ASN204548 (CLOUDWEBMANAGE-IL-FR, GB),
Reverse DNS
Software
Tengine /
Resource Hash
f62ef6278cacaeecabd85299d0639e0a86f13c4ee9c58a19887ab82a20d07f97

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 20:47:44 GMT
Last-Modified
Fri, 08 May 2020 15:35:16 GMT
Server
Tengine
ETag
"5eb57c34-431a8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 20:47:44 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
274856
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 5E83 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1588970907&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1588970917338&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:36 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
liveView.php
live.sekindo.com/live/ Frame 5E83 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1588970907&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb5c59abcdf9&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1588970917553&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.220.205.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 20:48:37 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.adap.tv
URL
https://sync.adap.tv/sync?type=gif&key=tubemogul&uid=XrXFnAAAALZFj1vC&_test=XrXFnAAAALZFj1vC

Verdicts & Comments Add Verdict or Comment

214 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| MGh1ra function| MGh1rb object| xop function| 2pkv9xhkcg0 boolean| vjk7ey1xlog object| 69h0d6c17uo number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent string| gGDPR_logoURL string| kAmazonPublisherID object| ad300x250ATF object| ad300x250BTF object| ad300x250BTF2 object| ad728x90ATF object| ad728x90BTF object| ad160x600BTF object| ad300x250ATFM object| ad300x250BTFM number| gBrowserWidth object| desktopAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount object| OX_dfp_ads number| minWidth boolean| disableBids object| googletag object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleTokenSync number| google_srt function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| __core-js_shared__ object| core undefined| __cmp number| districtmMethod number| districtmRatio number| districtmHeaderTimeOut number| districtmRetryTimeOut number| districtmMaxTimeToTry object| districtmSsp string| districtmCurrency number| districtmAlone number| districtmCurrencyRate object| districtmAllowedSizes number| districtmAppnexusMemberId number| districtmPubmaticPubId object| districtmEasyMap object| districtmExtSSP number| districtmTieBreaker number| districtmMemberId object| districtmCurrencyObject function| cygnus_index_parse_res number| districtmStart number| districtmStop boolean| dm1x1 boolean| dmNeverCall number| districtmExec object| districtmBids object| districtmHeader object| dmWidget object| districtmGA function| pbjsChunk object| pbjs object| _pbjsGlobals object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gOpenXBidsBack boolean| gPrebidBidsBack function| amp_getBidsForAllChannels function| amp_dumpTable function| amp_getBestBids function| amp_dumpBids function| amp_dumpWins function| customOxTargeting function| openXRefreshCallback function| sendAdserverRequest function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| sendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| injectReportAdStyles function| addLoadEvent function| insertAfter function| configureAdSlot function| getCookie object| apstag function| fbq function| _fbq function| $ function| jQuery object| _pcq object| cookieconsent number| inc_adnxs object| districtmManualMap object| viewPortSize object| debugIp object| debugId function| constructsekindoParent961 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| tx5KXa function| tx5KXb function| xblocker object| ho39Ea function| ho39Eb function| xblacklist function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO boolean| apstagLOADED function| menu_underline function| scrollWin function| dump function| addOption function| removeAllOptions function| externalLinks function| country function| hidelinks function| loginFocus function| featuredArticlesHeight function| bottomArticlesHeight object| jQuery112303382256624883482 function| cb function| raf object| om1720_20987 function| om1720_20987_poll number| $leftpos_margin boolean| _pc_loaded object| PC object| VWO object| _vwo_exp_ids object| _vwo_exp string| _vwo_server_url object| _vis_opt_queue function| bowser object| __pc object| _pushcrewDebuggingQueue object| _pc_u boolean| ecomEventsInit object| _pc object| convertflyQueue object| pctracker function| _pc_s function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded number| __google_ad_urls_id number| google_unique_id object| _omapp object| omypn7xhmhxnjlaszpxc0g object| omru7bsdyie8pylnzonrms boolean| sekindoFlowingPlayerOn object| WebFont function| MobileDetect number| height_diff number| margin_height object| ampInaboxIframes object| ampInaboxPendingMessages object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| GoogleGcLKhOms function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| google_jobrunner object| google_image_requests

15 Cookies

Domain/Path Name / Value
safehaven.com/ Name: _omappvs
Value: 1588970907092
safehaven.com/ Name: AWSALB
Value: TVYigVJscgd+Uv6ICsoCkDkLEPxDiJGGQUNUDAb1rQT/gV/boOhkjKUXmEn5Q27uSYoYbPW21RH2mJHhr0+8hCv9Exw4uL6N+RFvX9G2IGCR7OoSNDK9WQTeemBD
.safehaven.com/ Name: _gat_gtag_UA_2249023_27
Value: 1
.ads.pubmatic.com/ Name: KCCH
Value: YES
safehaven.com/ Name: csrf_safehaven_cookie
Value: 868a5dfca93468f30de9c35e640e6afa
.safehaven.com/ Name: _ga
Value: GA1.2.990459807.1588970907
safehaven.com/ Name: _wingify_pc_uuid
Value: 6e5c0e1ed99647d1a69eab6ae0aed909
.safehaven.com/ Name: _gid
Value: GA1.2.1024614512.1588970907
.pubmatic.com/ Name: pi
Value: 159196:2
safehaven.com/ Name: safehaven_ci
Value: 7d73d3f42427efbc1bb2dd825b15bbb4a8f1f27e
safehaven.com/ Name: AWSALBCORS
Value: TVYigVJscgd+Uv6ICsoCkDkLEPxDiJGGQUNUDAb1rQT/gV/boOhkjKUXmEn5Q27uSYoYbPW21RH2mJHhr0+8hCv9Exw4uL6N+RFvX9G2IGCR7OoSNDK9WQTeemBD
safehaven.com/ Name: _omappvp
Value: Zt00E03TtQLsRjk4X7vXZSOw7LSYmqvTwDgJ1N3RV8MUtpiICxu0lwr38qpJDS4oOQiRKczX9DsHn7LqxBwNty6fD1LSb1mk
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
safehaven.com/ Name: dmxRegion
Value: false
.safehaven.com/ Name: _fbp
Value: fb.1.1588970907051.2086047348

24 Console Messages

Source Level URL
Text
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-ATF div-gpt-ad-1553475674669-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF div-gpt-ad-1553475817787-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF2 div-gpt-ad-1553475909622-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-ATF div-gpt-ad-1553475988342-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-BTF div-gpt-ad-1553476044183-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 3)
Message:
CMP: Locale=en-us gdpr= false
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 3)
Message:
GDPR is not applicable, skipping initialization of CMP
console-api log (Line 3)
Message:
ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api log (Line 3)
Message:
Initial Ad Load
console-api log (Line 3)
Message:
sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api log (Line 3)
Message:
Amazon bids returned, count=5
console-api log (Line 3)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log (Line 3)
Message:
pbjs bids returned
console-api log (Line 3)
Message:
gPBJSTimeoutTimer cleared
console-api log (Line 3)
Message:
sendAdserverRequest(): pbjsBidsBack
console-api log (Line 3)
Message:
sendAdserverRequest()
console-api log (Line 3)
Message:
pbjs.getAdserverTargeting: >> Amazon >> Prebid
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
pbjs.getBidResponses:
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
gThisRefreshSlots=
console-api log (Line 3)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log (Line 3)
Message:
sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api log (Line 3)
Message:
console.groupEnd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.optmstr.com
acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
aol-match.dotomi.com
ap.lijit.com
api.omappapi.com
c.amazon-adsystem.com
cdn.districtm.ca
cdn.districtm.io
cdn.pushcrew.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
connect.facebook.net
csync.loopme.me
d1o9e4un86hhpc.cloudfront.net
d2p6ty67371ecn.cloudfront.net
d2t794khe5w43b.cloudfront.net
d32r1sh890xpii.cloudfront.net
dmx.districtm.io
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
ib.adnxs.com
live.sekindo.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
prg.smartadserver.com
qd.admetricspro.com
safehaven.com
safehaven.com.admin-us.cas.ms
secure.adnxs.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
stats.g.doubleclick.net
sync.adap.tv
sync.serverbid.com
tagan.adlightning.com
teachingaids-d.openx.net
tpc.googlesyndication.com
ups.analytics.yahoo.com
video.sekindo.com
web.hb.ad.cpe.dotomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
sync.adap.tv
104.111.230.142
104.16.190.66
138.201.34.178
167.172.1.14
172.217.22.34
178.128.135.80
18.156.0.31
185.220.205.220
185.33.221.14
185.33.221.50
185.64.189.112
185.86.138.32
2001:4de0:ac19::1:b:1a
205.185.216.42
216.58.206.2
216.58.207.66
23.111.11.100
2600:9000:2016:2c00:17:eca0:da80:21
2600:9000:2093:400:3:442:6dc0:21
2600:9000:20eb:2200:10:4f52:7800:21
2600:9000:21f3:c600:c:5250:79c0:21
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:10::6814:3677
2606:4700:3037::6812:2030
2606:4700::6810:85e5
2606:4700::6812:623c
2a00:1288:110:c305::8000
2a00:1450:4001:801::2001
2a00:1450:4001:801::2002
2a00:1450:4001:806::2003
2a00:1450:4001:809::200e
2a00:1450:4001:815::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:81f::200a
2a00:1450:4001:820::200a
2a00:1450:4001:824::2008
2a00:1450:4001:825::2002
2a00:1450:400c:c08::9d
2a02:fa8:8806:13::1400
2a02:fa8:8806:16::1460
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.95.120.147
35.156.87.52
35.157.221.204
35.157.88.129
45.83.41.102
51.137.136.14
52.16.238.200
52.222.190.30
52.222.191.80
52.43.18.65
52.59.138.183
54.230.183.4
69.173.144.140
72.247.225.17
72.247.225.32
72.251.249.13
91.228.74.147
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a
0a1a3c761f100b6f30ad2cca4d2f4856f98be3ab1246ed3a5a1a4508031a4fc7
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0e589fcdb97ae0574aca655138cf84772689d9fa100838c0897242f91ec6c820
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14d7880d4a59cc5fba63c47e3bdcd787e6f9307cd06b5769954aa579dc79f708
1684309711d4646b02f7c3a93016774586e95208d237f1df6acd64f249bf132d
173bf971478c26c62d39568f01aba75e836f04fe65b35d755803382abea7e5f5
176d97446b7321da289807aacf7d4132bb257bf706e1c567498864cbc739db54
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192
1bd53efe84b6a618969547454d130c81f7f3ad6eee5142470aa4d53af4ff709e
1dbf7dc88d7f733170645e0cfee3b17d79bd1a0a97d37989f635a59d907c41ff
1f2f2e7c9cad9a6af140c08213dda050da743a65ce533035a951662d3ef8f936
2063eab38430cf48ee45086a5ff03e350bac89da9ae38dbaec3fec04061d840f
267de44d3e0da48ea910544cc6ae698dc28c977de6cb7baf62a4913765f49a2b
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
29bb72af92ce3a332ed2315043b17307ae458d3e3b7e24db3bb47417d6e433f8
2a89f32f8e18c47e0826a37855b9502cf22d0dc85fc08ed27eec0d5fdf36a669
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
30350db5df308d3c1ee7e294d040ad4e762420c107f040d7c51c81585ae84866
357456e39066469ea5c8b3f1d9e1101882788a152d225ca673c1e40b490bb273
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
370f89f6ebcec94f6a529911989dc8cd601a3cf2795b36cc3b5ba92fae8af47d
38ded976a61b6329177951072ec699495579c9a7646a8d20722bf4805ced9541
38fd94d554b3ef0e19aa494dfb055cc4e5c03042f716f5d6e2ab370388953708
39ac46b13bedb7f0fdf649e1b604d551d1070130f08b8bfe74583bde4cc4ebbd
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
40fddc2a37b32e799d931b5bf87c338cc2eaf4be9591afb587e0ccb565f4fd65
41d71d3278aa4f99fc5a5dd1402d2f7c877b7551dbd326da4beab5b76769796a
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
45913703c74cb955da0951dfd673395a0cf5873b641ef990eae5cac4f7dbc016
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f6a0f2ed3d7266da65abffc40108aff7ec33d6d63a020893de90235e66dc78f
5054d73927dfe6c2687147ba43d6b03b7b760a4eff38ae462fead984985d0e83
52d2f9b18b7c867e732a42bc82a20077e54a9c5137d2429b48dc4fc34fd7f699
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
557f8814df4bdb8e8d237b0d9a1a08398a3451100584daab08a816c4b4ae1944
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
579d29f71b15657f86363fa09f655d4f41e3023e9601e46d81f56010eef88844
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5cad7da6bee78b977eec3dd580d316ee5355b1655e21ca55a332a9334a6acadd
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d4f3bc6a4c8cb9c10f7e194e025f3854e6d0ca0165459ec4e51188b3ae26565
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
603ba8158c1e41ade6b5e48b7fcfff47f84c9eaedbd2553dd21a9365f833da76
62e5d5f4a0db067e567962cfe7b9b938e4a0b6a7c5cc2c72f822caad1d5388f9
65a1850028118c64febbde9b109da293910bfff6ee261caf0087d3d3364359ba
6947356fb41c90185c5d1f5f31ed1ae71ef5d7ef19c0b067a0c2f12821e95c74
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174
6a532e1f3e3115b407254fa8b8200b5836adb7ca854739266c2fccdefb17e5ff
6d40fc6a27a558f6f09b142ba587591cfe9d4f86ab0fd015a0c39ae9fb90e8eb
6dea8865dbcf331b73dbdd5969a09f69bf6be3f0a4b76a6c14acece427b3a828
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78
7183edf0baaac5bf4ce452af3b2d6e65e1af6604e06d43d4230ce7f48b42b6cb
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
76c828df931848541d008f5df340db07e1fd29788cd50f9f86198c9c452fdc9f
77a835440ab44f567fde76ba41ac53f4e06644f7831c0949ddf5f591499f4204
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7aa10b979a50936cedde8f68220c29d8bc1eca0b1561d27e26f94541dba0b3be
7c79ada16090cc7e94af116173695bfd88da9efe580f89749e1160ba9d49c54c
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7e76c5ef91ac1e5a6d0c88df97853e3d118368f9dc9631e850d0a4ef549329f2
813628535187fe19c6e20047ec1987cb69c53a0fdc33b3bec28d2876a683a6d9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
846d684239586ff543f073984f7ee22dde4ac3b2b8752b640509a21951d1d762
8692cd4ddb5cfbb950e58696bb04c06d3f7bf5a8f927e385bdfb5d8e20fede62
89fd25f563fa25b96dda0131fb6c95d1f15b58bc1cfb8fc763d071e10570f0cb
8c17613217b11da7589afe53aa138606274ad5c49d5638d5275b5ab4bbd76dcb
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
90d58f0b6d3a6fdccdde3d8aa2e1f783b5fc67d5297f27eb6448ec6c57d16d5d
95db8a9b223e23289fdaca9a64bceddf52771d09ab7fabf6f72fa450c414810e
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9
968f52680af792b0d892af779cdfc6a197c35698450088340c6a471b2e056a7d
96a1afb1b91fa08558e5a5eb58c0497a7ae508c4d2134fda29fbb66df408168e
986debf5c22eca7cefec59da4050b967fe7c44b2009db6f01fc3eb3e5558f180
993c5b26ef904c967e0562c698fe42bb21a7d684aa0910dac487b879d9706fe1
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9be0dc1f35c9a8872429467091569d8319159f85a01a590e35807f3db73eca0f
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3
a02e6cb846a5e7a2d7f10a40c60be5d5f6bf9f432e994e688990712714cd4eb0
a032bc143a0d78657b8ef39bd54084bfe9d5857f89cede4e17029bf6b7b08c91
a24254e199e2c8591d597ad1f177d0ffc413f567545fa8cf20f7f6b478b1b06e
a2dc1fc5e97b68aa01a5832a3b0ed9dd66a286eeb395894e67dd0f615f948bb4
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a380d37acf958a861a402d8829456fb958fd6910a549fbf9cb57488f29cca63b
a3c88b68a858eb8b147f04ecdcdfb12f44aed2ae05fe2fda84d7965c1321d7a6
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a6eb5398463cc56995eea7219820967f95baf0ceee8afcf0d472db945a3e6161
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
a96de9b5cab3a965483ca1974e4c89f6e16b77ce6aa09ec9b58921a3da0778cd
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
abb4df9149b8dc0656136fa0830dc5ddc1b3dc0f64c0250130dd31a9fe07ff32
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
af95482b05b2313f231a27fdc6637a1fe2210f735c28481bd9791d862ddd56c4
b028c2df0b60ae6849af0ddee92ff49d080d5cf91041bae321397f5bb046d1e9
b18ff0742231c9fc415b855c76afa82448616195dd7afbe87b9328720dd0a5c5
b1d8a8db4af827ed25ab109aa6c8d21f4a42e58cb1c5dab1630f8cdbf6c15461
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
ba9907461566546802b4023e077d92c7ce6176055e6f97f4a035045a657bf502
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29
bfb15ec72874a9f2ba73cdc696d3f2f413f3e7a73c831101c7f4557fe193d3af
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3
c4b5c1f949f059e3abb05ddcb7cc9944f8c16811e0eb1db9003bc5f8a4eb0634
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8
c623c5cd6e514353d341428d2a65b40119e63f275d54b7bc4e7034afeab6c164
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d068c5068f374be6f4a58d718241b54478877bd3dc9d65932b478c3a05cd402c
d0aa5f5c7a7f8a464d1ef474c46c5d1895e5e9b384c4055d7e31696986b86160
d23d12ed9f4bf9901e68c3715a430ee79d3db494ec9d22e7b726cbcc65db5340
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
d9c80f88c3b68f5aa70d72e6cc3ee2b63c7304ae2d7d5a0699b2fde98d4e1100
da8dc55d23be3d467c6c82f0a4cb834208b813977312dcd51f86d7eea29ddc15
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e3576b4a4810dff301fa7fdcc43fd6cafc96a76a7ac33ba975b04a3190c748ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293
e7a08afc034e6a422f276d22ec29bdf9edcc8d6257134a73cf380f17d08f7eb4
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
ed96941facc11fd72062ef88f946e7f535134728b8298b1b1b09b7b6b417dd32
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458
f0f07cb48e8dc5170b9f37b76a723b3c6b8b95cbdd36a508b9fb7e12c89e2d9c
f62ef6278cacaeecabd85299d0639e0a86f13c4ee9c58a19887ab82a20d07f97
f980a25b4a323062de416f5a5c828298f4046b9c07966d235f61b2969afbfc75
f998b17b2883b5a80b29dd874037f582836becef55ff4ae83ce604fedab58d95
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c
fdc84429b7f2a1703c067639750740277969336f6831a99226ca2bf5abd8ac4a
fe8cf7dbb11da4054986faf6fb75c6112038d9ca1943656f822eeeb3d9f4b754
ffb0a6d25f27a6cba794b629b7eb934a54b4cf8986df1a388fc96e0ac477c495