urlscan.io logo urlscan.io
SecurityTrails logo

v2.safehaven.com Open in urlscan Pro
54.201.238.66  Public Scan

Go To Rescan Add Verdict Report
URL: https://v2.safehaven.com/
Submission: On November 05 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 64 IPs in 9 countries across 44 domains to perform 290 HTTP transactions. The main IP is 54.201.238.66, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is v2.safehaven.com.
TLS certificate: Issued by Amazon on December 3rd 2019. Valid for: a year.
This is the only time v2.safehaven.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 54.201.238.66 16509 (AMAZON-02)
7 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
13 13.226.132.110 16509 (AMAZON-02)
5 2606:4700:e0:... 13335 (CLOUDFLAR...)
1 55 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 2600:9000:218... 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:218... 16509 (AMAZON-02)
1 2600:9000:218... 16509 (AMAZON-02)
15 2600:9000:218... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 14 172.217.21.194 15169 (GOOGLE)
6 104.16.190.66 13335 (CLOUDFLAR...)
3 13.226.155.204 16509 (AMAZON-02)
1 5 151.101.14.137 54113 (FASTLY)
12 151.101.114.137 54113 (FASTLY)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 13 37.252.172.45 29990 (ASN-APPNEX)
1 23.111.11.100 33438 (HIGHWINDS2)
1 2a00:1450:400... 15169 (GOOGLE)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 13.226.132.76 16509 (AMAZON-02)
4 2a03:2880:f11... 32934 (FACEBOOK)
10 52.15.169.204 16509 (AMAZON-02)
10 15 2606:2800:233... 15133 (EDGECAST)
1 54.246.70.54 16509 (AMAZON-02)
1 134.209.131.220 14061 (DIGITALOC...)
5 185.64.189.112 62713 (AS-PUBMATIC)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
5 69.173.144.143 26667 (RUBICONPR...)
1 2 72.251.249.13 29791 (VOXEL-DOT...)
8 35.244.159.8 15169 (GOOGLE)
4 136.144.59.88 54825 (PACKET)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 18.196.202.129 16509 (AMAZON-02)
4 213.19.147.210 3356 (LEVEL3)
12 2a00:1450:400... 15169 (GOOGLE)
3 13.226.132.7 16509 (AMAZON-02)
5 216.58.212.130 15169 (GOOGLE)
6 2.18.233.180 16625 (AKAMAI-AS)
3 2.18.232.130 16625 (AKAMAI-AS)
2 6 3.126.63.176 16509 (AMAZON-02)
1 3 18.156.0.31 16509 (AMAZON-02)
2 3 52.31.46.99 16509 (AMAZON-02)
2 2 151.101.114.49 54113 (FASTLY)
1 2a00:1288:110... 34010 (YAHOO-IRD)
1 104.111.230.142 16625 (AKAMAI-AS)
1 1 134.209.129.254 14061 (DIGITALOC...)
1 205.185.216.42 20446 (HIGHWINDS3)
1 2620:1ec:bdf::10 8068 (MICROSOFT...)
2 2 23.40.113.27 20940 (AKAMAI-ASN1)
1 1 2620:116:800d... 16509 (AMAZON-02)
1 37.157.5.142 198622 (ADFORM)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
4 37.252.161.190 29990 (ASN-APPNEX)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.251.154.165 16509 (AMAZON-02)
290 64
1    54.201.238.66 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-201-238-66.us-west-2.compute.amazonaws.com
v2.safehaven.com
7    2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:820::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
13    13.226.132.110 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-132-110.dus51.r.cloudfront.net
tagan.adlightning.com
5    2606:4700:e0::ac40:621c (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
55    2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
googleads.g.doubleclick.net
adservice.google.de
pagead2.googlesyndication.com
adservice.google.com
cm.g.doubleclick.net
1    2606:4700::6812:623c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.ca
11    2600:9000:2182:e000:c:5250:79c0:21 (United States)

ASN16509 (AMAZON-02, US)
d2p6ty67371ecn.cloudfront.net
2    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2600:9000:2182:7200:10:4f52:7800:21 (United States)

ASN16509 (AMAZON-02, US)
d1o9e4un86hhpc.cloudfront.net
1    2600:9000:2182:de00:17:eca0:da80:21 (United States)

ASN16509 (AMAZON-02, US)
d32r1sh890xpii.cloudfront.net
15    2600:9000:2182:1400:3:442:6dc0:21 (United States)

ASN16509 (AMAZON-02, US)
d2t794khe5w43b.cloudfront.net
2    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
14    172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f2.1e100.net
www.googleadservices.com
securepubads.g.doubleclick.net
cm.g.doubleclick.net
6    104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.io
dmx.districtm.io
3    13.226.155.204 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-204.dus51.r.cloudfront.net
c.amazon-adsystem.com
5    151.101.14.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cd.connatix.com
img.connatix.com
12    151.101.114.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cds.connatix.com
vid.connatix.com
3    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700:10::6814:3677 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pushcrew.com
13    37.252.172.45 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
ib.adnxs.com
1    23.111.11.100 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
a.optmstr.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
3    2a00:1450:4001:820::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    13.226.132.76 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-132-76.dus51.r.cloudfront.net
api.omappapi.com
4    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
10    52.15.169.204 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-15-169-204.us-east-2.compute.amazonaws.com
capi.connatix.com
15    2606:2800:233:97b6:26be:138a:cba8:bb01 (United States)

ASN15133 (EDGECAST, US)
adserver-us.adtech.advertising.com
1    54.246.70.54 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-70-54.eu-west-1.compute.amazonaws.com
ads.servenobid.com
1    134.209.131.220 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
5    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
5    69.173.144.143 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
2    72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
8    35.244.159.8 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
4    136.144.59.88 (United States)

ASN54825 (PACKET, US)
prebid.a-mo.net
5    2a00:1450:4001:819::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
pagead2.googlesyndication.com
1    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com
1    2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    18.196.202.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-202-129.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
4    213.19.147.210 (United Kingdom)

ASN3356 (LEVEL3, US)
tag.1rx.io
12    2a00:1450:4001:824::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
3    13.226.132.7 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-132-7.dus51.r.cloudfront.net
math-aids-tagan.adlightning.com
5    216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net
partner.googleadservices.com
6    2.18.233.180 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
aktrack.pubmatic.com
3    2.18.232.130 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com
acdn.adnxs.com
6    3.126.63.176 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-63-176.eu-central-1.compute.amazonaws.com
pixel.advertising.com
3    18.156.0.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    52.31.46.99 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-46-99.eu-west-1.compute.amazonaws.com
match.adsrvr.org
2    151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)
pr-bh.ybp.yahoo.com
1    104.111.230.142 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-142.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    134.209.129.254 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.serverbid.com
1    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1    2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
public.servenobid.com
2    23.40.113.27 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-40-113-27.deploy.static.akamaitechnologies.com
ssum.casalemedia.com
1    2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
1    37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
1    2a02:fa8:8806:20::2040 (Sweden)

ASN41041 (VCLK-EU-, SE)
aol-match.dotomi.com
4    37.252.161.190 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: prebid.ams1.adnexus.net
prebid.adnxs.com
2    2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    2a00:1450:4001:81e::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    2a00:1450:400b:804::2003 (Dublin, Ireland)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
gcdn.2mdn.net
1    2a00:1450:4001:58::8 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
r2---sn-4g5e6nld.c.2mdn.net
1    34.251.154.165 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-154-165.eu-west-1.compute.amazonaws.com
s.update.rose.pubmatic.com
Apex Domain
Subdomains		 Transfer
38 googlesyndication.com
703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
734 KB
30 cloudfront.net
d2p6ty67371ecn.cloudfront.net
d1o9e4un86hhpc.cloudfront.net
d32r1sh890xpii.cloudfront.net
d2t794khe5w43b.cloudfront.net
2 MB
27 connatix.com
cd.connatix.com
cds.connatix.com
capi.connatix.com
vid.connatix.com
img.connatix.com
2 MB
24 doubleclick.net
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
108 KB
23 advertising.com
adserver-us.adtech.advertising.com
ads.adaptv.advertising.com
pixel.advertising.com
10 KB
20 adnxs.com
secure.adnxs.com
ib.adnxs.com
acdn.adnxs.com
prebid.adnxs.com
21 KB
16 adlightning.com
tagan.adlightning.com
math-aids-tagan.adlightning.com
306 KB
12 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
aktrack.pubmatic.com
s.update.rose.pubmatic.com
23 KB
12 googletagservices.com
www.googletagservices.com
321 KB
10 google.com
www.google.com
adservice.google.com
3 KB
9 google.de
www.google.de
adservice.google.de
3 KB
8 openx.net
teachingaids-d.openx.net
u.openx.net
eu-u.openx.net
2 KB
7 googletagmanager.com
www.googletagmanager.com
263 KB
6 rubiconproject.com
fastlane.rubiconproject.com
eus.rubiconproject.com
9 KB
6 districtm.io
cdn.districtm.io
dmx.districtm.io
328 B
6 googleadservices.com
www.googleadservices.com
partner.googleadservices.com
13 KB
5 admetricspro.com
qd.admetricspro.com
238 KB
4 yahoo.com
ups.analytics.yahoo.com
pr-bh.ybp.yahoo.com
3 KB
4 1rx.io
tag.1rx.io
1 KB
4 a-mo.net
prebid.a-mo.net
1 KB
4 facebook.com
www.facebook.com
613 B
3 2mdn.net
s0.2mdn.net
gcdn.2mdn.net
r2---sn-4g5e6nld.c.2mdn.net
11 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 facebook.net
connect.facebook.net
160 KB
3 amazon-adsystem.com
c.amazon-adsystem.com
33 KB
3 googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
109 KB
2 casalemedia.com
ssum.casalemedia.com
2 KB
2 everesttech.net
sync-tm.everesttech.net
649 B
2 gstatic.com
fonts.gstatic.com
csi.gstatic.com
11 KB
2 lijit.com
ap.lijit.com
1 KB
2 dotomi.com
web.hb.ad.cpe.dotomi.com
aol-match.dotomi.com
745 B
2 serverbid.com
e.serverbid.com
sync.serverbid.com
269 B
2 servenobid.com
ads.servenobid.com
public.servenobid.com
3 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
83 KB
2 google-analytics.com
www.google-analytics.com
19 KB
2 cloudflare.com
cdnjs.cloudflare.com
7 KB
1 adform.net
c1.adform.net
187 B
1 quantserve.com
pixel.quantserve.com
406 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 omappapi.com
api.omappapi.com
749 B
1 optmstr.com
a.optmstr.com
62 KB
1 pushcrew.com
cdn.pushcrew.com
69 KB
1 districtm.ca
cdn.districtm.ca
22 KB
1 safehaven.com
v2.safehaven.com
14 KB
290 44
Domain Requested by
25 pagead2.googlesyndication.com tagan.adlightning.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
15 adserver-us.adtech.advertising.com 10 redirects
15 d2t794khe5w43b.cloudfront.net v2.safehaven.com
13 tagan.adlightning.com v2.safehaven.com
tagan.adlightning.com
12 tpc.googlesyndication.com tagan.adlightning.com
12 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
v2.safehaven.com
12 www.googletagservices.com v2.safehaven.com
tagan.adlightning.com
securepubads.g.doubleclick.net
11 d2p6ty67371ecn.cloudfront.net v2.safehaven.com
d2p6ty67371ecn.cloudfront.net
10 capi.connatix.com cd.connatix.com
9 vid.connatix.com cd.connatix.com
9 googleads.g.doubleclick.net tagan.adlightning.com
8 ib.adnxs.com 2 redirects qd.admetricspro.com
cds.connatix.com
7 adservice.google.com tagan.adlightning.com
imasdk.googleapis.com
7 www.googletagmanager.com v2.safehaven.com
www.googletagmanager.com
6 pixel.advertising.com 2 redirects
6 adservice.google.de tagan.adlightning.com
5 partner.googleadservices.com tagan.adlightning.com
5 teachingaids-d.openx.net qd.admetricspro.com
cds.connatix.com
5 fastlane.rubiconproject.com qd.admetricspro.com
5 hbopenbid.pubmatic.com qd.admetricspro.com
cds.connatix.com
5 secure.adnxs.com cdn.districtm.ca
5 dmx.districtm.io cdn.districtm.ca
5 qd.admetricspro.com v2.safehaven.com
qd.admetricspro.com
4 prebid.adnxs.com cds.connatix.com
cd.connatix.com
4 tag.1rx.io cds.connatix.com
4 img.connatix.com
4 prebid.a-mo.net qd.admetricspro.com
4 www.facebook.com v2.safehaven.com
connect.facebook.net
3 aktrack.pubmatic.com
3 match.adsrvr.org 2 redirects
3 ups.analytics.yahoo.com 1 redirects
3 acdn.adnxs.com cds.connatix.com
qd.admetricspro.com
3 ads.pubmatic.com cds.connatix.com
qd.admetricspro.com
3 math-aids-tagan.adlightning.com tagan.adlightning.com
3 www.google.de v2.safehaven.com
3 www.google.com v2.safehaven.com
3 connect.facebook.net v2.safehaven.com
connect.facebook.net
3 cds.connatix.com v2.safehaven.com
tagan.adlightning.com
cd.connatix.com
3 c.amazon-adsystem.com qd.admetricspro.com
c.amazon-adsystem.com
3 d1o9e4un86hhpc.cloudfront.net v2.safehaven.com
2 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
2 ssum.casalemedia.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 cm.g.doubleclick.net 2 redirects
2 u.openx.net cds.connatix.com
2 ads.adaptv.advertising.com cds.connatix.com
2 ap.lijit.com 1 redirects qd.admetricspro.com
2 maxcdn.bootstrapcdn.com v2.safehaven.com
maxcdn.bootstrapcdn.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cdnjs.cloudflare.com v2.safehaven.com
1 s.update.rose.pubmatic.com
1 r2---sn-4g5e6nld.c.2mdn.net
1 gcdn.2mdn.net 1 redirects
1 csi.gstatic.com imasdk.googleapis.com
1 s0.2mdn.net imasdk.googleapis.com
1 aol-match.dotomi.com
1 c1.adform.net
1 pixel.quantserve.com 1 redirects
1 public.servenobid.com qd.admetricspro.com
1 eu-u.openx.net qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 eus.rubiconproject.com qd.admetricspro.com
1 pr-bh.ybp.yahoo.com
1 fonts.gstatic.com fonts.googleapis.com
1 703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com tagan.adlightning.com
1 web.hb.ad.cpe.dotomi.com qd.admetricspro.com
1 e.serverbid.com qd.admetricspro.com
1 ads.servenobid.com qd.admetricspro.com
1 api.omappapi.com a.optmstr.com
1 stats.g.doubleclick.net www.google-analytics.com
1 a.optmstr.com tagan.adlightning.com
1 cdn.pushcrew.com v2.safehaven.com
1 cd.connatix.com 1 redirects
1 cdn.districtm.io tagan.adlightning.com
1 www.googleadservices.com www.googletagmanager.com
1 d32r1sh890xpii.cloudfront.net v2.safehaven.com
1 cdn.districtm.ca v2.safehaven.com
1 fonts.googleapis.com v2.safehaven.com
1 v2.safehaven.com
290 80

This site contains links to these domains. Also see Links.

Domain
safehaven.com
twitter.com
www.facebook.com
plus.google.com
Subject Issuer Validity Valid
safehaven.com
Amazon		 2019-12-03 -
2021-01-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.adlightning.com
Amazon		 2020-07-22 -
2021-08-22		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-10 -
2021-08-10		 a year crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2020-05-26 -
2021-04-21		 a year crt.sh
districtm.io
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2020-08-04 -
2021-08-02		 a year crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2020-09-29 -
2021-10-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-09-11 -
2020-12-10		 3 months crt.sh
*.pushcrew.com
Go Daddy Secure Certificate Authority - G2		 2019-07-23 -
2021-07-31		 2 years crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
*.optmstr.com
Go Daddy Secure Certificate Authority - G2		 2020-01-10 -
2022-01-24		 2 years crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-09-22 -
2021-10-12		 a year crt.sh
www.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
api.opmnstr.com
Amazon		 2020-04-09 -
2021-05-09		 a year crt.sh
*.adtech.advertising.com
DigiCert SHA2 Secure Server CA		 2020-04-16 -
2022-04-21		 2 years crt.sh
*.servenobid.com
Amazon		 2020-03-12 -
2021-04-12		 a year crt.sh
e.serverbid.com
Let's Encrypt Authority X3		 2020-09-18 -
2020-12-17		 3 months crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2020-03-30 -
2022-06-25		 2 years crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2020-03-11 -
2021-05-10		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2020-06-18 -
2021-08-17		 a year crt.sh
*.a-mo.net
Let's Encrypt Authority X3		 2020-10-07 -
2021-01-05		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-07-29 -
2021-01-25		 6 months crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2019-06-28 -
2021-06-27		 2 years crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
*.googleadservices.com
GTS CA 1O1		 2020-10-06 -
2020-12-29		 3 months crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2020-01-02 -
2021-04-02		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-10-24 -
2021-04-20		 6 months crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2020-10-04 -
2021-03-31		 6 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2020-06-02 -
2020-11-29		 6 months crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert SHA2 Secure Server CA		 2020-03-11 -
2021-04-14		 a year crt.sh
public.servenobid.com
DigiCert SHA2 Secure Server CA		 2020-08-26 -
2021-08-25		 a year crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2019-03-07 -
2021-04-19		 2 years crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2019-09-16 -
2021-09-20		 2 years crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh
prebid.adnxs.com
GeoTrust TLS RSA CA G1		 2020-03-29 -
2022-03-29		 2 years crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
*.c.docs.google.com
GTS CA 1O1		 2020-10-27 -
2021-01-05		 2 months crt.sh
kazfv.com
Sectigo ECC Domain Validation Secure Server CA		 2020-05-26 -
2021-05-26		 a year crt.sh

This page contains 33 frames:

Primary Page: https://v2.safehaven.com/
Frame ID: 73D0D7BC0D6CBF02379DD76ABB36C77A
Requests: 138 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 10F6CACF4DA4851A4FDF72B1A5996788
Requests: 1 HTTP requests in this frame

Frame: https://cds.connatix.com/p/73675/connatix.player.dc.js
Frame ID: 6B63167574E219B142B0311315D07639
Requests: 48 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Frame ID: E225111A270DF97EB1F7430107FAA597
Requests: 16 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Frame ID: BC814B9BAFF330B22E11B95C31B86FB6
Requests: 16 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Frame ID: D5875E6A310EC78364F225FC43D7D597
Requests: 18 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Frame ID: C1069D92C8E6D08641EF3DD70784DB19
Requests: 15 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Frame ID: 46CE69D10ABAA8709C02B9D1E51653E7
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20201029/r20190131/zrt_lookup.html
Frame ID: E95D1A6114146FACFB93C9F58F6ADB76
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: A25AE9FE8902309A5E5751D344A055B9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046729&pi=t.ma~as.9357229395&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676004&bpp=25&bdt=296&idt=253&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=2&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1456686692&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=661&biw=1600&bih=1200&isw=300&ish=250&ifk=782391979&scr_x=0&scr_y=0&eid=21066434%2C21068084&oid=3&pvsid=1421921652230361&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.30e3gj6rx073&fsb=1&dtd=274
Frame ID: 99DCC16A72C323ACF6FEBE9B4655D58C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046728&pi=t.ma~as.8782514321&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676085&bpp=3&bdt=363&idt=211&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1789647421&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=943&biw=1600&bih=1200&isw=300&ish=250&ifk=1265944040&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21065725%2C21066706&oid=3&pvsid=3109027096368497&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.plfmh457v545&fsb=1&dtd=222
Frame ID: 9779D1EF7DD4CEFBB4EED509E141CC70
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046727&pi=t.ma~as.1547377351&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676180&bpp=4&bdt=450&idt=153&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1567413873&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=2298&biw=1600&bih=1200&isw=300&ish=250&ifk=634349655&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21067982&oid=3&pvsid=1571525250602557&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.r4uvzp4moecg&btvi=1&fsb=1&dtd=165
Frame ID: 9E13F1CF4D48384554069B78AE30F40D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046725&pi=t.ma~as.7090869147&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676223&bpp=5&bdt=476&idt=162&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1706429621&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2822&biw=1600&bih=1200&isw=728&ish=90&ifk=220162048&scr_x=0&scr_y=0&eid=42530671%2C44726948%2C21066434%2C21068083%2C21068433&oid=3&pvsid=3294908100356844&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.dhqlueax0xeu&btvi=1&fsb=1&dtd=174
Frame ID: 37F24B92D12B2258CBC1FAE2329B20E8
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046726&pi=t.ma~as.1978622193&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676233&bpp=4&bdt=493&idt=195&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=989575431&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=1191&biw=1600&bih=1200&isw=728&ish=90&ifk=3581310677&scr_x=0&scr_y=0&eid=21066434&oid=3&pvsid=2883677014295766&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.wh5x6gt2hu2g&fsb=1&dtd=205
Frame ID: B3B392626D99F43DDCD947EC63F40C3D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 9027CD4A353F11B388EEFF6976CEFCA4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 0E3337FBD019880EB1D85383AFFFF90E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: 8557BA8DD285A92CE1F4EBCD0536A430
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: F41E0991B20F1B0E93717F1C9948CE3F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Frame ID: A0A2CDEDB8374F67B46866834DCC25A0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 67C637EBC28F96155359C0DF913A829F
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: DF8BC10CBB26E189F4EC0FDB581CEA88
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8C49032F7EC29287CB1DD4B5FC8793E0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A27E05281B8096BF4E8D33AC4E659D0B
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 8ADBEFF141B3B0C29FB136E5BBCB6616
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 2987D9C4C67F7E6AFE31CEA6DC22865D
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 295EBDFC206F372EEE279822BA30F6A3
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 21BE536A22D4A9BAAED8763824A1CF30
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Frame ID: 9B2B96E57C248B4D6B07898D3099CA95
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 3CF95D7CD8B3D1AF0CC97315325081E0
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 65A934495E31E879ADE164D0BDC756C1
Requests: 1 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 87206A58AC65B6B14C2E1EF796465103
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.422.0_en.html
Frame ID: C43D58896EB72F76718B24BBCFBA146B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i

Page Statistics

290
Requests

100 %
HTTPS

49 %
IPv6

44
Domains

80
Subdomains

64
IPs

9
Countries

6652 kB
Transfer

16351 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://cd.connatix.com/connatix.player.js HTTP 302
  • https://cds.connatix.com/p/73675/connatix.player.dc.js
Request Chain 88
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1Ad0db4c18-1efc-11eb-b2a2-12ae2f50edf6;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789
Request Chain 89
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789
Request Chain 90
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1Ad0db73f0-1efc-11eb-a3a2-1245d65848a4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789
Request Chain 91
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789
Request Chain 92
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1Ad0db67ca-1efc-11eb-8bef-12e5e259ea22;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789
Request Chain 244
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4&verify=true
Request Chain 245
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://pixel.advertising.com/ups/55953/sync?uid=56951867-7bf3-4681-a12c-f1c3e4aba1bb&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=56951867-7bf3-4681-a12c-f1c3e4aba1bb
Request Chain 246
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr HTTP 302
  • https://pixel.advertising.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr HTTP 302
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4
Request Chain 253
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 258
  • https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dindex_rtb%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dindex_rtb%26uid%3D&C=1 HTTP 302
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=index_rtb&uid=X6NFgKyN0UXRksX7LLonzwAA%261113
Request Chain 259
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=fNYpN32Ff2Fk03xmLNFlNn7WK2dkgyswKoiMfayh
Request Chain 260
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dsovrn%26uid%3D%24UID HTTP 307
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=sovrn&uid=62bb7f514133ea5fe4239c1f
Request Chain 262
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_hm=MUFkMGRiNWIyYy0xZWZjLTExZWItYmQzYi0xMmRjZDUzMTE3MTQ%3D&gdpr=1&gdpr_consent=&_origin=0 HTTP 302
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESENBgVaVsueGDCOPsytdtF0I&gdpr=1&gdpr_consent=&_origin=0&google_cver=1
Request Chain 265
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dappnexus%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.a-mo.net%252Fsetuid%253FA%253D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%2526D%253D%2526bidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=appnexus&uid=8839184368294571091
Request Chain 287
  • https://gcdn.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/68CB3A9759B486572E67056B15A67BD44626A509.1DC24B320468645DFF851A803A871DDDBFDFEF2B/key/ck2/file/file.mp4?cpn=iSPZYv_EwJF6xGs4 HTTP 302
  • https://r2---sn-4g5e6nld.c.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/493B5D57C41B475CC5B32AAC88220834D2C6BCFD.1C7129580382D0CD20C2616C0BC2E7888BD937EE/key/cms1/cms_redirect/yes/mh/4D/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nld/ms/onc/mt/1604535560/mv/m/mvi/2/pl/40?cpn=iSPZYv_EwJF6xGs4&file=file.mp4

290 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
v2.safehaven.com/ 		91 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.201.238.66 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-201-238-66.us-west-2.compute.amazonaws.com
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
44e0a799c9edf60ebca029f16ee29ceb131207ab4216685ca58b0e0340fe55b0

Request headers

:method
GET
:authority
v2.safehaven.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Thu, 05 Nov 2020 00:21:13 GMT
content-type
text/html; charset=UTF-8
content-length
13294
set-cookie
AWSALB=QLw1tc34/5R5C0ekB/INtpn/VCxFkqShvbHLXDRbqifcZhjZHbDR7yX8QohDp3O/GF6rWwt419eMv63WHkMWlc8xOrIWCQRSLLFR/+QWWPN2k52UrgM1ZcryLQlH; Expires=Thu, 12 Nov 2020 00:21:13 GMT; Path=/ AWSALBCORS=QLw1tc34/5R5C0ekB/INtpn/VCxFkqShvbHLXDRbqifcZhjZHbDR7yX8QohDp3O/GF6rWwt419eMv63WHkMWlc8xOrIWCQRSLLFR/+QWWPN2k52UrgM1ZcryLQlH; Expires=Thu, 12 Nov 2020 00:21:13 GMT; Path=/; SameSite=None; Secure csrf_safehaven_cookie=bf1e865a4c16db009248c4dd7443393f; expires=Thu, 05-Nov-2020 02:21:13 GMT; Max-Age=7200; path=/ safehaven_ci=e1d24378518297bafa3ce42c961a65cfc5ecd8c2; path=/; HttpOnly
server
Apache/2.4.41 (Amazon) PHP/5.6.40
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding,User-Agent
content-encoding
gzip
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6be58733dd15ba676260a98e2475f60a68ea1f8d3d3b2dc83a3cce6df74d47ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38329
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:13 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-814550776
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
69c803bc20bf2279583323ae6ec0a2f79c474d8832f3762ef48fa17c4688a013
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38302
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:13 GMT
css
fonts.googleapis.com/ 		2 KB
675 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:21:13 GMT
server
ESF
date
Thu, 05 Nov 2020 00:21:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 05 Nov 2020 00:21:13 GMT
op.js
tagan.adlightning.com/math-aids/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/op.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de6e2d5387306353aa4ef2fa752edeb7006eccb64198d5549ff06f55a3c142e0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
P1kEiz5gcVqWEOeLlg9gQES6iU.8ByWs
content-encoding
gzip
etag
"3abf784b38d40e2b57a4e0cbe2264fa5"
age
1421
x-cache
Hit from cloudfront
status
200
content-length
13503
x-amz-meta-git_commit
9a4f7ce
last-modified
Wed, 04 Nov 2020 22:57:27 GMT
server
AmazonS3
date
Wed, 04 Nov 2020 23:59:57 GMT
content-type
application/javascript
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
R7S2nlP7GS3JF2khFguBPz_S2AzAnDhx-esaLLqVPKWlhx_mfAXRZw==
layout.js
qd.admetricspro.com/js/safehaven/ 		15 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/layout.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:621c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c7d8f61cf9961f7bdc5a08b815883937e2b6d1910cdc984a978d8a473de9989

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
status
200
cf-request-id
0637607a5e0000d6b1dc91d000000001
last-modified
Thu, 06 Aug 2020 02:24:20 GMT
server
cloudflare
etag
W/"3cdf-5ac2c2f9387dd-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gcCpUkW7xbJT7TCeTrQkMeXGI%2FWh7SVzJ8d8xYCu9CC06rHF56AnfpMsAz7EQZWLDn9l%2Fixi7BBATqs5kacnkQ8qtJ4RXHV7fLaEZD36wfXteC2YVQI%2BTRT4Nc0j2lXy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
5ed269d6fcb4d6b1-FRA
expires
Thu, 05 Nov 2020 00:31:13 GMT
gpt.js
www.googletagservices.com/tag/js/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9301bc72cd5e4eadd5e89aada2afd9e89eacea56660ae4191b179fa73458538e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"684 / 133 of 1000 / last-modified: 1604531427"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
18069
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:13 GMT
cmp.js
qd.admetricspro.com/js/safehaven/ 		305 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/cmp.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:621c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
status
200
cf-request-id
0637607a5e0000d6b109b5c000000001
last-modified
Tue, 06 Oct 2020 19:53:29 GMT
server
cloudflare
etag
W/"4c426-5b105f3f297c7-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ejx8%2FHRXIlvyRAWmxGmBdpQV9Wt26oGmMK%2FKTKTtdzIL7%2FBk50BMahUE6d35VYXjiBgKXRsgXJqYpBwECaKQGjYNtrR4rzbNyQfukbmyEwziKmTYK%2BAajwaBPxrnfemj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
5ed269d6fcb5d6b1-FRA
expires
Thu, 05 Nov 2020 00:31:13 GMT
merge.142016.js
cdn.districtm.ca/merge/ 		96 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.ca/merge/merge.142016.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:623c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
cf-cache-status
HIT
age
7052
cf-polished
origSize=98705
status
200
last-modified
Mon, 09 Sep 2019 19:18:19 GMT
x-amz-request-id
9445A9EB2D8C95D0
x-amz-id-2
qd4YUTJ7ej/awokk1hdGiEuKwY43QuD55Jy+MEAYZiJPsVg16PAZcyXugM9DGW0KcY/AgIlzRao=
cf-bgj
minify
server
cloudflare
etag
W/"af89e858721db33fe8776b832f2f75a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=43200
x-amz-version-id
W3M7ZtQBM6rvV9.80JF8eLB1ASMBDZAU
cf-request-id
0637607a5f00002bd2be009000000001
cf-ray
5ed269d6fdf62bd2-FRA
expires
Thu, 05 Nov 2020 12:21:13 GMT
prebid.js
qd.admetricspro.com/js/safehaven/ 		399 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/prebid.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:621c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25d6fd3b4dcdc05593cab2b4157e21194ada84e5b0de832011246e65d15fe8a9

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
status
200
cf-request-id
0637607a5f0000d6b1012ea000000001
last-modified
Fri, 02 Oct 2020 04:32:28 GMT
server
cloudflare
etag
W/"63c0e-5b0a89ec6a525-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iga32N1LTzL32riSDayaFi4ca7AYj18n7jXrF4NtqQXD7S9mZHRXYBtV2UFkZvAGWKnRAuOxGHqjp9D3NnoejqvIqLbQulsWMBwtK%2B9SM8IAtOF37T5Z9l7cmeuRAqyp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
5ed269d6fcb6d6b1-FRA
expires
Thu, 05 Nov 2020 00:31:13 GMT
engine.js
qd.admetricspro.com/js/safehaven/ 		28 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/engine.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:621c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
747a03fee397ff9cf8a76308966b2cc28f4dd00160af7610bc81ccfcb2836fab

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
status
200
cf-request-id
0637607a5f0000d6b1fb0cf000000001
last-modified
Fri, 09 Oct 2020 03:25:52 GMT
server
cloudflare
etag
W/"6e56-5b1348179d4a3-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QL3P4yNjRpwg2Pz%2FRWNfrZfhhVJW21%2Fksyb0L1VDORT6Cr%2FYnlWVQmwyEmjAhh6en9ML2c%2FfS2PYaLjQHZ%2F3hsoJwekMQ3rHkY6WuP6B3PfnZFd2iOCH%2Fntcv8mA6qHM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
5ed269d6fcb7d6b1-FRA
expires
Thu, 05 Nov 2020 00:31:13 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-820290545
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1fa3bf12114ba5eb644c6edde3068fa9737f2ce11625d22a5794239621568fb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38302
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:14 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-802310072
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4e6578e7d27122eadf8f0b772be1060a357ad885a75487247d661a4b00b42dd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38415
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:14 GMT
style.css
d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/ 		72 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 19 Oct 2020 09:52:57 GMT
content-encoding
gzip
age
1434496
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
10330
last-modified
Fri, 18 Sep 2020 16:15:17 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1600445717;gz"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
QuQJnEqk3214t2lyOJhuM4b8qLFf1jSNkdeRjytM3N1xRRVlApAAfg==
expires
Tue, 19 Oct 2021 09:52:57 GMT
jquery-1.12.3.min.js
d2p6ty67371ecn.cloudfront.net/a/js/third_party/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/js/third_party/jquery-1.12.3.min.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 07:03:57 GMT
content-encoding
gzip
last-modified
Sat, 31 Oct 2020 04:26:39 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
62236
etag
"17b9c-5b2efeb5bdd7b-gzip"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
33794
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
x-amz-cf-id
p29zwlafM5cgIQSqTc_fsLdPWVNKzPl6qIacIzSA1L2GwjXbiKqx_w==
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1216102
x-via
cfworker/kv
status
200
content-length
948
cf-request-id
0637607a5700002c3a6007f000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:09:17 GMT
server
cloudflare
etag
"5eb03e2d-f62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Z3XMorPWqb7RVP1zKg6Bl3jHn30oa7FogKP0%2B8R%2FR5rhRyvAcCLB7Thy%2FTwh3ya7p9Hcd6tSC2C1vMOwJEfBLVzWKa26erysfBLFY%2BDCwQORiQsFk7StUm38sB0WzrsuZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5ed269d6fc022c3a-FRA
expires
Tue, 26 Oct 2021 00:21:13 GMT
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Strict-Transport-Security max-age=15780000

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:13 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1216728
x-via
cfworker/kv
status
200
content-length
5676
cf-request-id
0637607a5700002c3a7a84b000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:09:17 GMT
server
cloudflare
etag
"5eb03e2d-4d5a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jhVBlXfiklAerhpHBjS8Ymk3Ra8bgQ26mRs0r6Pv2qtQJ2TozMhk11UGhhAO91QYGD4cvjWMdbWglQBtaZF0kT9se4%2B%2BDFpwT3QEj4hsPxUdWK5RZZgYW%2B9GNUgTIqxYDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5ed269d6fc062c3a-FRA
expires
Tue, 26 Oct 2021 00:21:13 GMT
logo-no-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-no-light.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 01 Nov 2020 09:53:54 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Sat, 31 Oct 2020 04:26:41 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
311240
etag
"470b-5b2efeb7e3a2c"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
18187
x-amz-cf-id
jfEKW-w4gauxuJqAutQrka-4d5BslnPnYlpOC-Hoemqs3y4OCw5zXA==
expires
Sun, 08 Nov 2020 09:53:54 GMT
logo-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-light.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 23:11:40 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 17:53:26 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
436174
etag
"3d01-5b2462416d6b1"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
15617
x-amz-cf-id
8CwrmXrFGb8UY01eYf89hjYIpRyJWcdDicCFYfT-h1iHaRl68zBUsw==
expires
Fri, 06 Nov 2020 23:11:40 GMT
chart_green.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		32 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_green.svg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 30 Aug 2020 19:50:38 GMT
content-encoding
gzip
age
5718636
x-cache
Hit from cloudfront
status
200
content-length
4218
last-modified
Fri, 15 May 2020 20:20:29 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"80e2-5a5b58b642126-gzip"
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
via
1.1 375e9ad5042f2098d2251daf2e517c52.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
1oH3_S4Rb5h5cAT5hYvxq2Z-OOV4-xPZXA2DkRdhPrJRiumpfcgNsw==
expires
Mon, 30 Aug 2021 19:50:38 GMT
chart_red_flip.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		15 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_red_flip.svg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 14 Aug 2020 15:09:19 GMT
content-encoding
gzip
age
7117915
x-cache
Hit from cloudfront
status
200
content-length
1798
last-modified
Fri, 15 May 2020 20:20:14 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"3ca0-5a5b58a7c4239-gzip"
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
via
1.1 375e9ad5042f2098d2251daf2e517c52.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
SSKMrzY5J67ZuPbiniugxoFh1Ne82lM6WvEq6GX9Vzntuf495Dc8QA==
expires
Sat, 14 Aug 2021 15:09:19 GMT
chart.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		27 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart.svg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:7200:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 27 Aug 2020 16:59:15 GMT
content-encoding
gzip
age
5988119
x-cache
Hit from cloudfront
status
200
content-length
4143
last-modified
Fri, 15 May 2020 20:20:29 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"6c58-5a5b58b639486-gzip"
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
via
1.1 375e9ad5042f2098d2251daf2e517c52.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
p7W4BTxfLq4xnTasydDqPRRo9-pkVGoxOFySvzeflGZ7kYpJB01BSg==
expires
Fri, 27 Aug 2021 16:59:15 GMT
blend_45_2.png
d32r1sh890xpii.cloudfront.net/header_graphs/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d32r1sh890xpii.cloudfront.net/header_graphs/blend_45_2.png?cb=1604535602
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:de00:17:eca0:da80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2cc9c6cc3ba80af028d892b651029d7f16dd8d4bf2bef8ded80ed125db62cb78

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 49e78dae34a1d21beb31b4002f7ce92e.cloudfront.net (CloudFront)
last-modified
Thu, 05 Nov 2020 00:21:04 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
"73ed555e555bd4c362b42b8d38f236db"
x-cache
Miss from cloudfront
x-amz-version-id
.jV4bHgkonBqZyQKRJEvpaxApPjYsoT5
status
200
accept-ranges
bytes
content-type
image/png
content-length
3784
x-amz-cf-id
j2JjwjxOHeJHRLv_5KvVNXr7il9gBtc0woTT2S3ugS6HG1evXEHqag==
8e2c2bd7319efb2d40e1da029669cda6.jpg
d2t794khe5w43b.cloudfront.net/article/718x300/ 		111 KB
112 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/718x300/8e2c2bd7319efb2d40e1da029669cda6.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4a72f159997dd06a19c1a235d95e586f67ffe27b72fb7fdeb1dda3a1cb63baeb

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:03:44 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Wed, 04 Nov 2020 23:48:43 GMT
server
AmazonS3
age
1051
etag
"2527468f7a38c9123af3c69f10767ab2"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
114095
x-amz-cf-id
5iI5sa6z5S5MzXwxaLWLeI4HROos2LxA81HhyVJ3-5gQK9irrtv2lg==
8c599714eabcca6b1a36cbcabd36d78c.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		124 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/8c599714eabcca6b1a36cbcabd36d78c.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
662a06474cb1ae08d1a968e1a4590629f413bd83b71287d2c46d1e7c4c825358

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 00:41:10 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Tue, 03 Nov 2020 23:56:16 GMT
server
AmazonS3
age
85205
etag
"44783f2760dd13d8e2b51cc2fcf9e4b3"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
126818
x-amz-cf-id
-nBywrtEnuCEPGT2wvizq5j_x7AUDYP-QcFedKxxhU8Vec_olFV06g==
edcb8060c753cbd0dac03c6cd253dd8d.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		167 KB
168 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/edcb8060c753cbd0dac03c6cd253dd8d.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
65ade6066145f6a51a3901d13ba45cc17ddfb390ffd0349fa86a42d3ad2da227

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 01:09:19 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Mon, 02 Nov 2020 23:58:28 GMT
server
AmazonS3
age
83516
etag
"3afbd552cf11ef7c58e7bdfba77e1c7f"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
171309
x-amz-cf-id
CF9OUWPKNcv1WWu8pdYmtlozAUS-GsbUe-GIwuxgvsrjIbGiqVn4xg==
b4ff3337d22a55a76d3c7e9094f0e4d3.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		119 KB
119 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/b4ff3337d22a55a76d3c7e9094f0e4d3.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6a0921b113349de34a92b9616263085e80596fa912da276d3bafdf678a14062c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:23:19 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Fri, 30 Oct 2020 22:56:36 GMT
server
AmazonS3
age
25076
etag
"1bf22546ad600b41f3f7305339ad921e"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
121586
x-amz-cf-id
Urvfix9DbaP4fLbaZKZtE2sKhb9lQp6Wy9f4zMo_zzagj8559tkmZw==
fdb1ef0c5c75f784fa6de1e1b08a2e77.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		160 KB
161 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/fdb1ef0c5c75f784fa6de1e1b08a2e77.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d400a00395c77028ac77590629d2d9777f9f8d1fabf23d4138fe0b6335887db

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 20:35:22 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Fri, 30 Oct 2020 00:26:14 GMT
server
AmazonS3
age
13553
etag
"d32df78762fbfdedd50f44070970d66b"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
164319
x-amz-cf-id
Yd2ZRwzqVJqmAQtIcOFbH9YzGl0aEQylaQazFp3mje_VUjeIGwUdhQ==
e0f716c63304495606d1ec4ea4d52eca.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/e0f716c63304495606d1ec4ea4d52eca.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f9a0f763a9b9ca828b68928f455794d55d1bf7268e5fb595ccc1cc72273b1be2

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:21:03 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Wed, 28 Oct 2020 23:51:38 GMT
server
AmazonS3
age
25212
etag
"37ffc0888ef2b0f5b6419e1fab63db48"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
97881
x-amz-cf-id
HZO69a49B5-c7Xx8IMebKi7elM9MTm5nvfSgaxxUAnisCtrwVWvrqw==
3f98507356e6a16cfffc0453e92a5f6a.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/3f98507356e6a16cfffc0453e92a5f6a.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4cd0555e8b8b91a8a4ca3091eb4507397cda5c571ada85d4fe51338ea6a568c4

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:23:26 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Wed, 28 Oct 2020 00:17:50 GMT
server
AmazonS3
age
25069
etag
"e7f23bace90a87a0a3575d58e6b95b05"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
63578
x-amz-cf-id
l5EgXETUtSTAQ-pmOhzf5TS5qSJ3Rzb1up1ZywyeiWUbIboGIUXK8w==
331e618ba8fe24eca325f5915bcc58b7.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		157 KB
158 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/331e618ba8fe24eca325f5915bcc58b7.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3c90c9f422cd851a555f14024b5409356fdf65fc3eeb2e119137cc5a5d95e2d

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 12:28:28 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Mon, 26 Oct 2020 23:45:50 GMT
server
AmazonS3
age
42767
etag
"df380481a869a4353d401858a677069b"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
160886
x-amz-cf-id
3Q7AfVvC7s3WUcPKOZ-Bi2-gQ7kihlzUwmehfOTiiwdbZZoQnH2roA==
264b141c43f60e29a51a8c94e62a9922.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		142 KB
143 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/264b141c43f60e29a51a8c94e62a9922.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5259060d010e85d09754ef06639c192c7eeb743600d048c222187b6d38546ad

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:40:37 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Mon, 26 Oct 2020 18:45:59 GMT
server
AmazonS3
age
24038
etag
"69699c3ffb94690c01def9a87b694f88"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
145875
x-amz-cf-id
jImhcoM3W9qtmw6yEopdaAa8_ZWOT1XP3oayg71D4c9oCilPBLjzPA==
e015af674b9406a5ce36ff649da5f194.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		198 KB
199 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/e015af674b9406a5ce36ff649da5f194.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e502ba6d5a342b3981c0b952d3552529d3169eb6deb8cd1d37db63daeabf35d9

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:40:37 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Mon, 26 Oct 2020 17:36:53 GMT
server
AmazonS3
age
24038
etag
"574db96699d7e57413fa623c0957ec04"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
202764
x-amz-cf-id
L4uiPoc1pvFK9UAmIlsPGpf66TVBs36h1UYicws8IqYS5wYsjYrURw==
aea33b8e3e1c353b5786ba84a66f98ac.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		208 KB
209 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/aea33b8e3e1c353b5786ba84a66f98ac.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b6dfd3b677f07f0e1f38cbca8116e77a7bfe78cddd11820dd5c28c50d1d02f13

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Fri, 23 Oct 2020 21:53:52 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
"256735a50bbc9501316fd4e4a52868b7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
accept-ranges
bytes
content-length
213008
x-amz-cf-id
whiMjimYp_FB910NPzS2neXv83Ho6EsiQxxatA5WnADI8pxSwV1WKw==
07d31e0cf61f8f2a8d5de8dca7bc47f8.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/07d31e0cf61f8f2a8d5de8dca7bc47f8.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:40:37 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 16:25:05 GMT
server
AmazonS3
age
24038
etag
"309925db1294d77fe170e0e602c308ea"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
70279
x-amz-cf-id
WAq-l64-1KvU3Hg1jqt-gqLS1TnLKJSGHfgvfacZcaoJHFJ3d8OjaQ==
0abeedeac7d612d973308881594e8541.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		107 KB
107 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/0abeedeac7d612d973308881594e8541.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
71941a01eb19e363a4315629dc23bbbb2284a2d3c494ae2270a060a0850ac1dd

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 04:00:26 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Wed, 21 Oct 2020 22:40:19 GMT
server
AmazonS3
age
73249
etag
"93d0bbcb0f2b49c9d80b2754a3f4231e"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
109177
x-amz-cf-id
nCaH3SlkBqZ9JMzWGM4Lk4VHOSHE_yezxY-bGWeHTxDxdZjODT9JQg==
f42a2d3552dc20776091e5552f257c84.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		160 KB
160 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/f42a2d3552dc20776091e5552f257c84.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
741162599ae94b69b055b9935eb7c5b3ed86ec49e19285fd37a70ac49574d36e

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 17:40:37 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Mon, 19 Oct 2020 23:01:39 GMT
server
AmazonS3
age
24038
etag
"da5ed986750e6b6e6e45774c7a28c7bc"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
163714
x-amz-cf-id
Oy-IjwPuqNxGMgKntuy9K6NWmlqf4ISMTugk7LcX7BnjhaJX4Gdj0A==
8e2c2bd7319efb2d40e1da029669cda6.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/8e2c2bd7319efb2d40e1da029669cda6.jpg
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:1400:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6e23002cb4e5c9ac3aa6a9c1b391fec2111ef7a86749bc89d46da80d65b671a8

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:01:26 GMT
via
1.1 bb45d9db269295920003af6514d7e7eb.cloudfront.net (CloudFront)
last-modified
Wed, 04 Nov 2020 23:48:44 GMT
server
AmazonS3
age
1189
etag
"96383bfacd752215e61ec5a64c6845d7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
85127
x-amz-cf-id
lGFEvz4AGhPGfBMrlMkOJbJ9xC91K4Ugcql1hoa2NmUB-LwUOO5iKQ==
envolope.png
d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/envolope.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 23:11:40 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 17:53:28 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
436174
etag
"543c-5b2462434036a"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
21564
x-amz-cf-id
zEma-A18Riq5LAGaT1KTEg27HNUuVwSS3kpG2UE_IN6OIE3WkZ-arQ==
expires
Fri, 06 Nov 2020 23:11:40 GMT
twitter.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/twitter.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 23:11:40 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 17:53:27 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
436174
etag
"3bd9-5b2462429f14c"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
15321
x-amz-cf-id
KfTHTOEfrasTsUqL2X4aKSALv_Pr7Tv0tPQGk-r5hRXJVGACDpLPTw==
expires
Fri, 06 Nov 2020 23:11:40 GMT
facebook.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/facebook.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 23:11:40 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 17:53:27 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
436174
etag
"3b58-5b246242c336c"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
15192
x-amz-cf-id
tJRfv1xoTEt3mpYMMQeQoiOJnnFia7f6zeMPWMBSlsmbB6FCzEqk0g==
expires
Fri, 06 Nov 2020 23:11:40 GMT
google-plus.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/google-plus.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 23:11:40 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 17:53:26 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
436174
etag
"3c67-5b2462412fe52"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
15463
x-amz-cf-id
YioVJqAXWZbiGXz5Kpoz1fw3G3GQY03-6hWvGnowWomxU-NCbV639Q==
expires
Fri, 06 Nov 2020 23:11:40 GMT
rss.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/rss.png
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 31 Oct 2020 15:11:46 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Sat, 31 Oct 2020 04:26:38 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
378568
etag
"3c51-5b2efeb521986"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
15441
x-amz-cf-id
C0hu39rToLzGo9ITJRspY602eUFcD41oSFK9EB29wYbK_gtIpxOuMA==
expires
Sat, 07 Nov 2020 15:11:46 GMT
script.js
d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/script.js?v=27
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Sep 2020 02:23:27 GMT
content-encoding
gzip
age
5349467
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
4389
last-modified
Thu, 20 Aug 2020 10:43:11 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1597920191;gz"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
HR7ipdFgYIqAcO8wNw21Ggd1mEb5njxSp9if6rsOYAhBztJGlwExKQ==
expires
Sat, 04 Sep 2021 02:23:27 GMT
analytics.js
www.google-analytics.com/ 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
1909
date
Wed, 04 Nov 2020 23:49:25 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Thu, 05 Nov 2020 01:49:25 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-814550776&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6727c372a14f47bd90f6d9ddb1c8bb5d83a2d9eb031ac36ad4cc244fdbd87cc6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38349
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:14 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-814550776
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11472
x-xss-protection
0
server
cafe
etag
8286593240961886057
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:14 GMT
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762918
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
zjMgYLRMD2z9Xbvq0WaPP78lQoyywAQL7by7cZNepxaNECOF3gFOYQ==
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5023
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
bZHoZwXtFFADu03Adi8G5U8zlhtLICzDfqrH3vCG7mMT6HhYIXIztQ==
pubads_impl_2020110201.js
securepubads.g.doubleclick.net/gpt/ 		274 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js?21068424
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
sffe /
Resource Hash
bff72ff19963fb873cb8248c567f746a096cf4bd4999f0ec160742f88d1df0b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Nov 2020 09:40:34 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98810
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:14 GMT
vendor-list.json
qd.admetricspro.com/js/cmp2/ 		286 KB
31 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/cmp2/vendor-list.json
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/cmp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:621c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
status
200
cf-request-id
0637607d140000074aee849000000001
last-modified
Tue, 06 Oct 2020 19:31:27 GMT
server
cloudflare
etag
W/"4773b-5b105a5302c6b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PgVSMMCKwFGaX5yAi26LY9MQw%2BCH82mPYXv9%2Bu%2BvZmEckXU5bGbqsKv2QBZmRZovKIggZ226hVSm84x1ro%2BYcywOXi8F4iPFuWE4%2BBU1TggvsaP%2BcK5SSpE8BokDq2Du"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
cf-ray
5ed269db5a5e074a-FRA
expires
Thu, 05 Nov 2020 00:31:14 GMT
index.html
cdn.districtm.io/ids/ Frame 10F6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:14 GMT
set-cookie
__cfduid=d33b4c6726842977d1fd9135bc9e639351604535674; expires=Sat, 05-Dec-20 00:21:14 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
cf-request-id
0637607d3e0000edf3512b8000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
5ed269db9f62edf3-CDG
apstag.js
c.amazon-adsystem.com/aax2/ 		114 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.155.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-204.dus51.r.cloudfront.net
Software
Server /
Resource Hash
c7714be5150899442faf570cab4e7846a794e81d6b420300148d1f5a9a405c7a

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 19:16:47 GMT
content-encoding
gzip
server
Server
age
18267
etag
14b87a812615d68493a97e70b7b323fb
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
_vbY554ob9PYudUKxGUVegT9vuom5SFEaVI_Ofdcscv7aX3tZFoUXw==
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
connatix.player.dc.js
cds.connatix.com/p/73675/ Frame 6B63
Redirect Chain
  • https://cd.connatix.com/connatix.player.js
  • https://cds.connatix.com/p/73675/connatix.player.dc.js
895 KB
221 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/73675/connatix.player.dc.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2cdfbe5051f60e31a8ed7a2aa9bc0876aa1cf4bd3c900f322c8bbc95ffb64ddf

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
age
26471
x-cache
HIT, HIT
status
200
content-length
225786
x-served-by
cache-dca17752-DCA, cache-hhn4034-HHN
access-control-allow-origin
*
last-modified
Wed, 04 Nov 2020 16:14:07 GMT
x-timer
S1604535674.390002,VS0,VE0
etag
"e98697adb86a7c65aa64a964077e948a"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 2148

Redirect headers

date
Thu, 05 Nov 2020 00:21:14 GMT
via
1.1 varnish
server
Varnish
age
0
x-served-by
cache-fra19139-FRA
status
302
x-cache
HIT
location
https://cds.connatix.com/p/73675/connatix.player.dc.js
cache-control
no-cache, no-store, must-revalidate, max-age=0
accept-ranges
bytes
x-timer
S1604535674.235933,VS0,VE0
content-length
0
retry-after
0
x-cache-hits
0
fbevents.js
connect.facebook.net/en_US/ 		88 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-trip-id
664085054
pragma
public
x-fb-debug
LWqXplLfQkui/JMcx5yvnrqawbl2fVKqI30uOFj2HFoMTTB/3zxEPofHmVCFyOc6rbqTp7nOcTzhlT+YWzPutg==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Thu, 05 Nov 2020 00:21:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
vary
Accept-Encoding
content-length
23070
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-820290545&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
77e06543a649eb09ec89ba780c4f4d6a2bd07764b17d0e3ed70b8d7127dc0089
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38350
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:14 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-802310072&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b4639f7e4b23e9a3a2dcc3a440dc59cdb6824b3939b3840a2fc85939989b62db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38349
x-xss-protection
0
last-modified
Thu, 05 Nov 2020 00:01:51 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 05 Nov 2020 00:21:14 GMT
ee70c0a7d2f14ec08939692fc7857b11.js
cdn.pushcrew.com/js/ 		239 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pushcrew.com/js/ee70c0a7d2f14ec08939692fc7857b11.js
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3677 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdbc0b0ea0dd9600acd165acfa2c0779257bf9bda9c6a1c87b8c533c8f29edfc

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
access-control-allow-origin
*
status
200
cf-request-id
0637607da900002b956303d000000001
last-modified
Mon, 01 Jun 2020 10:50:44 GMT
server
cloudflare
etag
W/"5ed4dd84-3ba18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 google
cache-control
max-age=43200
cf-ray
5ed269dc4d482b95-FRA
expires
Thu, 05 Nov 2020 00:51:14 GMT
search.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		770 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/search.png
Requested by
Host: d2p6ty67371ecn.cloudfront.net
URL: https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:e000:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d

Request headers

Referer
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 03 Nov 2020 05:46:59 GMT
via
1.1 e5dcf90f3787d486ad40e46070021460.cloudfront.net (CloudFront)
last-modified
Sat, 31 Oct 2020 04:26:37 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
153255
etag
"302-5b2efeb473c50"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
770
x-amz-cf-id
ga3WGsuvU5TjtkfdK0khkycAdmYkLXdbv6pAsGi2yPtujeWrTdfVmg==
expires
Tue, 10 Nov 2020 05:46:59 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
cf-ray
5ed269dca8b8edf3-CDG
access-control-allow-headers
Content-Type, Origin
cf-request-id
0637607de70000edf38b885000000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=opbI1oxA6RQF1VI48PZwc5kg0PLaNP~450~div-gpt-ad-1553475674669-0&psa=0&zone=450&id=15024977&member_id=1908&size=300x250&referrer=https://v2.safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.239:80
AN-X-Request-Uuid
0b9aef4b-bc40-4451-b2e6-11e0a0adf27c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
cf-ray
5ed269dca8baedf3-CDG
access-control-allow-headers
Content-Type, Origin
cf-request-id
0637607de70000edf32e962000000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=cZi9dze22NFAvhfdTDfaCyayTBSuMX~451~div-gpt-ad-1553475817787-0&psa=0&zone=451&id=15024978&member_id=1908&size=300x250&referrer=https://v2.safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.41:80
AN-X-Request-Uuid
6a14f632-e0fc-4644-94ea-8ac509161632
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
80 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
cf-ray
5ed269dca8bbedf3-CDG
access-control-allow-headers
Content-Type, Origin
cf-request-id
0637607de80000edf3250a8000000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=FRd7IHdMtUMASgP8TstgbXAubsLmAx~452~div-gpt-ad-1553475909622-0&psa=0&zone=452&id=15024979&member_id=1908&size=300x250&referrer=https://v2.safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.29:80
AN-X-Request-Uuid
2705aa98-edd3-47e8-9723-5155eef35abd
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
cf-ray
5ed269dca8bdedf3-CDG
access-control-allow-headers
Content-Type, Origin
cf-request-id
0637607de90000edf344bae000000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=T3V4NZT0C5KqCRqYpIOA4A5ed2mvhW~453~div-gpt-ad-1553475988342-0&psa=0&zone=453&id=15024980&member_id=1908&size=728x90&referrer=https://v2.safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.149:80
AN-X-Request-Uuid
3cee2c28-b3a5-4ba2-b132-794aa9eec055
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
cf-ray
5ed269dca8bfedf3-CDG
access-control-allow-headers
Content-Type, Origin
cf-request-id
0637607de90000edf32d302000000001
jpt
secure.adnxs.com/ 		0
661 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=0eoT3GdDp9N1DLcXwcY7hlLTNhYgmm~454~div-gpt-ad-1553476044183-0&psa=0&zone=454&id=15024981&member_id=1908&size=728x90&referrer=https://v2.safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.69:80
AN-X-Request-Uuid
8575e5dd-5668-49a6-93ca-f818c43aaa7d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/?random=1604535674413&cv=9&fst=1604535674413&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e64776e40c83f8b9359aa84c128557f20c58b7e8ca15f0f41d6a3da717582cab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1032
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=301053882&t=pageview&_s=1&dl=https%3A%2F%2Fv2.safehaven.com%2F&ul=en-us&de=UTF-8&dt=Safehaven.com%20%7C%20Preservation%20of%20Capital&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=264615686&gjid=359656215&cid=1507818685.1604535674&tid=UA-2249023-27&_gid=355534511.1604535674&_r=1&gtm=2ouas1&z=742463406
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
247445556002302
connect.facebook.net/signals/config/ 		234 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/247445556002302?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
95e83ac15ac07dd3a3a0aa0a7da1daf8dc20aefc5b9acee755b41dc59e0dca25
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-fb-trip-id
664085054
pragma
public
x-fb-debug
igu596Egs1tkp6Y++lB7kQp83o2dHyrfIduR5UQn6HIUZZ4he7cF2zS/IaI1g1J9zp6bmw98ufADnPtjmlDRlQ==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Thu, 05 Nov 2020 00:21:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
vary
Accept-Encoding
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
api.min.js
a.optmstr.com/app/js/ 		210 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.optmstr.com/app/js/api.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.100 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
1dc3d0ddeb900b0a56df76e80b0182ddf71c222d611ecfaf3ea133fa4b33b619

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
last-modified
Mon, 02 Nov 2020 17:33:06 GMT
server
NetDNA-cache/2.2
x-amz-request-id
FC323BC0C90CDBC9
etag
W/"318f3675f3fd1e7ef694fb5638515bf8"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
x77mY+0fMjPQ9IKIL0XviiNSjQZipBZWtVSKYMiUPFQ4pkOtCYDz59MNGA9ijm/rnnnIXe6Yvkg=
expires
Sun, 31 Oct 2021 00:21:14 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.155.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-204.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
x-amz-cf-pop
DUS51-C1
x-cache
Miss from cloudfront
status
200
access-control-allow-origin
*
last-modified
Wed, 30 Sep 2020 05:43:29 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 0c17d43ed0068cac968c920774378b84.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-id
0nyHLmj3khQUtt4clqG-GY1N-uxhnHr_Vgmy4OkRlfr6upGZs3FVOw==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/?random=1604535674605&cv=9&fst=1604535674605&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5fc7df17c5c1832032838befbc40a5706481461d3e6acd5e8f8572005c148347
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1032
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/?random=1604535674607&cv=9&fst=1604535674607&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&tc=s&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5756ea36358e3296da9102d4dca7eaab1e8686a5d6b66709701b951eca9f1a14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1032
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-2249023-27&cid=1507818685.1604535674&jid=264615686&gjid=359656215&_gid=355534511.1604535674&_u=IEBAAUAAAAAAAC~&z=922699864
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Thu, 05 Nov 2020 00:21:14 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
/
www.google.com/pagead/1p-user-list/814550776/ 		42 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/814550776/?random=1604535674413&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=27602176&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/814550776/ 		42 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/814550776/?random=1604535674413&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=27602176&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
connatix.player.css
cds.connatix.com/p/73675/ 		54 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/73675/connatix.player.css
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9c4740903ba9c8accf0a82a96c4553065510bc6b1a486715c2cfd79b8cfd3f6c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
age
26472
x-cache
HIT, HIT
status
200
content-length
8796
x-served-by
cache-dca17780-DCA, cache-hhn4034-HHN
access-control-allow-origin
*
last-modified
Wed, 04 Nov 2020 16:14:07 GMT
x-timer
S1604535675.718846,VS0,VE0
etag
"cd4d821b09e618e8a4f16a309d185bcc"
vary
Accept-Encoding
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
5, 2164
/
www.google.com/pagead/1p-user-list/820290545/ 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/820290545/?random=1604535674605&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=424197256&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/820290545/ 		42 B
519 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/820290545/?random=1604535674605&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=424197256&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/802310072/ 		42 B
519 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/802310072/?random=1604535674607&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=1286697050&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:820::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/802310072/ 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/802310072/?random=1604535674607&cv=9&fst=1604534400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oaas1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fv2.safehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=1286697050&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
20987
api.omappapi.com/v2/embed/ 		227 B
749 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.omappapi.com/v2/embed/20987?d=v2.safehaven.com
Requested by
Host: a.optmstr.com
URL: https://a.optmstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.76 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-76.dus51.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
5aa4142a40b5a1e0cdee8d5416c145c0e3d8b785254a566b5393069dcd2e0de8

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
via
1.1 cddd3e95f67291463f7a95d065c7fcff.cloudfront.net (CloudFront)
x-cache-config
0 0
x-amz-cf-pop
DUS51-C1
x-cache-status
MISS
x-cache
Miss from cloudfront
status
200
content-length
227
x-optinmonster-account
1720
x-user-agent
standard--
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
Pagely Gateway/1.5.1
etag
"b91e5dc54e033e761837b7b846da520f"
vary
Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Account, X-User-Agent
access-control-allow-headers
X-CSRF-Token
x-amz-cf-id
QAzRSgaFKCUehbRYdHec6U7Zqs4wP_HuyOAUaHvZFxE8MdeGVWqh7Q==
651529765710614
connect.facebook.net/signals/config/ 		234 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/651529765710614?v=2.9.27&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7de4b7496b67ac3304e91d2b8c55d44c11aca208c78e121ce11f2c830ad67c77
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
status
200
x-xss-protection
0
pragma
public
x-fb-debug
SufEAVaM5dDbwrRVIhla0RmokACGcYq6mZmMPynJCxXGWb9zdNky0f3sCmC4Lzk14UkUPl02M4exon+9WbqSNw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Thu, 05 Nov 2020 00:21:14 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=247445556002302&ev=PageView&dl=https%3A%2F%2Fv2.safehaven.com%2F&rl=&if=false&ts=1604535674759&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1604535674758.655864802&it=1604535674463&coo=false&rqm=GET
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Thu, 05 Nov 2020 00:21:14 GMT
e
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/e
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:15 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
ADTECH;apid=1Ad0db4c18-1efc-11eb-b2a2-12ae2f50edf6;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1Ad0db4c18-1efc-11eb-b2a2-12ae2f50edf6;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=16...
1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1Ad0db4c18-1efc-11eb-b2a2-12ae2f50edf6;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
fcf0dc706fe16b5bbd80b304df323854d02e85ce8dfdc63ecf414d9521e95f5a

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
1469
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1Ad0db4c18-1efc-11eb-b2a2-12ae2f50edf6;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=674bcb984fca322;misc=1604535674789
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=16...
1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
5b0fda5b2c7393ca8b81f628fae6715aab69ed4e2491398cf32703b31cddc76e

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
1468
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=68359ebffd46e5b;misc=1604535674789
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1Ad0db73f0-1efc-11eb-a3a2-1245d65848a4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1Ad0db73f0-1efc-11eb-a3a2-1245d65848a4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=16...
1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1Ad0db73f0-1efc-11eb-a3a2-1245d65848a4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
45b99c6daf9c826ca767fc48c14bcd7c71876c812e2674a32f32d23b3168b248

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
x-adtech-meta
{"Debug": {"IP": "0.0.0.0", "Selector": "pri-select026c.us-east-1.prod.adtech.aolcloud.net", "UserId": "31284F278424DEAE5C990899F9B39227"}}
content-length
1469
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1Ad0db73f0-1efc-11eb-a3a2-1245d65848a4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=69829c01f99232d;misc=1604535674789
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=16...
1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
2dd79556627a19bbbfdd5eedb169b5a3e81a9d784a833643af7e1650e554c3b3

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
1469
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=7003546768ad059;misc=1604535674789
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1Ad0db67ca-1efc-11eb-8bef-12e5e259ea22;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1Ad0db67ca-1efc-11eb-8bef-12e5e259ea22;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=16...
48 B
81 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1Ad0db67ca-1efc-11eb-8bef-12e5e259ea22;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
2167f9a9a6375a6735b8b0b141986e849f6fe87c24b70b16d2e667e00622c8c9

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
48
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1Ad0db67ca-1efc-11eb-8bef-12e5e259ea22;cfp=1;rndc=1604535674;v=2;cmd=bid;cors=yes;alias=71a2306c47f0946;misc=1604535674789
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
712 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.133:80
AN-X-Request-Uuid
483eb22a-5bc9-4eba-9e98-726427c73e54
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adreq
ads.servenobid.com/ 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/adreq?cb=5488
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.246.70.54 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-246-70-54.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
49ccd528d2b8d2fea0997860fd8a85e85cad9a0fd3f6fac98cba80ff1ce3bcbf

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
status
200
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials
true
v2
e.serverbid.com/api/ 		16 B
170 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
134.209.131.220 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Thu, 05 Nov 2020 00:21:14 GMT
access-control-allow-credentials
true
access-control-allow-origin
https://v2.safehaven.com
content-length
16
vary
Origin
content-type
application/json
translator
hbopenbid.pubmatic.com/ 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://v2.safehaven.com
25
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ 		456 B
641 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
921b75b6a783e76b80b8238dac5f8230e260a7004211ec54aa25d0e82b1c2fa1

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
456
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=15&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fv2.safehaven.com%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=7c86ea76-1153-4070-bd35-80da7c0daa44&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.016981941570268777
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
25f49dcda7feadc2ed8366036e9a74fe3bc4397d44aede53433c96de337aaf6a

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=15&p_pos=btf&gdpr=0&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fv2.safehaven.com%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=a1276a3f-e8f7-44e8-be1c-53bf25a00d58&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6469415270122898
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
accfe32fdaeb89d28283b764b8df224f4cac9d14adedc5b854965f490329edc1

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244366&size_id=15&p_pos=btf&gdpr=0&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fv2.safehaven.com%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=0d682a77-a52b-4060-bd4a-2f36592c78d4&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3891533326146064
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
748b39065cb376aa50a0a8611d32232e6f49cd0cabba8b16bbeb645ead5fc532

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=2&p_pos=atf&gdpr=0&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fv2.safehaven.com%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=8cea86f1-7ed0-4358-a779-9ff046f6aa61&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.23422157669832333
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
a16d1c07142eec5e35f1a48c8fbf1cdc87398ee6d4acf8a72b297bde595757fe

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=2&p_pos=btf&gdpr=0&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fv2.safehaven.com%2F&tk_flint=pbjs_lite_v4.10.0&x_source.tid=62070120-3db4-4d3a-a1e0-66aa9f6a4560&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.22371010537472458
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.143 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
b6b7de78f3aab03365190707be632d0f50c6abfb08586d7a20bc4ee51cb0dd92

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Keep-Alive
timeout=5
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
bid
ap.lijit.com/rtb/ 		24 B
757 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.10.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
08f3a868a0864df19b76cff5a48870a3548c38e7d791842bbb188a0ead0c6738

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 05 Nov 2020 00:21:14 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
prebid
ib.adnxs.com/ut/v3/ 		19 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:14 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.49:80
AN-X-Request-Uuid
25e04744-e3d6-4048-a123-7f80ce619c8b
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		172 B
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fv2.safehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7c86ea76-1153-4070-bd35-80da7c0daa44%2Ca1276a3f-e8f7-44e8-be1c-53bf25a00d58%2C0d682a77-a52b-4060-bd4a-2f36592c78d4%2C8cea86f1-7ed0-4358-a779-9ff046f6aa61%2C62070120-3db4-4d3a-a1e0-66aa9f6a4560&nocache=1604535674808&gdpr=0&x_gdpr_f=1&pubcid=32e40330-5c3c-4712-bc69-66957fa9d2c7&schain=1.0%2C1!admetricspro.com%2C102%2C1%2C%2C%2C&aus=300x250%7C300x250%7C300x250%7C728x90%7C728x90&divIds=div-gpt-ad-1553475674669-0%2Cdiv-gpt-ad-1553475817787-0%2Cdiv-gpt-ad-1553475909622-0%2Cdiv-gpt-ad-1553475988342-0%2Cdiv-gpt-ad-1553476044183-0&auid=540800705%2C540800706%2C540800707%2C540800708%2C540800709
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash
ba46754446aab272f3abd13f796325ed945b5438d7d8272e097b93b8970d9304

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
server
OXGW/16.197.0
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://v2.safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
163
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
c
prebid.a-mo.net/a/ 		696 B
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.144.59.88 , United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
827ed037882fdaabc56262ba11f36580c3f4c0fdf339948ffd3dfeca88cb7a75

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
content-encoding
gzip
server
envoy
status
200
vary
origin, accept-encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://v2.safehaven.com
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
44
content-length
347
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
371 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fv2.safehaven.com%2F&pid=WwHGwAeoOn6qE&cb=0&ws=1600x1200&v=7.57.00&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF2%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-ATF%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-BTF%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.155.204 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-204.dus51.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
via
1.1 e542677c3bd2d6c30a5ed3dab78f8476.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
DUS51-C1
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
z4qoGiNT5LhO7vG-FpA54BafdAlcTfqT_umk5bF_R6g_NQfq-sWkpg==
pls
capi.connatix.com/core/ Frame 6B63 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/pls?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
a9144e695a5278db0dfec9bf6f8e6be991e413b973ebe7cad7feea78cc386243

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:15 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1881
/
www.facebook.com/tr/ 		44 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=651529765710614&ev=PageView&dl=https%3A%2F%2Fv2.safehaven.com%2F&rl=&if=false&ts=1604535674849&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1604535674758.655864802&it=1604535674463&coo=false&rqm=GET
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:14 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Thu, 05 Nov 2020 00:21:14 GMT
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Origin
https://v2.safehaven.com
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
status
200
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
77171
integrator.js
adservice.google.de/adsid/ 		109 B
832 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		109 B
832 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		21 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=274568951646654&correlator=1870919843044040&output=ldjh&impl=fifs&eid=21068424%2C21068440%2C21064368%2C21068030%2C44730557&vrg=2020110201&gdpr=0&tfua=0&tfcd=0&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20201105&iu_parts=192633929%2Csafehaven-300x250-ATF%2Csafehaven-300x250-BTF%2Csafehaven-300x250-BTF2%2Csafehaven-728x90-ATF%2Csafehaven-728x90-BTF&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=300x250%2C300x250%2C300x250%2C728x90%2C728x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_adid_nobid%3D733b66afce64c5a%26hb_bidder_nobid%3Dnobid%26dyn_bids%3D0.01%26hb_adid%3D733b66afce64c5a%26hb_bidder%3Dnobid%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%26hb_adid_nobid%3D74883c1aac96d33%26hb_bidder_nobid%3Dnobid%26dyn_bids%3D0.01%26hb_adid%3D74883c1aac96d33%26hb_bidder%3Dnobid&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1604535675&dt=1604535675243&dlt=1604535673406&idt=679&frm=20&biw=1600&bih=1200&oid=3&adxs=1075%2C1075%2C248%2C248%2C436&adys=661%2C943%2C2298%2C1191%2C2811&adks=814543115%2C3046793618%2C190242331%2C1732354106%2C2965735416&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fv2.safehaven.com%2F&dssz=63&icsg=10737427112&mso=32&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x532%7C320x532%7C395x250%7C824x90%7C1600x90&msz=320x250%7C320x250%7C395x250%7C824x90%7C1600x90&ga_vid=1507818685.1604535674&ga_sid=1604535675&ga_hid=301053882&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js?21068424
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
d287699582a487b09bbb89d2dbdb5349a7a1dc871b55b70c9f98551158b4f9b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5788
x-xss-protection
0
google-lineitem-id
5012158941,5012537195,5012542490,5012545628,5012261260
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138265267020,138265545376,138265545085,138265545127,138265239347
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
sr
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:15 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://v2.safehaven.com
Referer
https://fonts.googleapis.com/css?family=Roboto:500&display=swap
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 30 Oct 2020 11:20:34 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:48 GMT
server
sffe
age
478841
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11056
x-xss-protection
0
expires
Sat, 30 Oct 2021 11:20:34 GMT
2_media.bin
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		259 B
494 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/2_media.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c4203636462bb1fb653e6291e7ddc1bcd65d40334e5a6a6f92c90d01f1edc51d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
age
4750640
x-cache
HIT, HIT
status
200
content-length
231
x-served-by
cache-bwi5124-BWI, cache-hhn4045-HHN
last-modified
Thu, 10 Sep 2020 23:14:06 GMT
x-timer
S1604535675.430431,VS0,VE0
etag
"119cb2c65d8ecc94a8e5fc6fe1ff091d"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 1
1.png
img.connatix.com/5a5b3df9-07b0-444f-8112-3195d5a89d94/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/5a5b3df9-07b0-444f-8112-3195d5a89d94/1.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
98170098ad5b9e0e27bc80b4fab39889cb6437246979ee85680f64bb77d03a08

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 varnish, 1.1 varnish
age
1179533
x-cache
MISS, HIT
fastly-io-info
ifsz=8114 idim=288x42 ifmt=png ofsz=4328 odim=288x42 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
4351
x-served-by
cache-dca17779-DCA, cache-fra19139-FRA
x-timer
S1604535675.403222,VS0,VE1
etag
"E00cBQTrMvE7BFKf7WtTa6oGFTVX3QMTXtfExBtu+i8"
vary
Accept
x-amz-request-id
0HEX0H4K9Y4M3WDG
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
0, 1
/
www.facebook.com/tr/ 		0
106 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryAMyCXvu5nMGdUj60

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Thu, 05 Nov 2020 00:21:15 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
/
www.facebook.com/tr/ 		0
30 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryL2KPiZa3Md3DFmIj

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Thu, 05 Nov 2020 00:21:15 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
ao
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:15 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
ps
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:15 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
1_th.jpg
img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
01b4d147ed1c55ed96d5da9817d50af6675ade23ec67eca15091ba902d1b8f6c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 varnish, 1.1 varnish
age
4756027
x-cache
HIT, HIT
fastly-io-info
ifsz=116072 idim=2560x1440 ifmt=jpeg ofsz=9062 odim=400x225 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
9085
x-served-by
cache-dca17729-DCA, cache-fra19139-FRA
x-timer
S1604535675.471212,VS0,VE1
etag
"TxKeKAktSld7S6F/dedRKUnNIE8YzBDMyeQDbBvSEyk"
vary
Accept
x-amz-request-id
6D21604C17CF70D4
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
2, 1
1_th.jpg
img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/1_th.jpg?crop=396:223,smart&width=396&height=223&format=jpeg&quality=60&fit=crop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1f48fc28745589b66873b4bb9386e6f9534bf86213594e294a9518d6c3557f4d

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 varnish, 1.1 varnish
age
3034644
x-cache
HIT, HIT
fastly-io-info
ifsz=116072 idim=2560x1440 ifmt=jpeg ofsz=8830 odim=396x223 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
8853
x-served-by
cache-dca17776-DCA, cache-fra19139-FRA
x-timer
S1604535675.471297,VS0,VE1
etag
"TsnGsqfJkjEji1JgeWJpJbxoN5l/CGjI0ucjxc1lx6Y"
vary
Accept
x-amz-request-id
B24198299A1AE75C
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
1, 1
prebid3.25.0-1.js
cds.connatix.com/p/plugins/ Frame 6B63 		286 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b3e65f5bc65f920ed835a1329e8e585275e7c0e93de8a5c5642eab6300a11cef

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
age
4459031
x-cache
HIT, HIT
status
200
content-length
90468
x-served-by
cache-dca17730-DCA, cache-hhn4034-HHN
access-control-allow-origin
*
last-modified
Mon, 14 Sep 2020 09:43:49 GMT
x-timer
S1604535675.474851,VS0,VE0
etag
"9c38c88a790efaae20de0f5391a27029"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
2, 2281
playlist.m3u8
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		309 B
304 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/playlist.m3u8
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
age
4742976
x-cache
HIT, HIT
status
200
content-length
164
x-served-by
cache-bwi5123-BWI, cache-hhn4045-HHN
last-modified
Thu, 10 Sep 2020 23:14:06 GMT
x-timer
S1604535675.484382,VS0,VE0
etag
"8a966507b13615ecdc1330a4bc9dcfe1"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 1
0.m3u8
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		603 B
416 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.m3u8
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d0dbaafdbbf1d3f9334bffc7cf32213e7eeac013648dbbf947144d32b22993c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
age
4742977
x-cache
HIT, HIT
status
200
content-length
269
x-served-by
cache-bwi5127-BWI, cache-hhn4045-HHN
last-modified
Thu, 10 Sep 2020 23:14:05 GMT
x-timer
S1604535676.513598,VS0,VE0
etag
"b8df64d4a938b783215cea913a0a5d46"
vary
Accept-Encoding
content-type
application/x-mpegURL
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
x-cache-hits
1, 1
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6B63 		92 B
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fv2.safehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=14243e64-7818-4954-9b7d-220348b6842a&nocache=1604535675522&schain=1.0%2C1!admetricspro.com%2C1%2C1%2C%2C%2C&auid=540849651&vwd=400&vht=225
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 google
server
OXGW/16.197.0
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://v2.safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 6B63 		0
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.202.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-202-129.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
translator
hbopenbid.pubmatic.com/ Frame 6B63 		0
60 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:14 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://v2.safehaven.com
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6B63 		92 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fv2.safehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=584796a3-02e0-404c-a9f8-7828619a1b6e&nocache=1604535675527&schain=1.0%2C1!admetricspro.com%2C1%2C1%2C%2C%2C&auid=540849652&vwd=400&vht=225
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
via
1.1 google
server
OXGW/16.197.0
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://v2.safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 6B63 		19 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:15 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.88:80
AN-X-Request-Uuid
0a8c630c-78fc-4cf5-bf7b-535efdf57db6
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 6B63 		19 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:15 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.72:80
AN-X-Request-Uuid
e07cd2c6-363a-4dd1-b3bc-a13fe1c68bbe
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/83738/0/ Frame 6B63 		0
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/83738/0/mvo?z=1r&hbv=3.25,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://v2.safehaven.com
Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:15 GMT
Cache-Control
private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Server
Tengine
Connection
keep-alive
translator
hbopenbid.pubmatic.com/ Frame 6B63 		0
60 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://v2.safehaven.com
mvo
tag.1rx.io/rmp/83770/0/ Frame 6B63 		0
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/83770/0/mvo?z=1r&hbv=3.25,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://v2.safehaven.com
Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:15 GMT
Cache-Control
private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Server
Tengine
Connection
keep-alive
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Protocol
H2
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
range
Origin
https://v2.safehaven.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
retry-after
0
access-control-allow-origin
*
access-control-allow-methods
*
access-control-allow-headers
range
accept-ranges
bytes
date
Thu, 05 Nov 2020 00:21:15 GMT
x-served-by
cache-hhn4045-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1604535676.556631,VS0,VE0
cache-control
max-age=31557600
content-length
0
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
dd12df38bb6d5e83053655d3a5d81a7166743b7e3bdb1f8cd38b3b556b515801

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=0-1330

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
last-modified
Thu, 10 Sep 2020 23:14:05 GMT
age
360788
etag
"c94e208e997a4aedfe6a341fdad01a19"
x-served-by
cache-bwi5123-BWI, cache-hhn4045-HHN
status
206
x-cache
MISS, HIT
content-type
video/mp4
Content-Range
bytes 0-1330/5579212
cache-control
max-age=31557600
accept-ranges
bytes
x-timer
S1604535676.580887,VS0,VE0
access-control-allow-origin
*
Content-Length
1331
x-cache-hits
0, 1
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Protocol
H2
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
range
Origin
https://v2.safehaven.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
retry-after
0
access-control-allow-origin
*
access-control-allow-methods
*
access-control-allow-headers
range
accept-ranges
bytes
date
Thu, 05 Nov 2020 00:21:15 GMT
x-served-by
cache-hhn4045-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1604535676.608218,VS0,VE0
cache-control
max-age=31557600
content-length
0
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		774 KB
775 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ea96defa8284ab6fb47873d08324707fce48164694963421492e0c91573dbda6

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=1331-794062

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
last-modified
Thu, 10 Sep 2020 23:14:05 GMT
age
360788
etag
"c94e208e997a4aedfe6a341fdad01a19"
x-served-by
cache-bwi5123-BWI, cache-hhn4045-HHN
status
206
x-cache
MISS, HIT
content-type
video/mp4
Content-Range
bytes 1331-794062/5579212
cache-control
max-age=31557600
accept-ranges
bytes
x-timer
S1604535676.632800,VS0,VE0
access-control-allow-origin
*
Content-Length
792732
x-cache-hits
0, 2
gen_204
pagead2.googlesyndication.com/pagead/ 		0
721 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=274568951646654&r=300x250&w=300&h=250&a=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ Frame E225 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5024
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Pjx4HLYGgOOhg5GlsqAmqOhQ_OqSqHqNA3_bSUEGjCsTVnhGk9lJ7Q==
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ Frame E225 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762919
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
NEqssr9Y1HXpEcG_BtWXAOaFITC2QQhW-xMItQg5UwCF12IcLHZuBA==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame E225 		134 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
46518
x-xss-protection
0
server
cafe
etag
9272287904180736456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame E225 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28759
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ Frame BC81 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5024
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
_zDMi776AbBBe-uJMsEQrwvVzJOLa8rUkGN3O-tkDu_iTAAadPImtA==
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ Frame BC81 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762919
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
qjlOfi6DJ02xokz1LDMTApLTDU1EplQwkEgQVNkXTKv7M2nmOZBUdQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame BC81 		134 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
46518
x-xss-protection
0
server
cafe
etag
9272287904180736456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame BC81 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28759
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ Frame D587 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5024
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
64UW6dHVUgsewWEDpx0yWUzJ6aJOvsUUHphhO4b1cwzuqH1gOw2-Ng==
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ Frame D587 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762919
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
p1LzelDTnZp2sdRoCNYfBDhrtS4z3_TJQ__LUYFTLiDsnwPrVXQ7IQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame D587 		134 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
46518
x-xss-protection
0
server
cafe
etag
9272287904180736456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame D587 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28759
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ Frame C106 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5024
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
h_BCMI78L0ODO3K7onwsV8mfYzpatUHKDcq1Ups_MaM0QRAO-NiPVw==
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ Frame C106 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762919
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
kpjVTlg_6wlwenbigy1r5x74nlCfIN8IBnKuSkVo5Qq_73UOqbpiaw==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame C106 		134 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
46518
x-xss-protection
0
server
cafe
etag
9272287904180736456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame C106 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28759
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
bl-04a3385-bf23da94.js
tagan.adlightning.com/math-aids/ Frame 46CE 		97 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-04a3385-bf23da94.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 04 Nov 2020 22:57:32 GMT
content-encoding
gzip
age
5024
x-cache
Hit from cloudfront
status
200
content-length
28013
x-amz-meta-git_commit
04a3385
last-modified
Wed, 04 Nov 2020 22:57:08 GMT
server
AmazonS3
etag
"159b351262ab8aecc86576d2f908250f"
x-amz-version-id
eThrrJ3O8Mw60o8BLDzZ0z5HIFgNzQaC
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
feIifWwLzSiYW974S9FZNuSLNN9TNAX7MnrJ-iPsAiV1fgz0r-XEeg==
b-9a4f7ce-993136fb.js
tagan.adlightning.com/math-aids/ Frame 46CE 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.110 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-110.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 18 Aug 2020 17:45:57 GMT
content-encoding
gzip
age
6762919
x-cache
Hit from cloudfront
status
200
content-length
20742
x-amz-meta-git_commit
9a4f7ce
last-modified
Tue, 18 Aug 2020 17:44:59 GMT
server
AmazonS3
etag
"7dc3d31c7dffef887652bd6329c8c3b6"
x-amz-version-id
z_Lu5_8_caYo6ZnDfSTV2sy2mWB1X7Zs
via
1.1 51054083366f59cdc509361d23d873eb.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
hQMZzhG03_QQpB5lHHlS2NzQSh3PWprzQH4FEjZgkfVsl9L_-2eMnQ==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 46CE 		134 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
46518
x-xss-protection
0
server
cafe
etag
9272287904180736456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 46CE 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28759
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
osd.js
www.googletagservices.com/activeview/js/current/ 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js?21068424
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		8 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020110201&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020110201.js?21068424
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f47e390daff67fdcea7e21664ca489c27e2275d8f77b34b62443e84f38c908cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6448
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame E225 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu6aqUI_cugnBJFIak2ZNnJNf7wsOZ2-rL2924tC7ad3eAZRYon70fz0yK0NtMPMKCdRXIeJzJ3Y0-Ur9kZvfCzd_qCcEBtPfsLl72ofAHYFxHkAKo5YgylJUHbULtBWlgY4-o92f4ZEPSdpJgxv6PKUd4TAcK-cupaQ4X24ligsLbgqu0yfLov6IfFlNNPtiWV3VPVxTVLvbqbFyNj-P0f7xcmGxoQOeEIa8fQi5IkUohYkEe3JCIVJv8Z1mriF_9U0r2UO0W70VCqHoYBMEgboQ&sig=Cg0ArKJSzJ4rMRJ9VuZ7EAE&urlfix=1&adurl=
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:15 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame E225 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1cd17ab1cf74e54887cae963b3bb6f4e3adb59c03201e86c2bf6462aba035b7b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame BC81 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstrpIr2s6oYHKPpw0-BWZq9-eMpoDWOWC5g2OLOjD0Ca4R3vRLA6uw7HuNamJuglJgScD8tzuQ8tDoD2BjLDpT2doMp6PO84xLZAZ1TBuP5BxwYzWHHozH9jBLT9W2E3XvWYFxaj6HwZf_1YsX4EKEZoKBY3tPkBcaopnnN9rXGpzalZvRDtbiIN2nrTUOQ74lgtTnjkPawCEtzlgUa-qLV5-zss2sQu3OkQWBKHu42i66jznIR61O2fDgNBez9W1I_1s39iRcLHOXsDWY9YPTeMg&sig=Cg0ArKJSzH3X7aUmhzoeEAE&urlfix=1&adurl=
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:15 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame BC81 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a00f70b076a48051e0773d7ca820307c57d9c3bd6e7e4afa3f0d561835d27b39

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:15 GMT
place
math-aids-tagan.adlightning.com/ Frame D587 		0
428 B 		Other
General
Check archive.org
Download Go to
Full URL
https://math-aids-tagan.adlightning.com/place?p=0&d=eyJzaXRlSWQiOiJtYXRoLWFpZHMiLCJ1cmwiOiJodHRwczovL3YyLnNhZmVoYXZlbi5jb20vIiwiYWRVbml0IjoiLzE5MjYzMzkyOS9zYWZlaGF2ZW4tMzAweDI1MC1CVEYyXzAiLCJhZFNlcnZlckRldGFpbHMiOnsiYWR2ZXJ0aXNlcklkIjoiNDYzNzkwODkiLCJjYW1wYWlnbklkIjoiMjUxNTU5ODc2NiIsImNyZWF0aXZlSWQiOiIxMzgyNjU1NDUwODUiLCJsaW5laXRlbUlkIjoiNTAxMjU0MjQ5MCIsImFkU2VydmVyIjoiZGZwIn0sIndpZHRoIjozMDAsImhlaWdodCI6MjUwLCJ3diI6IjEuMC4wKzlhNGY3Y2UiLCJidiI6IjEuMC4wKzlhNGY3Y2UiLCJ0YWdNYXJrdXAiOiI8aHRtbD48aGVhZD48c2NyaXB0IHNyYz1cImh0dHBzOi8vdGFnYW4uYWRsaWdodG5pbmcuY29tL21hdGgtYWlkcy9ibC0wNGEzMzg1LWJmMjNkYTk0LmpzXCIgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiPjwvc2NyaXB0PjxzY3JpcHQgc3JjPVwiaHR0cHM6Ly90YWdhbi5hZGxpZ2h0bmluZy5jb20vbWF0aC1haWRzL2ItOWE0ZjdjZS05OTMxMzZmYi5qc1wiIHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIj48L3NjcmlwdD48c2NyaXB0PndpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXSA9IHdpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXSB8fCB7fTt3aW5kb3dbXCIyMTM1NDczMV9tYXRoLWFpZHNcIl0udGFnRGV0YWlscyA9IHdpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXS50YWdEZXRhaWxzIHx8IHtcInNpdGVJZFwiOlwibWF0aC1haWRzXCIsXCJ3dlwiOlwiMS4wLjArOWE0ZjdjZVwiLFwidG9wRG9tYWluXCI6XCJodHRwczovL3YyLnNhZmVoYXZlbi5jb20vXCIsXCJjdXJyZW50VGFnSWRcIjpcImFkbHRhZ19raDQzNDMwel9ZR1VseDRaT1k2Z1wiLFwiYXVcIjpcIi8xOTI2MzM5Mjkvc2FmZWhhdmVuLTMwMHgyNTAtQlRGMl8wXCIsXCJzbG90RWxlbWVudElkXCI6XCJkaXYtZ3B0LWFkLTE1NTM0NzU5MDk2MjItMFwiLFwiYWRTZXJ2ZXJEZXRhaWxzXCI6e1wiYWR2ZXJ0aXNlcklkXCI6XCI0NjM3OTA4OVwiLFwiY2FtcGFpZ25JZFwiOlwiMjUxNTU5ODc2NlwiLFwiY3JlYXRpdmVJZFwiOlwiMTM4MjY1NTQ1MDg1XCIsXCJsaW5laXRlbUlkXCI6XCI1MDEyNTQyNDkwXCIsXCJhZFNlcnZlclwiOlwiZGZwXCJ9LFwid1wiOjMwMCxcImhcIjoyNTB9O3dpbmRvdy5ibG9ja2VyICYmIGJsb2NrZXIoXCIyMTM1NDczMV9tYXRoLWFpZHNcIiwgXCI8IS0tQURMX1dSQVBQRUQtLT5cIiwgZmFsc2UsIHdpbmRvdywge30pOzwvc2NyaXB0PjwvaGVhZD48L2h0bWw%2BPCEtLSBJRlJBTUUgSU5ORVIgQ09OVEVOVCAtLT4iLCJtZXRhIjp7InBsUmF0aW8iOjAuMDF9fQ%3D%3D&i=1-1&t=adltag_kh43430z_YGUlx4ZOY6g&r=26f3879fd570ecaa0f107bbccbe9a29&c=math-aids&z=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-7.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 04 Nov 2020 15:20:09 GMT
via
1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
age
32468
x-cache
Error from cloudfront
status
200
content-length
0
last-modified
Mon, 15 Jun 2020 18:35:14 GMT
server
AmazonS3
etag
"d41d8cd98f00b204e9800998ecf8427e"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
jojxxrFPUieh9ZPhCvt1MB6RWikJaj0q
access-control-allow-origin
*
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
text/plain
x-amz-cf-id
Ed4DhZmA6IQGFEEpe-7ebwyHaRo8EbLrHS3VkGMviPL8d3AFMLbkXw==
view
securepubads.g.doubleclick.net/pcs/ Frame D587 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuTQnDpIQGruNkHnntMkPluyynqeVwKRheYS43P8TADJ6iEED62DeH3AgTbHHg6Wf5e5K7tRiEnBSoK5TU8-7ieSnwzAobFVv8NcnS2Mu3lNKX2oKNAVvthwAVMElc_U0DGElsTu4EYmRo1l9H1_27FpG_0lv3vn5Dol-JcdZkZRJ1kjpAW4hJcalU9dVd_Ttg1Ii2FnMmzQSqIy3jf8ajJG2szrrmS1NIfgKEZHRcEtWOd7ONEfnHzGc8ddxy9P-WSU67bFxMn6i5_T-TcBnmMfhI&sig=Cg0ArKJSzO5H9pxjnUyjEAE&urlfix=1&adurl=
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame D587 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
94d8aa676711380bd2b2e671b081dff1002ec7b561d1925e83aab6cd2e29bb2f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/ Frame E225 		230 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
88237
x-xss-protection
0
server
cafe
etag
8916267561321754551
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:16 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20201029/r20190131/ Frame E95D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20201029/r20190131/zrt_lookup.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20201029/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 04 Nov 2020 02:32:56 GMT
expires
Wed, 18 Nov 2020 02:32:56 GMT
content-type
text/html; charset=UTF-8
etag
5228831996244654541
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4745
x-xss-protection
0
age
78500
cache-control
public, max-age=1209600
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/ Frame BC81 		230 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
88237
x-xss-protection
0
server
cafe
etag
8916267561321754551
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:16 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame C106 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuqnUN2EbHccAG6aWz9UzN2mfXKegvupV4eQtEHq3zxqF1gwT1yiyknC-j-R2c3jA2unB3jYl1nVjsWENYyqkooOlI7WbPsj2cXy4rFIMRwXy6SUj1s8YVYMm-7vglNygTPP4YVG1mNqHuO_U0MH6_0MBwjL8XPvLxyaZv5UcUCLiztysk-u6wDh1JwwnzH2pxJp-zseIoiNdtIWlo9-X6EtlpIPa9VL9-BYOqmLnYiGfQwTKQorxWvpOv4c6N75n2RoLnkHs5uAGm1yexIimLV&sig=Cg0ArKJSzKw8f78LvEwvEAE&urlfix=1&adurl=
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame C106 		212 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57f75b5cfbdbc77eed3820ecc8277276f64b1c34750963d0405e9bcbbb11bb36

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame 46CE 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOpRS36hAWE3jDY0TPybwQNsVlqoAQC0xuzGvIsZyZGK2tJf5zE6jvc_BbKF--DujE6J_gqN65A3VlXNHgXfMeUZw6KBgtONmUwH4dOsQlzdg9AjijgEAG-oy9se-Ak6VHKOJ1gq85x2SQix3g4KOccGhO6MoLxPqMu81BuDjcFJcTiaYDGotHos6gLH87HysVq0QFy-RhM2CKIkTVZ4Fd8WsJ6G2U2ullx1-D8JEPVAXrgGv14vR19sM3hDwkkPPZmf10L40Txjxnp2uFanXi&sig=Cg0ArKJSzBKbUJmCkHWJEAE&urlfix=1&adurl=
Requested by
Host: v2.safehaven.com
URL: https://v2.safehaven.com/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 46CE 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3bb0c95684846eb3014e8fe9a0051d98f97184ea08d5105158b8c2b385c77610

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/ Frame D587 		230 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
88237
x-xss-protection
0
server
cafe
etag
8916267561321754551
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:16 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/ Frame 46CE 		230 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
88237
x-xss-protection
0
server
cafe
etag
8916267561321754551
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:16 GMT
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/ Frame C106 		230 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
88237
x-xss-protection
0
server
cafe
etag
8916267561321754551
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Thu, 05 Nov 2020 00:21:16 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame A25A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5171
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cookie.js
partner.googleadservices.com/gampad/ Frame E225 		203 B
631 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=v2.safehaven.com&callback=_gfp_s_&client=ca-pub-8460394618887212&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
fbcc20cd0eee3571dd3e63e6326c9e870226b9e9e014750831d5a62f0df01b7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
193
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame E225 		109 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame E225 		109 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 99DC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046729&pi=t.ma~as.9357229395&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676004&bpp=25&bdt=296&idt=253&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=2&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1456686692&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=661&biw=1600&bih=1200&isw=300&ish=250&ifk=782391979&scr_x=0&scr_y=0&eid=21066434%2C21068084&oid=3&pvsid=1421921652230361&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.30e3gj6rx073&fsb=1&dtd=274
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIf1j5iR6uwCFVRZ4AodgdUCeg&gqi=fEWjX-nxEcaY3gPnkKa4DQ&layout=/sadbundle/%24csp%253Der3%24/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046729&pi=t.ma~as.9357229395&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676004&bpp=25&bdt=296&idt=253&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=2&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1456686692&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=661&biw=1600&bih=1200&isw=300&ish=250&ifk=782391979&scr_x=0&scr_y=0&eid=21066434%2C21068084&oid=3&pvsid=1421921652230361&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.30e3gj6rx073&fsb=1&dtd=274
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIf1j5iR6uwCFVRZ4AodgdUCeg&gqi=fEWjX-nxEcaY3gPnkKa4DQ&layout=/sadbundle/%24csp%253Der3%24/10703143694655840549/Walbusch_Softflanell_v1-AT-DE_mobile_300x250/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 05 Nov 2020 00:21:16 GMT
server
cafe
content-length
30266
x-xss-protection
0
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame E225 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame BC81 		203 B
259 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=v2.safehaven.com&callback=_gfp_s_&client=ca-pub-8460394618887212&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
82dad1c3707a8b283fdf0d100e52c1b1867230f38fdd2e817bf6333c60782736
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame BC81 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame BC81 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9779 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046728&pi=t.ma~as.8782514321&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676085&bpp=3&bdt=363&idt=211&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1789647421&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=943&biw=1600&bih=1200&isw=300&ish=250&ifk=1265944040&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21065725%2C21066706&oid=3&pvsid=3109027096368497&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.plfmh457v545&fsb=1&dtd=222
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046728&pi=t.ma~as.8782514321&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676085&bpp=3&bdt=363&idt=211&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1789647421&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1075&ady=943&biw=1600&bih=1200&isw=300&ish=250&ifk=1265944040&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21065725%2C21066706&oid=3&pvsid=3109027096368497&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.plfmh457v545&fsb=1&dtd=222
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 05 Nov 2020 00:21:16 GMT
server
cafe
content-length
21966
x-xss-protection
0
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame BC81 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame D587 		203 B
256 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=v2.safehaven.com&callback=_gfp_s_&client=ca-pub-8460394618887212&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
2e6e211e42d6d4bc60ec035cc8a5711d8b4f5cea07658480531f19e8140d0b6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame D587 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D587 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9E13 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046727&pi=t.ma~as.1547377351&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676180&bpp=4&bdt=450&idt=153&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1567413873&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=2298&biw=1600&bih=1200&isw=300&ish=250&ifk=634349655&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21067982&oid=3&pvsid=1571525250602557&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.r4uvzp4moecg&btvi=1&fsb=1&dtd=165
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046727&pi=t.ma~as.1547377351&w=300&psa=0&format=300x250&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676180&bpp=4&bdt=450&idt=153&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1567413873&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=2298&biw=1600&bih=1200&isw=300&ish=250&ifk=634349655&scr_x=0&scr_y=0&eid=42530671%2C21066434%2C21067982&oid=3&pvsid=1571525250602557&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.r4uvzp4moecg&btvi=1&fsb=1&dtd=165
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 05 Nov 2020 00:21:16 GMT
server
cafe
content-length
199
x-xss-protection
0
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame D587 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame 46CE 		203 B
609 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=v2.safehaven.com&callback=_gfp_s_&client=ca-pub-8460394618887212&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
2e224f74c4df04a8c0c906f51b0ad5eb5c9457ee23398cdb3aa058a7d74e5cf8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
193
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame 46CE 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 46CE 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 37F2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046725&pi=t.ma~as.7090869147&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676223&bpp=5&bdt=476&idt=162&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1706429621&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2822&biw=1600&bih=1200&isw=728&ish=90&ifk=220162048&scr_x=0&scr_y=0&eid=42530671%2C44726948%2C21066434%2C21068083%2C21068433&oid=3&pvsid=3294908100356844&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.dhqlueax0xeu&btvi=1&fsb=1&dtd=174
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046725&pi=t.ma~as.7090869147&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676223&bpp=5&bdt=476&idt=162&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=1706429621&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=436&ady=2822&biw=1600&bih=1200&isw=728&ish=90&ifk=220162048&scr_x=0&scr_y=0&eid=42530671%2C44726948%2C21066434%2C21068083%2C21068433&oid=3&pvsid=3294908100356844&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.dhqlueax0xeu&btvi=1&fsb=1&dtd=174
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 05 Nov 2020 00:21:16 GMT
server
cafe
content-length
199
x-xss-protection
0
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 46CE 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
cookie.js
partner.googleadservices.com/gampad/ Frame C106 		203 B
217 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=v2.safehaven.com&callback=_gfp_s_&client=ca-pub-8460394618887212&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
0ce3a2d0027d283f5b109fd48578532c4e4912691f75493651949ebe93ab9a4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
192
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ Frame C106 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame C106 		109 B
126 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=v2.safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B3B3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046726&pi=t.ma~as.1978622193&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676233&bpp=4&bdt=493&idt=195&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=989575431&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=1191&biw=1600&bih=1200&isw=728&ish=90&ifk=3581310677&scr_x=0&scr_y=0&eid=21066434&oid=3&pvsid=2883677014295766&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.wh5x6gt2hu2g&fsb=1&dtd=205
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKm2mpiR6uwCFQ6B3godLKUBrg&gqi=fEWjX8HHHN6t3gPisLf4CQ&layout=/sadbundle/%24csp%253Der3%24/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?guci=1.2.0.0.2.2.0.0&client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046726&pi=t.ma~as.1978622193&w=728&psa=0&format=728x90&url=https%3A%2F%2Fv2.safehaven.com%2F&ea=0&flash=0&wgl=1&tt_state=W3siaXNzdWVyT3JpZ2luIjoiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbSIsInN0YXRlIjowfSx7Imlzc3Vlck9yaWdpbiI6Imh0dHBzOi8vYXR0ZXN0YXRpb24uYW5kcm9pZC5jb20iLCJzdGF0ZSI6MH1d&dt=1604535676233&bpp=4&bdt=493&idt=195&shv=r20201029&cbv=r20190131&ptt=9&saldr=aa&cookie=ID%3D8b156c1c312a3a56%3AT%3D1604535675%3AS%3DALNI_MZ_LKTH1-Ey2ChrPTYlEZ3IP8jb4A&correlator=4795276760256&frm=23&ife=4&pv=1&ga_vid=1507818685.1604535674&ga_sid=1604535676&ga_hid=989575431&ga_fc=1&iag=3&icsg=8362&nhd=1&dssz=15&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=248&ady=1191&biw=1600&bih=1200&isw=728&ish=90&ifk=3581310677&scr_x=0&scr_y=0&eid=21066434&oid=3&pvsid=2883677014295766&pem=110&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8196&bc=31&ifi=1&uci=1.wh5x6gt2hu2g&fsb=1&dtd=205
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUnhAPRczyfqDNyvGuaqZ4Jqfex_EsDKOvKgnHtB0Oif-drALygazQsICRnQ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKm2mpiR6uwCFQ6B3godLKUBrg&gqi=fEWjX8HHHN6t3gPisLf4CQ&layout=/sadbundle/%24csp%253Der3%24/14017855927488145025/Walbusch_Softflanell_v1-AT-DE_728x90/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Thu, 05 Nov 2020 00:21:16 GMT
server
cafe
content-length
30221
x-xss-protection
0
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame C106 		72 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1604493480950496"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27590
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
131 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gpt_2020110201&jk=274568951646654&bg=!XF-lX3_NAAU7ZAKtO1gWCSlU9JRWqgIAAABnUgAAAA1oAQcKAI0HrPHZm62lrJqwtwYMbg1cCLmvkdX8KxoxWSeshFJUjoiEASXrXXSiKI5FN11B8g5CzFsgGiRejzeiw0BvOexo56MyGux1xHGzBgO8DtsuSQXDF9BfCRZ9GTGKe94mG_06y0MgICW-Wrfl9PepvShceepTjTQsjrYCW8Z7ne-ii01mlSQu42glvSUCreKZAanzMS5CKVBXCH1IU635B4BBCVxy_KiN_uTJi0EWvLaI4GXFSXKCeeD7lE-INE2wqi8ccT60GiBsJ8X8jNNCzxnU5hHwDhjwU8T-x-zLkyPbFVxBmxBTHw3n6jijacHQR-yd6-OGa8iyCNIDzTczjdG7AWJo8DITLHCgmwr53ALMSVcEbyoORHeG-6KzgK13E4mpeLm3h6D7UYERrMQ0P_CG-evPE4g4HvPPCF7Ie-Nr-yk2sTIeSHajgM03o3mDKEwfEZwKqRvrgpMrditKZUZjV6XmLx8yzXs0zWJ_CLLkaTNgtye_0xsYFSqlz1nyGuLJ9fdP2rhuKZ7ios7c9n37P6vKksPMvPJmi5yimRUqH7m-PDGRwsL5k-z5C4yURdJGnD2ETzEodVjhxM4HUS3Eb6QQ33dGm2q9dW7cVMOfXnd9GzfWm9Yspf4IQhNYVn3fYhKbgfRoUnduVD26p20XXCY1KITr_y35qwrM0qtFtBWKOhwqcCIXcGlTSG3cDQ1AgwgshDi0a1uXZsGvuC30l7AzSnndDhvzsHqgF7h9ZSp0JOBOhZgCsg
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Protocol
H2
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
range
Origin
https://v2.safehaven.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
retry-after
0
access-control-allow-origin
*
access-control-allow-methods
*
access-control-allow-headers
range
accept-ranges
bytes
date
Thu, 05 Nov 2020 00:21:16 GMT
x-served-by
cache-hhn4045-HHN
x-cache
HIT
x-cache-hits
0
x-timer
S1604535677.694292,VS0,VE0
cache-control
max-age=31557600
content-length
0
0.mp4
vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ Frame 6B63 		706 KB
707 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/0.mp4
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.114.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b11734511d68c3bcccae0646b415fff85a898d192a6130021bf1547b3d68bd26

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range
bytes=794063-1517090

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
last-modified
Thu, 10 Sep 2020 23:14:05 GMT
age
360789
etag
"c94e208e997a4aedfe6a341fdad01a19"
x-served-by
cache-bwi5123-BWI, cache-hhn4045-HHN
status
206
x-cache
MISS, HIT
content-type
video/mp4
Content-Range
bytes 794063-1517090/5579212
cache-control
max-age=31557600
accept-ranges
bytes
x-timer
S1604535677.778156,VS0,VE0
access-control-allow-origin
*
Content-Length
723028
x-cache-hits
0, 3
view
securepubads.g.doubleclick.net/pcs/ Frame D587 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsscgCyvmIMZ1MUYUboBQVki00JrfXIbc-ykm7e-HkPW6cWySasShH4S_YJkUNzBZtXjl6p2bOl5E_oeq_9-kvNu1YTf89d5wGDZSk44pasegZ01RDJiUEtU3aTSXDIoa5u1hy7mgb3F4Ds_8LeRHA48HP_7FCX-f260aGQm5jsq_YEeZx-ECuC5X0TUhQ8A_bO6JGDZ9sLQRQr7xqzqt1LFSa4zVsJDWJP95Cu4s3yPAjPubBVeCxU9H1emU3bQanhbDEP07itkWhVE5kVMTKXCQHb9qw&sig=Cg0ArKJSzGEJE69x4GM7EAE&urlfix=1&adurl=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
place
math-aids-tagan.adlightning.com/ Frame D587 		0
427 B 		Other
General
Check archive.org
Download Go to
Full URL
https://math-aids-tagan.adlightning.com/place?p=1&d=eyJzaXRlSWQiOiJtYXRoLWFpZHMiLCJ1cmwiOiJodHRwczovL3YyLnNhZmVoYXZlbi5jb20vIiwiYWRVbml0IjoiLzE5MjYzMzkyOS9zYWZlaGF2ZW4tMzAweDI1MC1CVEYyXzAiLCJhZFNlcnZlckRldGFpbHMiOnsiYWR2ZXJ0aXNlcklkIjoiNDYzNzkwODkiLCJjYW1wYWlnbklkIjoiMjUxNTU5ODc2NiIsImNyZWF0aXZlSWQiOiIxMzgyNjU1NDUwODUiLCJsaW5laXRlbUlkIjoiNTAxMjU0MjQ5MCIsImFkU2VydmVyIjoiZGZwIn0sIndpZHRoIjozMDAsImhlaWdodCI6MjUwLCJ3diI6IjEuMC4wKzlhNGY3Y2UiLCJidiI6IjEuMC4wKzlhNGY3Y2UiLCJ0YWdNYXJrdXAiOiI8aHRtbD48aGVhZD48c2NyaXB0IHNyYz1cImh0dHBzOi8vd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbS9hY3RpdmV2aWV3L2pzL2N1cnJlbnQvb3NkLmpzP2NiPSUyRnIyMDEwMDEwMVwiPjwvc2NyaXB0PjxzY3JpcHQgc3JjPVwiaHR0cHM6Ly9wYXJ0bmVyLmdvb2dsZWFkc2VydmljZXMuY29tL2dhbXBhZC9jb29raWUuanM%2FZG9tYWluPXYyLnNhZmVoYXZlbi5jb20mYW1wO2NhbGxiYWNrPV9nZnBfc18mYW1wO2NsaWVudD1jYS1wdWItODQ2MDM5NDYxODg4NzIxMiZhbXA7Y29va2llPUlEJTNEOGIxNTZjMWMzMTJhM2E1NiUzQVQlM0QxNjA0NTM1Njc1JTNBUyUzREFMTklfTVpfTEtUSDEtRXkyQ2hyUFRZbEVaM0lQOGpiNEFcIj48L3NjcmlwdD48c2NyaXB0IHNyYz1cImh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vcGFnZWFkL2pzL3IyMDIwMTAyOS9yMjAxOTAxMzEvc2hvd19hZHNfaW1wbF9meTIwMTkuanNcIiBpZD1cImdvb2dsZV9zaGltcGxcIj48L3NjcmlwdD48c2NyaXB0IHNyYz1cImh0dHBzOi8vdGFnYW4uYWRsaWdodG5pbmcuY29tL21hdGgtYWlkcy9ibC0wNGEzMzg1LWJmMjNkYTk0LmpzXCIgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiPjwvc2NyaXB0PjxzY3JpcHQgc3JjPVwiaHR0cHM6Ly90YWdhbi5hZGxpZ2h0bmluZy5jb20vbWF0aC1haWRzL2ItOWE0ZjdjZS05OTMxMzZmYi5qc1wiIHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIj48L3NjcmlwdD48c2NyaXB0PndpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXSA9IHdpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXSB8fCB7fTt3aW5kb3dbXCIyMTM1NDczMV9tYXRoLWFpZHNcIl0udGFnRGV0YWlscyA9IHdpbmRvd1tcIjIxMzU0NzMxX21hdGgtYWlkc1wiXS50YWdEZXRhaWxzIHx8IHtcInNpdGVJZFwiOlwibWF0aC1haWRzXCIsXCJ3dlwiOlwiMS4wLjArOWE0ZjdjZVwiLFwidG9wRG9tYWluXCI6XCJodHRwczovL3YyLnNhZmVoYXZlbi5jb20vXCIsXCJjdXJyZW50VGFnSWRcIjpcImFkbHRhZ19raDQzNDMwel9ZR1VseDRaT1k2Z1wiLFwiYXVcIjpcIi8xOTI2MzM5Mjkvc2FmZWhhdmVuLTMwMHgyNTAtQlRGMl8wXCIsXCJzbG90RWxlbWVudElkXCI6XCJkaXYtZ3B0LWFkLTE1NTM0NzU5MDk2MjItMFwiLFwiYWRTZXJ2ZXJEZXRhaWxzXCI6e1wiYWR2ZXJ0aXNlcklkXCI6XCI0NjM3OTA4OVwiLFwiY2FtcGFpZ25JZFwiOlwiMjUxNTU5ODc2NlwiLFwiY3JlYXRpdmVJZFwiOlwiMTM4MjY1NTQ1MDg1XCIsXCJsaW5laXRlbUlkXCI6XCI1MDEyNTQyNDkwXCIsXCJhZFNlcnZlclwiOlwiZGZwXCJ9LFwid1wiOjMwMCxcImhcIjoyNTB9O3dpbmRvdy5ibG9ja2VyICYmIGJsb2NrZXIoXCIyMTM1NDczMV9tYXRoLWFpZHNcIiwgXCI8IS0tQURMX1dSQVBQRUQtLT5cIiwgZmFsc2UsIHdpbmRvdywge30pOzwvc2NyaXB0PjxzY3JpcHQ%2BdmFyIGluRGFwSUY9dHJ1ZSxpbkdwdElGPXRydWU7PC9zY3JpcHQ%2BPGxpbmsgcmVsPVwicHJlbG9hZFwiIGhyZWY9XCJodHRwczovL2Fkc2VydmljZS5nb29nbGUuZGUvYWRzaWQvaW50ZWdyYXRvci5qcz9kb21haW49djIuc2FmZWhhdmVuLmNvbVwiIGFzPVwic2NyaXB0XCI%2BPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCIgc3JjPVwiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmRlL2Fkc2lkL2ludGVncmF0b3IuanM%2FZG9tYWluPXYyLnNhZmVoYXZlbi5jb21cIj48L3NjcmlwdD48bGluayByZWw9XCJwcmVsb2FkXCIgaHJlZj1cImh0dHBzOi8vYWRzZXJ2aWNlLmdvb2dsZS5jb20vYWRzaWQvaW50ZWdyYXRvci5qcz9kb21haW49djIuc2FmZWhhdmVuLmNvbVwiIGFzPVwic2NyaXB0XCI%2BPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCIgc3JjPVwiaHR0cHM6Ly9hZHNlcnZpY2UuZ29vZ2xlLmNvbS9hZHNpZC9pbnRlZ3JhdG9yLmpzP2RvbWFpbj12Mi5zYWZlaGF2ZW4uY29tXCI%2BPC9zY3JpcHQ%2BPC9oZWFkPjxib2R5IGxlZnRtYXJnaW49XCIwXCIgdG9wbWFyZ2luPVwiMFwiIG1hcmdpbndpZHRoPVwiMFwiIG1hcmdpbmhlaWdodD1cIjBcIj48c2NyaXB0PndpbmRvdy5kaWNuZiA9IHt9Ozwvc2NyaXB0PjxzY3JpcHQgZGF0YS1qYz1cIjQyXCIgZGF0YS1qYy12ZXJzaW9uPVwicjIwMjAxMDI5XCI%2BKGZ1bmN0aW9uKCl7LyogIENvcHlyaWdodCBUaGUgQ2xvc3VyZSBMaWJyYXJ5IEF1dGhvcnMuIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wICovICd1c2Ugc3RyaWN0Jzt3aW5kb3cudmlld1JlcT1bXTtjb25zdCBjPWE9PntmZXRjaChhLHtrZWVwYWxpdmU6ITAsY3JlZGVudGlhbHM6XCJpbmNsdWRlXCIscmVkaXJlY3Q6XCJmb2xsb3dcIixtZXRob2Q6XCJnZXRcIixtb2RlOlwibm8tY29yc1wifSkuY2F0Y2goKCk9Pnt7Y29uc3QgYj1uZXcgSW1hZ2U7Yi5zcmM9YS5yZXBsYWNlKFwiJmFtcDtcIixcIiZcIik7dmlld1JlcS5wdXNoKGIpfX0pfTt3aW5kb3cudnU9YT0%2Be2lmKHdpbmRvdy5mZXRjaCljKGEpO2Vsc2V7e2NvbnN0IGI9bmV3IEltYWdlO2Iuc3JjPWEucmVwbGFjZShcIiZhbXA7XCIsXCImXCIpO3ZpZXdSZXEucHVzaChiKX19fTt9KS5jYWxsKHRoaXMpOzwvc2NyaXB0PjxzY3JpcHQ%2BdnUoXCJodHRwczovL3NlY3VyZXB1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wY3Mvdmlldz94YWlcXHgzZEFLQU9qc3VUUW5EcElRR3J1TmtIbm50TWtQbHV5eW5xZVZ3S1JoZVlTNDNQOFRBREo2aUVFRDYyRGVIM0FnVGJISGc2V2Y1ZTVLN3RSaUVuQlNvSzVUVTgtN2llU253ekFvYkZWdjhOY25TMk11M2xOS1gyb0tOQVZ2dGh3QVZNRWxjX1UwREdFbHNUdTRFWW1SbzFsOUgxXzI3RnBHXzBsdjN2bjVEb2wtSmNkWmtaUkoxa2pwQVc0aEpjYWxVOWRWZF9UdGcxSWkyRm5NbXpRU3FJeTNqZjhhakpHMnN6cnJtUzFOSWZnS0VaSFJjRXRXT2Q3T05FZm5IekdjOGRkeHk5UC1XU1U2N2JGeE1uNmk1X1QtVGNCbm1NZmhJXFx4MjZzaWdcXHgzZENnMEFyS0pTek81SDlweGpuVXlqRUFFXFx4MjZ1cmxmaXhcXHgzZDFcXHgyNmFkdXJsXFx4M2RcIik8L3NjcmlwdD48ZGl2IGNsYXNzPVwiR29vZ2xlQWN0aXZlVmlld0lubmVyQ29udGFpbmVyXCIgc3R5bGU9XCJsZWZ0OjBweDt0b3A6MHB4O3dpZHRoOjEwMCU7aGVpZ2h0OjEwMCU7cG9zaXRpb246Zml4ZWQ7cG9pbnRlci1ldmVudHM6bm9uZTt6LWluZGV4Oi05OTk5O1wiPjwvZGl2PjxkaXYgc3R5bGU9XCJkaXNwbGF5OmlubGluZVwiIGNsYXNzPVwiR29vZ2xlQWN0aXZlVmlld0VsZW1lbnRcIiBkYXRhLWdvb2dsZS1hdi1jeG49XCJodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3Bjcy9hY3RpdmV2aWV3P3hhaT1BS0FPanN0dVNUTDBIOTVXV01HYk9CaFFkdExIbHo0VmNQQnQ5NldqMFM2QkliUFRPVzY4ekN1S0tpSFc3UG05VVk2LTRha2wxcC1NZWJmbVB1SlFwSjI5NTJTNHNsMXhTV2RBajZ6dU1tN1F6dXMmYW1wO3NpZz1DZzBBcktKU3pQZ3RuRWNDamNpTUVBRVwiIGRhdGEtZ29vZ2xlLWF2LWFkaz1cIjE5MDI0MjMzMVwiIGRhdGEtZ29vZ2xlLWF2LW1ldGFkYXRhPVwibGE9MCZhbXA7eGRpPTAmYW1wO1wiIGRhdGEtZ29vZ2xlLWF2LW92ZXJyaWRlPVwiLTFcIiBkYXRhLWdvb2dsZS1hdi1kbT1cIjJcIiBkYXRhLWdvb2dsZS1hdi1pbW1lZGlhdGU9XCJcIiBkYXRhLWdvb2dsZS1hdi1haWQ9XCIwXCIgZGF0YS1nb29nbGUtYXYtbmFpZD1cIjFcIiBkYXRhLWdvb2dsZS1hdi1zbGlmdD1cIlwiIGRhdGEtZ29vZ2xlLWF2LWNwbWF2PVwiXCIgZGF0YS1nb29nbGUtYXYtYnRyPVwiaHR0cHM6Ly9zZWN1cmVwdWJhZHMuZy5kb3VibGVjbGljay5uZXQvcGNzL3ZpZXc%2FeGFpPUFLQU9qc3NjZ0N5dm1JTVoxTVVZVWJvQlFWa2kwMEpyZlhJYmMteWttN2UtSGtQVzZjV3lTYXNTaEg0U19ZSmtVTnpCWnRYamw2cDJiT2w1RV9vZXFfOS1rdk51MVlUZjg5ZDV3R0RaU2s0NHBhc2VnWjAxUkRKaVVFdFUzYVRTWERJb2E1dTFoeTdtZ2IzRjREc184TGVSSEE0OEhQXzdGQ1gtZjI2MGFHUW01anNxX1lFZVp4LUVDdUM1WDBUVWhROEFfYk82SkdEWjlzTFFSUXI3eHF6cXQxTEZTYTR6VnNKRFdKUDk1Q3U0czN5UEFqUHViQlZlQ3hVOUgxZW1VM2JRYW5oYkRFUDA3aXRrV2hWRTVrVk1US1hDUUhiOXF3JmFtcDtzaWc9Q2cwQXJLSlN6R0VKRTY5eDRHTTdFQUUmYW1wO3VybGZpeD0xJmFtcDthZHVybD1cIiBkYXRhLWdvb2dsZS1hdi1pdHBsPVwiMTlcIiBkYXRhLWdvb2dsZS1hdi1ycz1cIjRcIiBkYXRhLWdvb2dsZS1hdi1mbGFncz1cIlsmcXVvdDt4eiZxdW90O11cIj48c2NyaXB0IGFzeW5jPVwiXCIgc3JjPVwiLy9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvanMvYWRzYnlnb29nbGUuanNcIj48L3NjcmlwdD5cbjwhLS0gU2FmZUhhdmVuLTMwMHgyNTAtQlRGMiAtLT5cbjxpbnMgY2xhc3M9XCJhZHNieWdvb2dsZVwiIHN0eWxlPVwiZGlzcGxheTogaW5saW5lLWJsb2NrOyB3aWR0aDogMzAwcHg7IGhlaWdodDogMHB4O1wiIGRhdGEtYWQtY2xpZW50PVwiY2EtcHViLTg0NjAzOTQ2MTg4ODcyMTJcIiBkYXRhLWFkLXNsb3Q9XCIxNTQ3Mzc3MzUxXCIgZGF0YS1hZHNieWdvb2dsZS1zdGF0dXM9XCJkb25lXCI%2BPGlucyBpZD1cImFzd2lmdF8wX2V4cGFuZFwiIHN0eWxlPVwiZGlzcGxheTogaW5saW5lLXRhYmxlOyBib3JkZXI6IG5vbmU7IGhlaWdodDogMHB4OyBtYXJnaW46IDBweDsgcGFkZGluZzogMHB4OyBwb3NpdGlvbjogcmVsYXRpdmU7IHZpc2liaWxpdHk6IHZpc2libGU7IHdpZHRoOiAzMDBweDsgYmFja2dyb3VuZC1jb2xvcjogdHJhbnNwYXJlbnQ7XCI%2BPGlucyBpZD1cImFzd2lmdF8wX2FuY2hvclwiIHN0eWxlPVwiZGlzcGxheTogYmxvY2s7IGJvcmRlcjogbm9uZTsgaGVpZ2h0OiAwcHg7IG1hcmdpbjogMHB4OyBwYWRkaW5nOiAwcHg7IHBvc2l0aW9uOiByZWxhdGl2ZTsgdmlzaWJpbGl0eTogdmlzaWJsZTsgd2lkdGg6IDMwMHB4OyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudDsgb3ZlcmZsb3c6IGhpZGRlbjsgb3BhY2l0eTogMDtcIj48aWZyYW1lIGlkPVwiYXN3aWZ0XzBcIiBuYW1lPVwiYXN3aWZ0XzBcIiBzdHlsZT1cImxlZnQ6MDtwb3NpdGlvbjphYnNvbHV0ZTt0b3A6MDtib3JkZXI6MDt3aWR0aDozMDBweDtoZWlnaHQ6MjUwcHg7XCIgc2FuZGJveD1cImFsbG93LWZvcm1zIGFsbG93LXBvcHVwcyBhbGxvdy1wb3B1cHMtdG8tZXNjYXBlLXNhbmRib3ggYWxsb3ctc2FtZS1vcmlnaW4gYWxsb3ctc2NyaXB0cyBhbGxvdy10b3AtbmF2aWdhdGlvbi1ieS11c2VyLWFjdGl2YXRpb25cIiB3aWR0aD1cIjMwMFwiIGhlaWdodD1cIjI1MFwiIGZyYW1lYm9yZGVyPVwiMFwiIHNyYz1cImh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZHM%2FZ3VjaT0xLjIuMC4wLjIuMi4wLjAmYW1wO2NsaWVudD1jYS1wdWItODQ2MDM5NDYxODg4NzIxMiZhbXA7b3V0cHV0PWh0bWwmYW1wO2g9MjUwJmFtcDtzbG90bmFtZT0xNTQ3Mzc3MzUxJmFtcDthZGs9MTI0NzMyNDg1OSZhbXA7YWRmPTMxNzMwNDY3MjcmYW1wO3BpPXQubWF%2BYXMuMTU0NzM3NzM1MSZhbXA7dz0zMDAmYW1wO3BzYT0wJmFtcDtmb3JtYXQ9MzAweDI1MCZhbXA7dXJsPWh0dHBzJTNBJTJGJTJGdjIuc2FmZWhhdmVuLmNvbSUyRiZhbXA7ZWE9MCZhbXA7Zmxhc2g9MCZhbXA7d2dsPTEmYW1wO3R0X3N0YXRlPVczc2lhWE56ZFdWeVQzSnBa&i=1-2&t=adltag_kh43430z_YGUlx4ZOY6g&r=b2bd4a318304b5bb368a26a99b56c88&c=math-aids&z=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-7.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 04 Nov 2020 15:20:09 GMT
via
1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
age
32468
x-cache
Error from cloudfront
status
200
content-length
0
last-modified
Mon, 15 Jun 2020 18:35:14 GMT
server
AmazonS3
etag
"d41d8cd98f00b204e9800998ecf8427e"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
jojxxrFPUieh9ZPhCvt1MB6RWikJaj0q
access-control-allow-origin
*
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
text/plain
x-amz-cf-id
KBAiQ_-gKLY_B83LFl-1Qk5lxL5HiZ6uqsDrktOef4jwMdCVlK4Q4g==
place
math-aids-tagan.adlightning.com/ Frame D587 		0
427 B 		Other
General
Check archive.org
Download Go to
Full URL
https://math-aids-tagan.adlightning.com/place?p=1&d=Mmx1SWpvaWFIUjBjSE02THk5aFpITmxjblpwWTJVdVoyOXZaMnhsTG1OdmJTSXNJbk4wWVhSbElqb3dmU3g3SW1semMzVmxjazl5YVdkcGJpSTZJbWgwZEhCek9pOHZZWFIwWlhOMFlYUnBiMjR1WVc1a2NtOXBaQzVqYjIwaUxDSnpkR0YwWlNJNk1IMWQmYW1wO2R0PTE2MDQ1MzU2NzYxODAmYW1wO2JwcD00JmFtcDtiZHQ9NDUwJmFtcDtpZHQ9MTUzJmFtcDtzaHY9cjIwMjAxMDI5JmFtcDtjYnY9cjIwMTkwMTMxJmFtcDtwdHQ9OSZhbXA7c2FsZHI9YWEmYW1wO2Nvb2tpZT1JRCUzRDhiMTU2YzFjMzEyYTNhNTYlM0FUJTNEMTYwNDUzNTY3NSUzQVMlM0RBTE5JX01aX0xLVEgxLUV5MkNoclBUWWxFWjNJUDhqYjRBJmFtcDtjb3JyZWxhdG9yPTQ3OTUyNzY3NjAyNTYmYW1wO2ZybT0yMyZhbXA7aWZlPTQmYW1wO3B2PTEmYW1wO2dhX3ZpZD0xNTA3ODE4Njg1LjE2MDQ1MzU2NzQmYW1wO2dhX3NpZD0xNjA0NTM1Njc2JmFtcDtnYV9oaWQ9MTU2NzQxMzg3MyZhbXA7Z2FfZmM9MSZhbXA7aWFnPTMmYW1wO2ljc2c9ODM2MiZhbXA7bmhkPTEmYW1wO2Rzc3o9MTUmYW1wO21kbz0wJmFtcDttc289MCZhbXA7dV90ej02MCZhbXA7dV9oaXM9MiZhbXA7dV9qYXZhPTAmYW1wO3VfaD0xMjAwJmFtcDt1X3c9MTYwMCZhbXA7dV9haD0xMjAwJmFtcDt1X2F3PTE2MDAmYW1wO3VfY2Q9MjQmYW1wO3VfbnBsdWc9MCZhbXA7dV9ubWltZT0wJmFtcDthZHg9MjQ4JmFtcDthZHk9MjI5OCZhbXA7Yml3PTE2MDAmYW1wO2JpaD0xMjAwJmFtcDtpc3c9MzAwJmFtcDtpc2g9MjUwJmFtcDtpZms9NjM0MzQ5NjU1JmFtcDtzY3JfeD0wJmFtcDtzY3JfeT0wJmFtcDtlaWQ9NDI1MzA2NzElMkMyMTA2NjQzNCUyQzIxMDY3OTgyJmFtcDtvaWQ9MyZhbXA7cHZzaWQ9MTU3MTUyNTI1MDYwMjU1NyZhbXA7cGVtPTExMCZhbXA7cng9MCZhbXA7ZWFlPTImYW1wO2ZjPTY0MCZhbXA7YnJkaW09MCUyQzAlMkMwJTJDMCUyQzE2MDAlMkMwJTJDMTYwMCUyQzEyMDAlMkMzMDAlMkMyNTAmYW1wO3Zpcz0xJmFtcDtyc3o9JTdDJTdDZUViciU3QyZhbXA7YWJsPUNTJmFtcDtwZng9MCZhbXA7ZnU9ODE5NiZhbXA7YmM9MzEmYW1wO2lmaT0xJmFtcDt1Y2k9MS5yNHV2enA0bW9lY2cmYW1wO2J0dmk9MSZhbXA7ZnNiPTEmYW1wO2R0ZD0xNjVcIiBtYXJnaW53aWR0aD1cIjBcIiBtYXJnaW5oZWlnaHQ9XCIwXCIgdnNwYWNlPVwiMFwiIGhzcGFjZT1cIjBcIiBhbGxvd3RyYW5zcGFyZW5jeT1cInRydWVcIiBzY3JvbGxpbmc9XCJub1wiIGFsbG93ZnVsbHNjcmVlbj1cInRydWVcIiBkYXRhLWdvb2dsZS1jb250YWluZXItaWQ9XCIxLnI0dXZ6cDRtb2VjZ1wiIGRhdGEtZ29vZ2xlLXF1ZXJ5LWlkPVwiQ01TMWxKaVI2dXdDRlZOejRBb2R0UElCOXdcIiBkYXRhLWxvYWQtY29tcGxldGU9XCJ0cnVlXCI%2BPC9pZnJhbWU%2BPC9pbnM%2BPC9pbnM%2BPC9pbnM%2BXG48c2NyaXB0PlxuKGFkc2J5Z29vZ2xlID0gd2luZG93LmFkc2J5Z29vZ2xlIHx8IFtdKS5wdXNoKHt9KTtcbjwvc2NyaXB0PjwvZGl2PjxzY3JpcHQgc3JjPVwiaHR0cHM6Ly93d3cuZ29vZ2xldGFnc2VydmljZXMuY29tL2FjdGl2ZXZpZXcvanMvY3VycmVudC9vc2RfbGlzdGVuZXIuanM%2FY2FjaGU9cjIwMTEwOTE0XCI%2BPC9zY3JpcHQ%2BPHNjcmlwdCB0eXBlPVwidGV4dC9qYXZhc2NyaXB0XCI%2Bb3NkbGZtKC0xLCcnLCdCYTllLWUwV2pYNVc2Rk1YSTNnTzBpcERnQlFBQUFBQVFBVGdCeUFFSndBSUM0QUlBNEFRQm9BWVcwZ2dGQ0lCaEVBRScsJycsMTkwMjQyMzMxLHRydWUsJ2xhXFx4M2QwXFx4MjZ4ZGlcXHgzZDBcXHgyNicsMywnQ0FBU0V1Um8wY3RlcGJoVjBnVTREdlRIemwtN2NBJywnaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wY3MvYWN0aXZldmlldz94YWlcXHgzZEFLQU9qc3R1U1RMMEg5NVdXTUdiT0JoUWR0TEhsejRWY1BCdDk2V2owUzZCSWJQVE9XNjh6Q3VLS2lIVzdQbTlVWTYtNGFrbDFwLU1lYmZtUHVKUXBKMjk1MlM0c2wxeFNXZEFqNnp1TW03UXp1c1xceDI2c2lnXFx4M2RDZzBBcktKU3pQZ3RuRWNDamNpTUVBRScsJycpOzwvc2NyaXB0PjxkaXYgc3R5bGU9XCJib3R0b206MDtyaWdodDowO3dpZHRoOjMwMHB4O2hlaWdodDoyNTBweDtiYWNrZ3JvdW5kOmluaXRpYWwgIWltcG9ydGFudDtwb3NpdGlvbjphYnNvbHV0ZSAhaW1wb3J0YW50O21heC13aWR0aDoxMDAlICFpbXBvcnRhbnQ7bWF4LWhlaWdodDoxMDAlICFpbXBvcnRhbnQ7cG9pbnRlci1ldmVudHM6bm9uZSAhaW1wb3J0YW50O2ltYWdlLXJlbmRlcmluZzpwaXhlbGF0ZWQgIWltcG9ydGFudDt6LWluZGV4OjIxNDc0ODM2NDc7YmFja2dyb3VuZC1pbWFnZTp1cmwoJ2RhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBQ3NBQUFBV0JBTUFBQUNybDNpQUFBQUFCbEJNVkVVQUFBRCtBY2lXbVp6V0FBQUFBblJTVGxNQUFwaWRyQlFBQUFCK1NVUkJWQmpUYlpFQkRzQWdDQVBMRC9yLzEyNUNDN2lNR0FpeDFoT0IvNGdLQkhLcEE1aTdWSElYS08ycDZPN3NrTXdNVlc1MWZOWHR2Ym9oOFpraTZUaW1GemRNVXVUdHpRSUFoWi9lU09SVVo1VmxpcnhJRHBkTVlmSUZNb1hjcE5IMis1WHlMWnlaUWpWS2E0SSt0OVgrR255OGVWMnpKdWl4dlBFQTcyOEZPdDBZTWF3QUFBQUFTVVZPUks1Q1lJST0nKSAhaW1wb3J0YW50O1wiPjwvZGl2PjxpZnJhbWUgaWQ9XCJnb29nbGVfb3NkX3N0YXRpY19mcmFtZV8xNzUyNzYzMjE1NDg1XCIgbmFtZT1cImdvb2dsZV9vc2Rfc3RhdGljX2ZyYW1lXCIgc3R5bGU9XCJkaXNwbGF5OiBub25lOyB3aWR0aDogMHB4OyBoZWlnaHQ6IDBweDtcIj48L2lmcmFtZT48L2JvZHk%2BPC9odG1sPjwhLS0gSUZSQU1FIElOTkVSIENPTlRFTlQgLS0%2BPGlmcmFtZSBpZD1cImdvb2dsZV9vc2Rfc3RhdGljX2ZyYW1lXzE3NTI3NjMyMTU0ODVcIiBuYW1lPVwiZ29vZ2xlX29zZF9zdGF0aWNfZnJhbWVcIiBzdHlsZT1cImRpc3BsYXk6IG5vbmU7IHdpZHRoOiAwcHg7IGhlaWdodDogMHB4O1wiPjxoZWFkPjwvaGVhZD48Ym9keT48L2JvZHk%2BPGlmcmFtZSBpZD1cImFkbC1mcmFtZVwiIHNyYz1cImFib3V0OmJsYW5rXCIgc2FuZGJveD1cImFsbG93LXNjcmlwdHMgYWxsb3ctc2FtZS1vcmlnaW5cIiBzdHlsZT1cImRpc3BsYXk6IG5vbmU7XCI%2BPC9pZnJhbWU%2BPC9pZnJhbWU%2BIiwibWV0YSI6eyJwbFJhdGlvIjowLjAxfX0%3D&i=2-2&t=adltag_kh43430z_YGUlx4ZOY6g&r=b2bd4a318304b5bb368a26a99b56c88&c=math-aids&z=1
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-7.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 04 Nov 2020 15:20:09 GMT
via
1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront)
age
32468
x-cache
Error from cloudfront
status
200
content-length
0
last-modified
Mon, 15 Jun 2020 18:35:14 GMT
server
AmazonS3
etag
"d41d8cd98f00b204e9800998ecf8427e"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
jojxxrFPUieh9ZPhCvt1MB6RWikJaj0q
access-control-allow-origin
*
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
text/plain
x-amz-cf-id
VSyVyKzeUV7nMyUmuussb79SdfkCMJjeP-NcXr2Q0KJS_gkkBG2bTg==
sodar
pagead2.googlesyndication.com/getconfig/ Frame D587 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201029&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f486e76f85479c0ade338a1083398b0cf9afdbe17789018330ee468495f2de4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6453
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 46CE 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssk--aKe3uboQ45xsUCK66YDQiyhp4mgkI7ZpUAw40bjrRUco6EAGMfbnfIssB4Stf4LFBxYG0n_kIDVmohXRV69dZd42OeGPfufIrogWFeBrjC0zGnLtMRc_ZzRtsT28vlkKZkxVR0r36KbxpzrOe8-hU2FmMFErYbab_E1M0Gc-QQyBa-VlnJfxxC_tyiEE42tqRqez0a_OyIEH_YhvsrRW9PWOenYjlhXRRj_gM75BqdWK8Q_3zB2zzCqLQd5FOW_EhirPfsngUXBa4lJSPtXQs&sig=Cg0ArKJSzDYMu9JJmcIfEAE&urlfix=1&adurl=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 46CE 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201029&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
de5d19a224c3b122e6f3244e003a82e55af5253965f72b51688dfaa3319809a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6441
x-xss-protection
0
mq
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/mq?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:16 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D587 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame E225 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuu99q0hTfpAOpuU9ZnJHV9x3tC7ZDtXqWTy0zEA4ScBjokWyxettDmMvbg3-H0uQsJjGp8PsEIflYw14CHi2UrjwNopxFZZb7scNH_qIeAaygZU1e9O6vvJ5NT3kwDMYXW3c2QGF0BRT5RGNczF0f7WjihM3oVTdXgMeF_k4_dMonwiYKbuT2wMo_O3vev9EuFwiwpNO9Huhi84a37RP0jFidc1NRO0tEju0Odg0Z7MWRGdSzvSMNSp5rE6K8HP88x4L4uoEEyNsENJ40LCmmt0TZn&sig=Cg0ArKJSzMNBfQufauuwEAE&urlfix=1&adurl=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame E225 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201029&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
780f07315b9ae14a59d642a0620542a714ab82d1102d7e9a4c1d06bf9072a27d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6395
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 46CE 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:16 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame BC81 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvUnXjj6vNDobax-rAQ-fCAkc_bthO3pyYAXI242-gnDKV5yuPIoncEdMV2EhROCcNEjMAQSBMvTF0ZbuiIMpjG9FUfB_EDzkkP19DcqSP1r87GmZHeoRfaAGIJXyTiJfq6L6zKOyuqTnlJSFVbItFernuQff2T0a0L1U13C6Zy_etkSaIuF2lRwLh0yp4En3czfu26-l8FmxU1H9OJD_CeDZ3n2OiF5mjn8KUYiGx56-beigJ1z_VgLsnciX6Tm435kQywEsvB4FVD8JlFXbxWWLyw&sig=Cg0ArKJSzMMwSlUM4Q6kEAE&urlfix=1&adurl=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:17 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame BC81 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201029&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1b2360557ce5f9ad179577cca363c3f45c80870d2f646769fb4c7f2f334cf3dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6517
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame E225 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:17 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 9027 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5172
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame BC81 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:17 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 0E33 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5172
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
securepubads.g.doubleclick.net/pcs/ Frame C106 		0
21 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuR-3-CTMK7WKzhMtF_BKVz_09KD9yRKeFQuvXC36A4p85js5DMcMlSaEEgU3tSMfdZUwUvz3mWmgnILFaCK2oT_tinUL8e8tt37yPfgvqT-RDHszJ6TcSQuTv0SNsPE1YIQHzrCcParka9r7LkaEoEeKyEr65uwbDTtuq11-B3Y-FDNMn6j_bEBws3ZxS14acwJn-ZSrqOla1yjfO4lcDfk-DzGw46H1wJXMoVdZSXJ-9kV4JqtY-M6IRY_d5-QiRULgQVfvPnwn9_xYFWROw9qr4&sig=Cg0ArKJSzIBJDxmytSREEAE&urlfix=1&adurl=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.21.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s12-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:17 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame C106 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20201029&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20201029/r20190131/show_ads_impl_fy2019.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8820c8ce102317e73c55e36e151f154e0bbde766f8673537bb0c22f57143b304
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
6412
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame 8557 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5172
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame F41E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5172
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame C106 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1603823857801521"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6015
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:17 GMT
sv
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sv?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:17 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
runner.html
tpc.googlesyndication.com/sodar/sodar2/219/ Frame A0A2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/219/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-9a4f7ce-993136fb.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/219/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4867
date
Wed, 04 Nov 2020 22:55:05 GMT
expires
Thu, 04 Nov 2021 22:55:05 GMT
last-modified
Mon, 05 Oct 2020 22:33:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
5172
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
activeview
pagead2.googlesyndication.com/pcs/ Frame E225 		42 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsujWK0OejAvcIaZ3WmZuj8je2cRzNcZZCs1PQi2m1-_8UiqGXmV_eOY30cKUaex3RVkmB41RcSzmXQaG8r6xz8JB2_76odeVvJRQHGsWKw&sig=Cg0ArKJSzOuLiG9vqxNoEAE&adk=814543115&tt=-1&bs=1600%2C1200&mtos=1028,1028,1028,1028,1028&tos=1028,0,0,0,0&p=661,1075,911,1375&mcvt=1028&rs=0&ht=0&tfs=1243&tls=2271&mc=1&lte=-1&bas=0&bac=0&met=ie&avms=nio&niot_obs=1045&niot_cbk=1149&md=2&btr=0&cpmav=0&lm=2&rst=1604535675755&dlt&rpt=1127&isd=0&msd=0&xdi=0&postrxl=1&ps=1600%2C3342&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-6-11-5-5-0-0-0&tvt=2263&is=300%2C250&iframe_loc=https%3A%2F%2Fv2.safehaven.com%2F&r=v&id=osdim&vs=4&uc=6&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20201104
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame BC81 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXVHFjD8KfEQiwPlPpicXjIEuRQIVRAgaiCxiwmi5t0geJ1qr4AlJL07gNwHlQ7PsgEwVZacSkrXa3lL6Xm4ed1YgCIWnPZf0Nb97kaA0&sig=Cg0ArKJSzCZQWStcwl3gEAE&adk=3046793618&tt=-1&bs=1600%2C1200&mtos=1090,1090,1090,1090,1090&tos=1090,0,0,0,0&p=943,1075,1193,1375&mcvt=1090&rs=0&ht=0&tfs=1265&tls=2355&mc=1&lte=-1&bas=0&bac=0&met=ie&avms=nio&niot_obs=1075&niot_cbk=1170&md=2&btr=0&cpmav=0&lm=2&rst=1604535675757&dlt&rpt=1231&isd=0&msd=0&xdi=0&postrxl=1&ps=1600%2C3342&scs=1600%2C1200&pt=-1&bin=4&deb=1-0-0-6-8-5-5-0-0-0&tvt=2351&is=300%2C250&iframe_loc=https%3A%2F%2Fv2.safehaven.com%2F&r=v&id=osdim&vs=4&uc=6&upc=2&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20201104
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 46CE 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201029&jk=3294908100356844&bg=!SEulS2vNAAU7ZAKtO1iD0rCmGRT_cQIAAALLUgAAADNoAQcKAK3Zu0OudOBatN6UeURYu-uV0l6VfnSvZ_aOtteBQ7NkOc4-HjlZ40lpbDOoNpg1D9gQwToQyDHxuY1WdXQdsgxOrmQSww3VFcMDlaMGx5p0OmMN13NKtGFynuuAvhUB-FXahrYEdofXNTH8cAJq8UhVKugqbTJ2evOzIiIEmnJhjMSXkLajSpihOS1fMhRoYFowbmCgUmpKSWvdxvIRWx6oIp-yg5omMj7mfBjh-JkBr1iKDBoRjGMnlshCoqzI2RTaZRIWV1J6yXTNEGPIUoLkB2nYRZ5BaITGKjd3hbjfyI8Zdry8b7v2a2qSh8vpYK2S1mLKYJ9FD6n6yurzI3CrNKVpWtcBN2OpPtDd1WjqMTx11yzTdY8DhC-w5549fXLbr-jWJXifu96levaAobf4LKQ-0psBuV1bgnMRdg_aWrvdduyPgw9k8E6Lph-8Lsk-vVucdtQ3YciKcz3xe8sGHFo42pd1IUoPsbA71FDwf_pUbMfbkLpILxtvcTbIKcQoXiTWsACxoZ2zDlexxYGWJTJ5DhVDZg9ZBhLeRieV2E0GrAZyM9Aewe0hr4zPcnFrwF1I_o92H70TZU7HkYJv7xjOz2boVzPM189eBJGgiCktICeupI9TevaBDJprV8yH1Gx2GOzMOWVRfFJeKv-qnVEJFil86AlVr3O26jGS9rsgWdhCLlklnN_-xfFgFueq86h41DuOMlIzoipjLCUIpu7btY8j25w2IqkJn3PnVyjOQjToDCKR7BMD0KeWvyWMPW8T-cVCzg8hGIDTyIgG2Ehja_iRi_E8ZhlyyWYc
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 67C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified
Wed, 21 Oct 2020 18:57:52 GMT
ETag
"13006b6-94f8-5b232eca8cf5e"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
13837
Content-Type
text/html; charset=UTF-8
X-Akamai-Path-Stats
[1:109:4397891]
Cache-Control
public, max-age=32382
Expires
Thu, 05 Nov 2020 09:21:00 GMT
Date
Thu, 05 Nov 2020 00:21:18 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame DF8B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/pd
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674; Version=1; Expires=Fri, 05-Nov-2021 00:21:18 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1604535678|gekin0vNiygu; Version=1; Expires=Fri, 20-Nov-2020 00:21:18 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.197.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 05 Nov 2020 00:21:18 GMT
content-type
text/html
content-length
419
content-encoding
gzip
via
1.1 google
alt-svc
clear
async_usersync.html
acdn.adnxs.com/dmp/ Frame 8C49 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified
Tue, 24 Mar 2020 15:52:19 GMT
ETag
"5e7a2cb3-cefd"
X-Akamai-Path-Stats
[1:360:640]
Server
nginx/1.13.10
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17037
Cache-Control
max-age=86402
Expires
Fri, 06 Nov 2020 00:21:20 GMT
Date
Thu, 05 Nov 2020 00:21:18 GMT
Connection
keep-alive
showad.js
ads.pubmatic.com/AdServer/js/ Frame A27E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified
Wed, 21 Oct 2020 18:57:52 GMT
ETag
"13006b6-94f8-5b232eca8cf5e"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
13837
Content-Type
text/html; charset=UTF-8
X-Akamai-Path-Stats
[1:109:4397891]
Cache-Control
public, max-age=32382
Expires
Thu, 05 Nov 2020 09:21:00 GMT
Date
Thu, 05 Nov 2020 00:21:18 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 8ADB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified
Tue, 24 Mar 2020 15:52:19 GMT
ETag
"5e7a2cb3-cefd"
X-Akamai-Path-Stats
[1:360:640]
Server
nginx/1.13.10
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17037
Cache-Control
max-age=86402
Expires
Fri, 06 Nov 2020 00:21:20 GMT
Date
Thu, 05 Nov 2020 00:21:18 GMT
Connection
keep-alive
pd
u.openx.net/w/1.0/ Frame 2987 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash

Request headers

:method
GET
:authority
u.openx.net
:scheme
https
:path
/w/1.0/pd
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674; Version=1; Expires=Fri, 05-Nov-2021 00:21:18 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1604535678|gekin0vNiygu; Version=1; Expires=Fri, 20-Nov-2020 00:21:18 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.197.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 05 Nov 2020 00:21:18 GMT
content-type
text/html
content-length
419
content-encoding
gzip
via
1.1 google
alt-svc
clear
sync
ups.analytics.yahoo.com/ups/57304/ Frame 6B63
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_sc
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4&verify=true
0
964 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4&verify=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.113 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:18 GMT
Server
ATS/7.1.2.113
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Date
Thu, 05 Nov 2020 00:21:18 GMT
Server
ATS/7.1.2.113
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEICAio0jlCaHHgab5K6e7ow&google_cver=1&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4&verify=true
Connection
keep-alive
Content-Length
0
sync
pixel.advertising.com/ups/55953/ Frame 6B63
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://pixel.advertising.com/ups/55953/sync?uid=56951867-7bf3-4681-a12c-f1c3e4aba1bb&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=56951867-7bf3-4681-a12c-f1c3e4aba1bb
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55953/sync?uid=56951867-7bf3-4681-a12c-f1c3e4aba1bb&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=56951867-7bf3-4681-a12c-f1c3e4aba1bb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.63.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-63-176.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:18 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-aspnet-version
4.0.30319
status
302
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.advertising.com/ups/55953/sync?uid=56951867-7bf3-4681-a12c-f1c3e4aba1bb&_origin=1&gdpr=1&gdpr_consent=&piggybackCookie=56951867-7bf3-4681-a12c-f1c3e4aba1bb
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
369
sync
ups.analytics.yahoo.com/ups/55986/ Frame 6B63
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=
  • https://sync-tm.everesttech.net/ct/upi/pid/m7y5t93k?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=0&gdpr_consent=&_...
  • https://pixel.advertising.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr
  • https://ups.analytics.yahoo.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4
0
964 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.113 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:18 GMT
Server
ATS/7.1.2.113
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Thu, 05 Nov 2020 00:21:18 GMT
location
https://ups.analytics.yahoo.com/ups/55986/sync?uid=X6NFfgAAAI-joSzr&_origin=0&gdpr=0&gdpr_consent=&_test=X6NFfgAAAI-joSzr&apid=1Ad0db9a2e-1efc-11eb-bf2f-1248c7260bf4
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
%7Bcombo_uid%7D
pr-bh.ybp.yahoo.com/sync/adaptv_ortb/ Frame 6B63 		43 B
839 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/adaptv_ortb/%7Bcombo_uid%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:18 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
status
200
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
expires
Thu, 01 Jan 1970 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame D587 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201029&jk=1571525250602557&bg=!0tGl0fHNAAU7ZAKtO1jMgrnUSb3tMgIAAAMWUgAAAFpoAQcKAf4Z5mWYfSBpoujs7ON0xHBGGjZS07CFFZ1ZjXKTkm0oDThuSTjn-yntDoy6_OM3fkE_YFCWGL1cgYCZii9agwIIY1xEcccI6JILGTk4uhK2YZzABFKpbHBAlQ6zJTXlUS17n6u4D7vmDhizlztSs-JfZkqBzm1x4vT9yDPZK0Muwp4Ed6ZXKrrMmPk1m-KF6Bq68Zk9kvdj4tyeYchRWEIduMz4u-wInnw_noe6fUTXXmHRrYRMeVxnSTIbczOGHaZGZ8VFTJLStESS0n1plpjpzz9I6baHxNSpzQ218FYoKvK13mBIfdoCTWxRsk4Bq-It5bO2rZ1bgjcWr-FFtyaRkn8psAKOqjmpEYgHR6zLbOu5NDavptS6yd-UzorKxmH5hWzCPH7XoV3geO7zLPH-q96mAAcPZR-w2e3L1X3Ivb34O0YvX3oN_DsvBFnG1dslBp1oJT_hgilCg0xwlJZx2f0gzhfGw8RVrNohre6PCXVRDHplO5vbpQ5n63gXC3RjuxykzJwLNoaAC25TcewULshiyCYxslJroznszysYvJSfDyd2B2WeKF17YamoI1tK8aR-qBVZ1aG_-KmG1xDqIOf7zf4IKPlmERJQce6u2kzYOX7vWOWANfTz9HVrCNhraFdM9nr5kQ7jos5Nq8Cy5nzqqBkiYtC5sWQrmJ2ZAa-WDY00DrnO1IlVma85xVgciICsZbxtdO_IplYIH54Je3cawy1PHcJ0xa2lA4h0QVVQla4utPHGs_5GNCmzjc99AC_SjBnBjKbekfK2Jd2Eqqf87hIpWLx6x1VcMOBxRHhzAGThRwr27PCIukh7s0N-g0YAvtbiz3VgqO_8Zz-GUifJ1-CFXFn0SqkMFowgBELhMxOM--ki9gFVUzobL6xz8RDKNNA_25i8lKd9bT6nI9WRmA8JE9-yR2OIoqQANebDbyxkrZeIud5lcGPY8aMyJTeX32XUMP9Z_9tLBE2wl15URpF_bSdBPRVpJeGaONBIZa65QATSq2JiKw-EjtTK4-ROXU6b2dtviFimHrdtjIsyA0aSFjGwp4ROdRMhlDXVB5kUgtFGZEZJtp-xjU6zhF5Tx49Wxsps8-6bA2x3BvjvUyOH06vwatZBzjDLYpkM9TMGTQvh9dH03AjNAAtlOrLdTfZqrAOaaf0ov68av7QwzqBSnIMi9p0AqheSx-QMpZjRkAaAuboI1AlkiA5a5MRYhl52nKKRNXdi8fA9VSCh4cJIja4zeqKqrwVXbA
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame BC81 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201029&jk=3109027096368497&bg=!YmGlYUHNAAU7ZAKtO1ilHuE2xdY-QgIAAAHmUgAAABJoAQcKAZOoNionMOobQOAUYdnfxF5jG9bHr3Z_BxDwO9_RPSa3LF7GB8EV362y_lIuy4fzVg6qXuipZfs_aps42V9thCnmbwpsq7KNPhJetcMj7HyCBipm126lsf0m2bg422qmcCbJF1iQzaZvJiB1V9LixSJvpxzEE0Mvds8uWmm90hbX6HfoFZQ6zlY38rJVG4C04xADOhtKB1FcYKTA5HBDlHBy39VZkKIrfH3msth2UruPNu8C6oPAz0xaz6czcJxxdBSFZwHyHfcVxnvOjwkCb1M9X5HAtPnsumX0t1IUUyLNAXBMpAcLZd_OvpT7SaclPGl1NcL5QD6F_cZIa2mmHXuNW_ijQIOqQIGTO26QYo_ziW4EMhZPU1tIbTy1D-Su0LiE6YeU_UwYvFDSwkupRLCZuLDqhH66JhpfOMNyHfz6kpAi-Ss5Jrp0rBDx_PVDG3unfv7khmKbFIXRrD0AxDR8wAQ8O_zPqrW1BGgjunTT6WFdP39ehMFY7ZvwTaZgjJQ0Ijh48EphkQsUMbbJwscYfVI7mQGvlOK2nYDRPLxECy0THQP9WNl1hVg3M5HP_qqx9-thsmoNzXNzn7dGTbCNZQMnS485JozmG1L7A-Cxki74f4HZ7PZ2L4SMEC849_MD0DimMGZ6ZlqU31xYms4eZzEck1lZ7EIbs9OfN3SKlNJeASraFl17kwaNkcsaAKhRGar3_QcrPPLOYoJuAHZDWkVBgR5AXH5a_vZAeAiGAHRfC7ZA2xa3t0zaYBfux5LXvEWKbQa_dIWRCqWKQI_X2QBiiwmfW6gn-RbvqD8Ff09kyVKyZyxJrC8SaWf5lYkuUhrtOJcv4f_nTdmRlk6XOvoCER-FvM-egy0IXCPlARBn7Q9t51Du_jDUSm56KQLuvDK6GlcDjC8-1c5DhSWnMmWbrQb2aR9NgMn4Tie8flca-CvgTom09Mk1XAS_tck7tpt5m3O8C4d7B9YGVHJ0fkLnjWO-HRXFlSNrOmhiC7eFBNDkh2HlEyr1AppIF6UC0E_z9k2FwuwW0mG_EAL3fyswd1LXP1PTVQrCyOhPXh3bSxi3US4tjzR5ppXwSr7usFHFONqmrooP5PnjSL1F-J3m7Kc
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame E225 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201029&jk=1421921652230361&bg=!u7iluJjNAAU7ZAKtO1jGdKWiVK4ROwIAAAIUUgAAADVoAQcKAY4wqBRAxad6P4hC8NkWO4wLLHfiTsshivXB89SHLYQfbu8DngR-DdJBbCAsERNFF-ojblVL-ysg6MdD9maNb7DuU11WZ6pi5ZEz8nDJLUsc0J2XU6e64gwfHKtl04dhQqYVb-FAA6SEwaphZ7Sw6R45U2aDB6-3Z4FCi77gQH8px2O8sPuQQZAr4vI-J8xGArfwE8lwBGJvSjnbC-Xig9phulMiomGqTi8WgzzxB2uKf7yKF09rMv6j4hQU-9EVNItPcVxeBzJuDEtbaurFmUMMTyLJIXKHPeJfwyhucwPoMU3ooijY7ShrC2Ipb-A9nCSROuKs2OnKbAYm9Kp82MNa0K-tx9uEkOzUKdD1cqN3qal_1P499kUrV1Q3Ts7W8oEg5pppLJjoZXOvln8WbkoRTHam4iinFIbx1Gfukq4DNh0nADkusK9S-gqR_kC5prhE0P5aixnAZvztgc7qXQhiZa9VRpXJcwBrpL8mxuowGn-fopcH4xQdKiitTXrX8vlST1e8xfo691XTIcZWM5kBr7oFm8Bvmnv62S4JsEYuRAfJ4coqfX5p6i9Ho_3Svm_zZLhLJ8bJyVCn-D58Bu5R2rmImsxq8kSDrq29booa8HK1Si3R_gKB5PMT8E2wkIxpKQSr8OWbBsa6aDZHAMmSUJi9vx2m-xpfbfg-TRlFgZSON203Z0J4psAFUkJL6NjOrQzy6q1keSxg5IKsfjTYbPqDWcDB1-XS-sZz6H0g0RNYaq-ppmDnKnmZnMtdcOJjGZnI3jFkzCRUEyFx6TMyffwzv6eRyMv1FPTXQOfnED105PVzkl8eFdGZIUPDeap-OoBI1tPSB92I2h03-z4-lQ71bs6elW9MRxT1_z-3Uyq7fZXVybxt9W1W02wmnma4AapdXJKweirl4Ktqadp-WaWF3zFtkRMtAx1g5IqP31kRh9WXt_RjSw9Zmt_GLav3sT0bGU3oRWXVVV5Y_vF-k7iZgXWlly_Ub4jXxI4Gy6p-YtNT5p-S6puOGFj5-_RPmb2W3c1iRhRP-rPZjFm_e35l-w4EEr4_XnfhbmDAdYSwkdZdjy7jjv71eUvxwkekgQ6JArIng8-6ENtYGEkN
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame C106 		0
22 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=219&t=2&li=gda_r20201029&jk=2883677014295766&bg=!urmluZnNAAU7ZAKtO1jBsmrf0D-Y_QIAAAFFUgAAADZoAQcKASurTa3Leiujr9kRXqiQVCjEsoJvwPNRpbxYiFmyOyRQOuykWZlwHkqeIz8-K3W6pHY7_ZAEfZXhvyqZN_ohIacIK50m1b4_yP04P9564bm1p17gacBwfgV11jBwnftOQ6nN2JYSrcH-WKcmQEipT6L562pk9z3BhXlrl70Mxlf1cv75PbFz-1K6qRsNvGqk54BppBDmwgcxIYtg9blKl89ehjvwHM6XX0QdUHyNarf4r_c6ktMBM87pvgr3nOUHQOaag-cfHfq-T3kkqQcpwwHc5AgkSXP8VUNDnXrjCVzqQnFau7EYcwrll0sueagemBZAQMkKRHz3t-k8pMzXlxispIisgK5WxnQiiHG2rMopgHkui7fMfzDT1-yMCT23oK8uI19GhqUeD8iPH5kBrwvnOFw7y_hCDu2eEAiaWPT4BTmHflz95HKHRb7Q4hOlKlfDIeOqP3iUgoaESkj67JUFRnxvcRUNxMawlj7YvWd0igMPp25JeIToeKOXeD_k-T4aSBcD4yzfPKr-9UsVdFbFsy_VMaClsRMml5JFRaueM90EruLA8uZAzD1hqZwR1CsbbZky0ddZHXtKb4aF3za6ov-eCQlPxN7UQ6QQw6MhwLmZWIXLA6FgD59XjGDZL09XqM08oKIMjgsDrcYffNSsD87UYqxshmk3hSKj7Goo-Rg3sQHqjHupthWQnHRuh--AQbbISXcDz3h6_KzkAOWWIa05sa1TQFq9owS7uEuctFUVYQoDpjoUNwMYV-2hcoCzTqxZFU13QaqxZD0hlhDYdboGplcHbamUUPPVvBZFz4GPS3Ouaw_PQ9SLdNblF484_lwchMye5869CarbeOQdk-28TuDs0VjtMpvBdacfoDOHEhSDdJHVXpi84UYbgvMqdxrM7iISk-Hw6B3FNqO-gEtFEC4wyh-qSAZL-00XQV7DmEKshomfJgbipGTvi72RlTY0eI-uAPdQZLu8
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:18 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 295E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.230.142 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-230-142.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://v2.safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
rsid=1|G9C2NkZC7frDQSirzNt8MRPvuJlRI6aSli1gEtfhZ1co9sDCaATiL5HZCu3J576ZFHOusT2oCWDGFUXIXy73K1yv8QFUuQw1v0B7O/GHFHInoAX9UM8CP6/6VPKGajCebujdy0A1b3+vmJA0ZLc4xfUsGeqeej/GZLgKraMB; ses15=; vis15=250874^1; ses2=; vis2=250874^1; audit=1|hLZGFuTafB2B+gy7rj39m3QnVL2heOLCQQ0xomexUYlkY7ddZW6PmxAgtb6bH0oxwEwPdXJrOgXMboWaW1ii7SDVmNz2tejR; khaos=KH4342DS-E-FISW
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Mon, 28 Sep 2020 17:02:39 GMT
ETag
"4000c-123-5b062a240e9c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
238
Content-Type
text/html; charset=UTF-8
Date
Thu, 05 Nov 2020 00:21:20 GMT
Connection
keep-alive
Vary
Accept-Encoding
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 21BE
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Host
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://v2.safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

Date
Thu, 05 Nov 2020 00:21:20 GMT
Connection
Keep-Alive
Cache-Control
max-age=63331
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges
bytes
ETag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx000000000000000655e19-005fa2eb12-40ec98c-nyc3a
Strict-Transport-Security
max-age=15552000; includeSubDomains; preload
Age
76
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1604535680.dop036.pa1.t,1604535680.cds039.pa1.shn,1604535680.dop036.pa1.t,1604535680.cds204.pa1.c

Redirect headers

status
302
content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
pd
eu-u.openx.net/w/1.0/ Frame 9B2B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674; pd=v2|1604535678|gekin0vNiygu
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=32e40330-5c3c-4712-bc69-66957fa9d2c7|1604535674; Version=1; Expires=Fri, 05-Nov-2021 00:21:20 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1604535678.2|kiiygevNgun0.mWgqsLommOns; Version=1; Expires=Fri, 20-Nov-2020 00:21:20 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.197.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Thu, 05 Nov 2020 00:21:20 GMT
content-type
text/html
content-length
316
content-encoding
gzip
via
1.1 google
alt-svc
clear
showad.js
ads.pubmatic.com/AdServer/js/ Frame 3CF9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://v2.safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
KTPCACOOKIE=YES; KCCH=YES; pi=156858:2; KADUSERCOOKIE=B4CABBC8-15E6-4D7D-AF2B-8BADC1BA9AE6; chkChromeAb67Sec=1; DPSync3=1605744000%3A201_197_219%7C1604620800%3A174; SyncRTB3=1605744000%3A54_161_220_21_13_56; SPugT=1604535678; KRTBCOOKIE_377=22918-56951867-7bf3-4681-a12c-f1c3e4aba1bb&KRTB&23031-56951867-7bf3-4681-a12c-f1c3e4aba1bb; PUBMDCID=3; KRTBCOOKIE_391=22924-4756840426672370900; KRTBCOOKIE_80=16514-CAESEKRlGV8rK09uBesS3Z9E8ps&KRTB&22987-CAESEKRlGV8rK09uBesS3Z9E8ps&KRTB&23025-CAESEKRlGV8rK09uBesS3Z9E8ps; PugT=1604535679
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

Last-Modified
Wed, 21 Oct 2020 18:57:52 GMT
ETag
"13006b6-94f8-5b232eca8cf5e"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
13837
Content-Type
text/html; charset=UTF-8
X-Akamai-Path-Stats
[1:109:4397891]
Cache-Control
public, max-age=32380
Expires
Thu, 05 Nov 2020 09:21:00 GMT
Date
Thu, 05 Nov 2020 00:21:20 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 65A9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.130 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-232-130.deploy.static.akamaitechnologies.com
Software
nginx/1.13.10 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://v2.safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

Last-Modified
Tue, 24 Mar 2020 15:52:19 GMT
ETag
"5e7a2cb3-cefd"
X-Akamai-Path-Stats
[1:360:640]
Server
nginx/1.13.10
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
17037
Cache-Control
max-age=86402
Expires
Fri, 06 Nov 2020 00:21:22 GMT
Date
Thu, 05 Nov 2020 00:21:20 GMT
Connection
keep-alive
sync.html
public.servenobid.com/ Frame 8720 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://public.servenobid.com/sync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

:method
GET
:authority
public.servenobid.com
:scheme
https
:path
/sync.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
cache-control
max-age=86400
content-type
text/html
content-encoding
br
last-modified
Tue, 27 Oct 2020 00:12:31 GMT
accept-ranges
bytes
etag
"834d0054029be21b49b8bf287a72afac"
server
AmazonS3
x-cache
TCP_HIT
x-amz-id-2
a37kn7QCT5hWa8ndlD5wrtCJgBPZwZxXpDSl1i13vxrdgj0k7Q/1J1GbPkxUOikZEiMclZkNDYE=
x-amz-request-id
9E029E871ED3573E
x-azure-ref-originshield
0PCaiXwAAAACT843cqobqQKL8b4PsFW1iTE9OMjFFREdFMDIxNwA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref
0gEWjXwAAAABEO4FyZVTyQZdSSwXWH9XvRlJBMzFFREdFMDkxMQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
date
Thu, 05 Nov 2020 00:21:19 GMT
setuid
prebid.a-mo.net/
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dindex_rtb%26uid%3D
  • https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dindex_rtb%26uid%3D&C=1
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=index_rtb&uid=X6NFgKyN0UXRksX7LLonzwAA%261113
0
118 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=index_rtb&uid=X6NFgKyN0UXRksX7LLonzwAA%261113
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.144.59.88 , United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:20 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
5
server
envoy

Redirect headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:20 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=index_rtb&uid=X6NFgKyN0UXRksX7LLonzwAA%261113
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
321
Expires
Thu, 05 Nov 2020 00:21:20 GMT
sync
pixel.advertising.com/ups/55965/
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=fNYpN32Ff2Fk03xmLNFlNn7WK2dkgyswKoiMfayh
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=fNYpN32Ff2Fk03xmLNFlNn7WK2dkgyswKoiMfayh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.63.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-63-176.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:20 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:20 GMT
status
302
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=fNYpN32Ff2Fk03xmLNFlNn7WK2dkgyswKoiMfayh
cache-control
private, no-cache, no-store, proxy-revalidate
strict-transport-security
max-age=86400
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
setuid
prebid.a-mo.net/
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dsovrn%26uid%3D%24UID
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=sovrn&uid=62bb7f514133ea5fe4239c1f
0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=sovrn&uid=62bb7f514133ea5fe4239c1f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.144.59.88 , United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:20 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy

Redirect headers

Date
Thu, 05 Nov 2020 00:21:22 GMT
Server
nginx
Location
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=sovrn&uid=62bb7f514133ea5fe4239c1f
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
generic
match.adsrvr.org/track/cmf/ 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.46.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-46-99.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
200
cache-control
private,no-cache, must-revalidate
content-type
image/gif
content-length
70
sync
pixel.advertising.com/ups/55946/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_hm=MUFkMGRiNWIyYy0xZWZjLTExZWItYmQzYi0xMmRjZDUzMTE3MTQ%3D&gdpr=1&gdpr_consent=&_origin=0
  • https://pixel.advertising.com/ups/55946/sync?uid=CAESENBgVaVsueGDCOPsytdtF0I&gdpr=1&gdpr_consent=&_origin=0&google_cver=1
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55946/sync?uid=CAESENBgVaVsueGDCOPsytdtF0I&gdpr=1&gdpr_consent=&_origin=0&google_cver=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.63.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-63-176.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:20 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:20 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.advertising.com/ups/55946/sync?uid=CAESENBgVaVsueGDCOPsytdtF0I&gdpr=1&gdpr_consent=&_origin=0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
334
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
c1.adform.net/serving/cookie/match/ 		0
187 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c1.adform.net/serving/cookie/match/?CC=1&party=15&gdpr=1&gdpr_consent=&curl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55944%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3d1%26gdpr_consent%3d
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:20 GMT
server
nginx
status
403
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
expires
-1
current
aol-match.dotomi.com/match/bounce/ 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1Ad0db5b2c-1efc-11eb-bd3b-12dcd5311714&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Thu, 05 Nov 2020 00:21:20 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
setuid
prebid.a-mo.net/
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%26D%3D%26bidder%3Dappnexus%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.a-mo.net%252Fsetuid%253FA%253D662d45f4-4c0a-48ec-8f1e-d54b8f5de82e%2526D%253D%2526bidder%253Dappnexus%2526uid%253D%2524UID
  • https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=appnexus&uid=8839184368294571091
0
138 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=appnexus&uid=8839184368294571091
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
136.144.59.88 , United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:19 GMT
cache-control
max-age=0, private, must-revalidate
x-envoy-upstream-service-time
1
server
envoy

Redirect headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:20 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.51:80
AN-X-Request-Uuid
1e63926e-0ad0-4df6-84c4-00243edecf52
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://prebid.a-mo.net/setuid?A=662d45f4-4c0a-48ec-8f1e-d54b8f5de82e&D=&bidder=appnexus&uid=8839184368294571091
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
pixel.advertising.com/ups/56465/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.63.176 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-63-176.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Thu, 05 Nov 2020 00:21:20 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
abt
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/abt?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:20 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
st
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:22 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6B63 		92 B
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fv2.safehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=097503aa-0580-4e39-bb97-13135e9e679e&nocache=1604535685468&schain=1.0%2C1!admetricspro.com%2C1%2C1%2C%2C%2C&auid=540849651&vwd=400&vht=225
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:25 GMT
via
1.1 google
server
OXGW/16.197.0
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://v2.safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame 6B63 		0
217 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=TeachingAidsLLC
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.202.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-202-129.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://v2.safehaven.com
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
translator
hbopenbid.pubmatic.com/ Frame 6B63 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
40c9589e6b9b3b46aef228f9547686f3d190430951ca33085b798edc9ef20e64

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache, no-store, must-revalidate
x-openrtb-version
2.3
access-control-allow-credentials
true
date
Thu, 05 Nov 2020 00:21:25 GMT
content-type
application/json
avjp
teachingaids-d.openx.net/v/1.0/ Frame 6B63 		92 B
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fv2.safehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=-60&tws=1600x1200&be=1&bc=hb_pb_3.0.2&dddid=cba28cca-3c60-452f-9f08-b5d805ee54ee&nocache=1604535685474&schain=1.0%2C1!admetricspro.com%2C1%2C1%2C%2C%2C&auid=540849652&vwd=400&vht=225
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/16.197.0 /
Resource Hash
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:25 GMT
via
1.1 google
server
OXGW/16.197.0
status
200
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://v2.safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
92
expires
Mon, 26 Jul 1997 05:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 6B63 		19 B
712 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:25 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.140:80
AN-X-Request-Uuid
ce72b778-7c1d-4e34-b0e2-817e83e5f0b5
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 6B63 		19 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:25 GMT
X-Proxy-Origin
82.102.18.114; 82.102.18.114; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.16:80
AN-X-Request-Uuid
00c7fc2b-0ebc-4c5a-a8ea-c0e46923e77c
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://v2.safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
mvo
tag.1rx.io/rmp/83738/0/ Frame 6B63 		0
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/83738/0/mvo?z=1r&hbv=3.25,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://v2.safehaven.com
Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:25 GMT
Cache-Control
private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Server
Tengine
Connection
keep-alive
translator
hbopenbid.pubmatic.com/ Frame 6B63 		11 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
ad9597b8598bf3318ce189d5b4c47930f1a7fe619de1a62f583788449952b14c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
access-control-allow-origin
https://v2.safehaven.com
cache-control
no-cache, no-store, must-revalidate
x-openrtb-version
2.3
access-control-allow-credentials
true
date
Thu, 05 Nov 2020 00:21:25 GMT
content-type
application/json
mvo
tag.1rx.io/rmp/83770/0/ Frame 6B63 		0
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/83770/0/mvo?z=1r&hbv=3.25,2.1
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
213.19.147.210 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://v2.safehaven.com
Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:25 GMT
Cache-Control
private, max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Server
Tengine
Connection
keep-alive
cache
prebid.adnxs.com/pbc/v1/ Frame 6B63 		63 B
326 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.adnxs.com/pbc/v1/cache
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.252.161.190 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
prebid.ams1.adnexus.net
Software
nginx/1.19.0 /
Resource Hash
7a25353e9747e15fcb6af0ffb08379874ce707ea172e7a2ec6a0de8fb821a2ae

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 05 Nov 2020 00:21:25 GMT
Server
nginx/1.19.0
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
63
cache
prebid.adnxs.com/pbc/v1/ Frame 6B63 		63 B
326 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.adnxs.com/pbc/v1/cache
Requested by
Host: cds.connatix.com
URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.252.161.190 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
prebid.ams1.adnexus.net
Software
nginx/1.19.0 /
Resource Hash
1f173215dc11fd24c993174dc835476a0e40744558a7ae98c8b979f505349ca7

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

Date
Thu, 05 Nov 2020 00:21:25 GMT
Server
nginx/1.19.0
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
63
cache
prebid.adnxs.com/pbc/v1/ Frame 6B63 		11 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.adnxs.com/pbc/v1/cache?uuid=96070caa-6858-4790-97fe-3dbe8f3c1ffb
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.252.161.190 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
prebid.ams1.adnexus.net
Software
nginx/1.19.0 /
Resource Hash
dc79d618ed700e7c19db746ed52d5e63e09850e19ec6722e602580f8c4eb1e26

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:25 GMT
Content-Encoding
gzip
Server
nginx/1.19.0
Vary
Accept-Encoding, Origin
Content-Type
application/xml
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
cache
prebid.adnxs.com/pbc/v1/ Frame 6B63 		11 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid.adnxs.com/pbc/v1/cache?uuid=4d2f3e41-f71a-4943-a587-45a2c56000f6
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.252.161.190 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
prebid.ams1.adnexus.net
Software
nginx/1.19.0 /
Resource Hash
65cc3378406f7fa9b8a3b83a8e568a187441c9cf109d988d48ec980cd699debd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:25 GMT
Content-Encoding
gzip
Server
nginx/1.19.0
Vary
Accept-Encoding, Origin
Content-Type
application/xml
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Transfer-Encoding
chunked
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 6B63 		315 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f4c774f55e71e45e3d4ef1d775977b4f884a6280a8087d606bbdc5929dd18d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
110965
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:25 GMT
bridge3.422.0_en.html
imasdk.googleapis.com/js/core/ Frame C43D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.422.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
imasdk.googleapis.com
:scheme
https
:path
/js/core/bridge3.422.0_en.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://v2.safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://v2.safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
191206
date
Wed, 04 Nov 2020 04:01:23 GMT
expires
Thu, 04 Nov 2021 04:01:23 GMT
last-modified
Wed, 04 Nov 2020 03:49:20 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
73202
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame 6B63 		26 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10523
x-xss-protection
0
expires
Thu, 05 Nov 2020 00:21:25 GMT
integrator.js
adservice.google.com/adsid/ Frame 6B63 		109 B
168 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin
*
date
Thu, 05 Nov 2020 00:21:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
csi
csi.gstatic.com/ Frame 6B63 		0
54 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kh434asa&c=4795276760256&slotId=2397638380128&eee=missing-element&bi=missing-id
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400b:804::2003 Dublin, Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:26 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
status
204
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
40
r2---sn-4g5e6nld.c.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip...
Redirect Chain
  • https://gcdn.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
  • https://r2---sn-4g5e6nld.c.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/acao,ctier,expire,id,ip,ipbits,ita...
3 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://r2---sn-4g5e6nld.c.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/493B5D57C41B475CC5B32AAC88220834D2C6BCFD.1C7129580382D0CD20C2616C0BC2E7888BD937EE/key/cms1/cms_redirect/yes/mh/4D/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nld/ms/onc/mt/1604535560/mv/m/mvi/2/pl/40?cpn=iSPZYv_EwJF6xGs4&file=file.mp4
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:58::8 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:26 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 30 Oct 2020 15:22:33 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Content-Range
bytes 0-4447042/4447043
Cache-Control
private, max-age=86400
Connection
close
Accept-Ranges
bytes
Alt-Svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length
4447043
Expires
Thu, 05 Nov 2020 00:21:26 GMT

Redirect headers

pragma
no-cache
date
Thu, 05 Nov 2020 00:21:26 GMT
server
ClientMapServer
status
302
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://r2---sn-4g5e6nld.c.2mdn.net/videoplayback/id/d64767e244f34672/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1636071685/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/493B5D57C41B475CC5B32AAC88220834D2C6BCFD.1C7129580382D0CD20C2616C0BC2E7888BD937EE/key/cms1/cms_redirect/yes/mh/4D/mip/2a01:4f8:192:5414::2/mm/42/mn/sn-4g5e6nld/ms/onc/mt/1604535560/mv/m/mvi/2/pl/40?cpn=iSPZYv_EwJF6xGs4&file=file.mp4
cache-control
no-cache, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
675
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ai
capi.connatix.com/tr/ Frame 6B63 		0
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ai?v=73675
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.player.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.169.204 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-169-204.us-east-2.compute.amazonaws.com
Software
openresty/1.15.8.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
multipart/form-data

Response headers

Date
Thu, 05 Nov 2020 00:21:26 GMT
Content-Encoding
gzip
Server
openresty/1.15.8.2
Vary
Accept-Encoding
Content-Type
multipart/form-data
Access-Control-Allow-Origin
https://v2.safehaven.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
AdDisplayTrackerServlet
aktrack.pubmatic.com/AdServer/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156858&siteId=552647&adId=1957637&adType=13&adServerId=243&kefact=0.993476&kaxefact=0.993476&kadNetFrequecy=0&kadwidth=0&kadheight=0&kadsizeid=97&kltstamp=1604535685&indirectAdId=0&adServerOptimizerId=2&ranreq=0.1&kpbmtpfact=0.993476&dcId=3&tldId=56603566&passback=0&svr=BID22417U&adsver=_1851472263&adsabzcid=0&ekefact=hUWjXyiUCQBFDXG9JMBoHZOa-I41hY6edo0om4zMy7_J9uDx&ekaxefact=hUWjX1KUCQAhS8xf1KBVKBSAaqSV-qMlk07Daqjcz-Pp3kCo&ekpbmtpfact=hUWjX3mUCQCNa7bMXfaSQ_ekI5Q-yGuG-kZbaVde9rjB-5gi&enpp=hUWjX6CUCQCmOjQPCAuPoPcQJ4ymHmAe4XMf1yoUTOPLx48r&pubBuyId=24969&crID=312979414&lpu=monoprix.fr&ucrid=11732343926971493372&campaignId=16514&creativeId=0&pctr=0.000000&wDSPByrId=5379932&wDspId=80&wbId=1&wrId=2537948&wAdvID=16087&wDspCampId=43647481&isRTB=1&rtbId=7945B58D-633E-4278-8379-6C6811EC1412&imprId=28283F3C-7147-46AC-9CBC-B75CC05C5E93&oid=28283F3C-7147-46AC-9CBC-B75CC05C5E93&cntryId=77&pageURL=https%3A%2F%2Fv2.safehaven.com%2F&sec=1&pAuSt=3&tpb=34&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:26 GMT
Connection
keep-alive
Content-Length
0
Content-Type
text/html
analytics.gif
s.update.rose.pubmatic.com/2/925744/ 		49 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.update.rose.pubmatic.com/2/925744/analytics.gif?dt=9257441544206325357000&c3=1&pv=&pp=156858&si=552647&pi=1957637&ti=28283F3C-7147-46AC-9CBC-B75CC05C5E93&ui=EAF55C11-151B-4168-82B9-ADF4B0E6EBC3&ap=&di=v2.safehaven.com&ac=16514&cr=11732343926971493372&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.251.154.165 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-154-165.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d8eb0eea39a37b88dc5af05c475212e7a86814b77e9f9814e88ab458e3b7111a

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 05 Nov 2020 00:21:25 GMT
Vary
*
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin
*
Content-Length
49
Expires
0
track
aktrack.pubmatic.com/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aktrack.pubmatic.com/track?operId=7&p=156858&s=552647&a=1957637&wa=243&ts=1604535685&wc=16514&crId=312979414&ucrid=11732343926971493372&impid=28283F3C-7147-46AC-9CBC-B75CC05C5E93&advertiser_id=16087&ecpm=0.993476&e=1&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:26 GMT
Connection
keep-alive
Content-Length
0
Content-Type
text/html
track
aktrack.pubmatic.com/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aktrack.pubmatic.com/track?operId=7&p=156858&s=552647&a=1957637&wa=243&ts=1604535685&wc=16514&crId=312979414&ucrid=11732343926971493372&impid=28283F3C-7147-46AC-9CBC-B75CC05C5E93&advertiser_id=16087&ecpm=0.993476&e=2&
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 05 Nov 2020 00:21:26 GMT
Connection
keep-alive
Content-Length
0
Content-Type
text/html
1_th.jpg
img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/176bfae2-7ad6-46c1-b575-cabf1a7717c8/1_th.jpg?crop=400:225,smart&width=400&height=225&format=jpeg&quality=60&fit=crop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.14.137 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
01b4d147ed1c55ed96d5da9817d50af6675ade23ec67eca15091ba902d1b8f6c

Request headers

Referer
https://v2.safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 05 Nov 2020 00:21:26 GMT
via
1.1 varnish, 1.1 varnish
age
4756038
x-cache
HIT, HIT
fastly-io-info
ifsz=116072 idim=2560x1440 ifmt=jpeg ofsz=9062 odim=400x225 ofmt=webp
status
200
fastly-stats
io=1
content-encoding
gzip
content-length
9085
x-served-by
cache-dca17729-DCA, cache-fra19139-FRA
x-timer
S1604535686.281955,VS0,VE0
etag
"TxKeKAktSld7S6F/dedRKUnNIE8YzBDMyeQDbBvSEyk"
vary
Accept
x-amz-request-id
6D21604C17CF70D4
access-control-allow-origin
*
cache-control
max-age=31557600
accept-ranges
bytes
content-type
image/webp
x-cache-hits
2, 2

Verdicts & Comments Add Verdict or Comment

236 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| q887ia function| q887ib object| xop number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent object| gGDPR_NonTCFVendors string| gGDPR_publisherCountryCode string| gGDPR_logoURL string| gGDPR_privacyPolicyURL string| kAmazonPublisherID object| ad300x250ATF object| ad300x250BTF object| ad300x250BTF2 object| ad728x90ATF object| ad728x90BTF object| ad160x600BTF object| ad300x250ATFM object| ad300x250BTFM number| gBrowserWidth object| desktopAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount object| OX_dfp_ads number| minWidth boolean| disableBids object| googletag object| ggeac object| google_js_reporting_queue function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| FontAwesomeConfig object| ___FONT_AWESOME___ function| __tcfapi object| __cmpAPI object| __GVL object| __cmpTCModel function| __cmpOpenUI number| districtmMethod number| districtmRatio number| districtmHeaderTimeOut number| districtmRetryTimeOut number| districtmMaxTimeToTry object| districtmSsp string| districtmCurrency number| districtmAlone number| districtmCurrencyRate object| districtmAllowedSizes number| districtmAppnexusMemberId number| districtmPubmaticPubId object| districtmEasyMap object| districtmExtSSP number| districtmTieBreaker number| districtmMemberId object| districtmCurrencyObject function| cygnus_index_parse_res number| districtmStart number| districtmStop boolean| dm1x1 boolean| dmNeverCall number| districtmExec object| districtmBids object| districtmHeader object| dmWidget object| districtmGA function| pbjsChunk object| pbjs object| _pbjsGlobals string| nobidVersion object| nobid object| _0x5518 function| _0x361a function| _0x16f8fc object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gOpenXBidsBack boolean| gPrebidBidsBack boolean| gHasGDPRCMP object| gGDPRTCData function| amp_getBidsForAllChannels function| amp_dumpBids function| amp_dumpWins function| amp_dumpTable function| amp_getBestBids function| customOxTargeting function| openXRefreshCallback function| sendAdserverRequest function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| scheduleConsentUpdates function| sendBidRequests function| doSendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| configureAdSlot function| getCookie object| apstag function| cnx function| fbq function| _fbq function| $ function| jQuery object| _pcq object| cookieconsent number| inc_adnxs object| districtmManualMap object| j883Na function| j883Nb function| xblacklist function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| bpibBa function| bpibBb function| xblocker object| gaplugins object| gaGlobal object| gaData function| menu_underline function| scrollWin function| dump function| addOption function| removeAllOptions function| externalLinks function| country function| hidelinks function| loginFocus function| featuredArticlesHeight function| bottomArticlesHeight object| jQuery112303022036210083392 function| cb function| raf object| om1720_20987 function| om1720_20987_poll number| $leftpos_margin boolean| apstagLOADED boolean| _pc_loaded object| PC object| VWO object| _vwo_exp_ids object| _vwo_exp string| _vwo_server_url object| _vis_opt_queue function| bowser object| __pc object| _pushcrewDebuggingQueue object| _pc_u boolean| ecomEventsInit object| _pc object| convertflyQueue object| pctracker function| _pc_s object| cnx_usr_storage function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded boolean| _omvisitsadded object| _omapp number| height_diff number| margin_height object| googleToken object| googleIMState function| processGoogleToken number| __google_ad_urls_id number| google_unique_id object| player_instance_daca1604535675273 object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| google_image_requests object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired object| GoogleGcLKhOms object| google_reactive_ads_global_state function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| google_jobrunner function| cnxAddEventListener

12 Cookies

Domain/Path Name / Value
.safehaven.com/ Name: _fbp
Value: fb.1.1604535674758.655864802
v2.safehaven.com/ Name: _omappvs
Value: 1604535674744
.safehaven.com/ Name: _gid
Value: GA1.2.355534511.1604535674
v2.safehaven.com/ Name: _omappvp
Value: vMyxY29MowZmjeXVPX5kk4boICB7sbOWj8h4YkZLO9tCtve2kUoi6kvQSc1cU8mMw77wXBJJnUTw1rUhNBoZUN633DNv7NjY
.safehaven.com/ Name: _ga
Value: GA1.2.1507818685.1604535674
v2.safehaven.com/ Name: dmxRegion
Value: false
v2.safehaven.com/ Name: safehaven_ci
Value: e1d24378518297bafa3ce42c961a65cfc5ecd8c2
.safehaven.com/ Name: _gat_gtag_UA_2249023_27
Value: 1
v2.safehaven.com/ Name: csrf_safehaven_cookie
Value: bf1e865a4c16db009248c4dd7443393f
v2.safehaven.com/ Name: AWSALBCORS
Value: QLw1tc34/5R5C0ekB/INtpn/VCxFkqShvbHLXDRbqifcZhjZHbDR7yX8QohDp3O/GF6rWwt419eMv63WHkMWlc8xOrIWCQRSLLFR/+QWWPN2k52UrgM1ZcryLQlH
v2.safehaven.com/ Name: _wingify_pc_uuid
Value: 6318ebc4da694d9ba36f4633a96f2e67
v2.safehaven.com/ Name: AWSALB
Value: QLw1tc34/5R5C0ekB/INtpn/VCxFkqShvbHLXDRbqifcZhjZHbDR7yX8QohDp3O/GF6rWwt419eMv63WHkMWlc8xOrIWCQRSLLFR/+QWWPN2k52UrgM1ZcryLQlH

50 Console Messages

Source Level URL
Text
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 298)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-ATF div-gpt-ad-1553475674669-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 298)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF div-gpt-ad-1553475817787-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 298)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF2 div-gpt-ad-1553475909622-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 298)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-ATF div-gpt-ad-1553475988342-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 298)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-BTF div-gpt-ad-1553476044183-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
%cCMP: Startup v270 color: #555599
console-api warning URL: https://qd.admetricspro.com/js/safehaven/prebid.js(Line 3)
Message:
fun-hooks: referenced 'registerAdserver' but it was never created
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
ENGINE: gAMPidentityLinkID not present, prebid configured without identyLink
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
ENGINE: final pbjs config
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
[object Object]
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
Initial Ad Load
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP not ready, rescheduling sendBidRequests(): gGDPRTCData.cmpStatus=loading
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
%cCMP: GVL version is 45 color: #555599
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
__uspLaunch begin
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
CMP: No existing consent found in cookie, local or session storage
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
CMP: checking non TCF vendor cookie
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
CMP: No existing non-TCF consent found in cookie, local or session storage
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP response tcData.eventStatus=cmpuishown tcData.cmpStatus=loaded
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP response tcData.eventStatus=cmpuishown tcData.cmpStatus=loaded
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
CMP: Locale=en-us gdpr= false
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 27)
Message:
CMP: GDPR does not apply
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
CMP response tcData.eventStatus=useractioncomplete tcData.cmpStatus=loaded
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests(): LOOP gGDPRTCData.cmpStatus=useractioncomplete
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
Amazon bids returned, count=5
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
pbjs bids returned
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
gPBJSTimeoutTimer cleared
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendAdserverRequest(): pbjsBidsBack
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendAdserverRequest()
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
pbjs.getAdserverTargeting: >> Amazon >> Prebid
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
[object Object]
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
pbjs.getBidResponses:
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
[object Object]
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
gThisRefreshSlots=
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api log URL: https://qd.admetricspro.com/js/safehaven/engine.js(Line 5)
Message:
console.groupEnd
console-api warning URL: https://cds.connatix.com/p/plugins/prebid3.25.0-1.js(Line 3)
Message:
fun-hooks: referenced 'registerAdserver' but it was never created
console-api log (Line 7)
Message:
CNX-ad-imp

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

703460b59f41dd1ce65bc3ed46e8e484.safeframe.googlesyndication.com
a.optmstr.com
acdn.adnxs.com
ads.adaptv.advertising.com
ads.pubmatic.com
ads.servenobid.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
aktrack.pubmatic.com
aol-match.dotomi.com
ap.lijit.com
api.omappapi.com
c.amazon-adsystem.com
c1.adform.net
capi.connatix.com
cd.connatix.com
cdn.districtm.ca
cdn.districtm.io
cdn.pushcrew.com
cdnjs.cloudflare.com
cds.connatix.com
cm.g.doubleclick.net
connect.facebook.net
csi.gstatic.com
d1o9e4un86hhpc.cloudfront.net
d2p6ty67371ecn.cloudfront.net
d2t794khe5w43b.cloudfront.net
d32r1sh890xpii.cloudfront.net
dmx.districtm.io
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
ib.adnxs.com
imasdk.googleapis.com
img.connatix.com
match.adsrvr.org
math-aids-tagan.adlightning.com
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.advertising.com
pixel.quantserve.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.adnxs.com
public.servenobid.com
qd.admetricspro.com
r2---sn-4g5e6nld.c.2mdn.net
s.update.rose.pubmatic.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
ssum.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.serverbid.com
tag.1rx.io
tagan.adlightning.com
teachingaids-d.openx.net
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
v2.safehaven.com
vid.connatix.com
web.hb.ad.cpe.dotomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
104.111.230.142
104.16.190.66
13.226.132.110
13.226.132.7
13.226.132.76
13.226.155.204
134.209.129.254
134.209.131.220
136.144.59.88
151.101.114.137
151.101.114.49
151.101.14.137
172.217.21.194
18.156.0.31
18.196.202.129
185.64.189.112
2.18.232.130
2.18.233.180
2001:4de0:ac19::1:b:1a
205.185.216.42
213.19.147.210
216.58.212.130
23.111.11.100
23.40.113.27
2600:9000:2182:1400:3:442:6dc0:21
2600:9000:2182:7200:10:4f52:7800:21
2600:9000:2182:de00:17:eca0:da80:21
2600:9000:2182:e000:c:5250:79c0:21
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:10::6814:3677
2606:4700::6810:135e
2606:4700::6812:623c
2606:4700:e0::ac40:621c
2620:116:800d:21:5a23:9c4e:e774:96c1
2620:1ec:bdf::10
2a00:1288:110:c305::8000
2a00:1450:4001:58::8
2a00:1450:4001:800::2003
2a00:1450:4001:803::2008
2a00:1450:4001:803::200e
2a00:1450:4001:806::2001
2a00:1450:4001:814::2003
2a00:1450:4001:814::200e
2a00:1450:4001:817::2002
2a00:1450:4001:818::200a
2a00:1450:4001:819::2002
2a00:1450:4001:81e::2006
2a00:1450:4001:820::2004
2a00:1450:4001:820::200a
2a00:1450:4001:824::2001
2a00:1450:400b:804::2003
2a00:1450:400c:c00::9c
2a02:fa8:8806:16::1460
2a02:fa8:8806:20::2040
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.126.63.176
34.251.154.165
35.244.159.8
37.157.5.142
37.252.161.190
37.252.172.45
52.15.169.204
52.31.46.99
54.201.238.66
54.246.70.54
69.173.144.143
72.251.249.13
004e5faf0bf890f61697daeede9f21826affd1137fb2cb58eaf4719937a04a14
01b4d147ed1c55ed96d5da9817d50af6675ade23ec67eca15091ba902d1b8f6c
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
05a58707d25ec9885faf81f026410f37d3757c0689d56b7ec1fc8b2f9cffb9d1
06592edaa4c0ec3766a7b83730fd5fc1ed62c1bf8b546f44badc6ccbe7b8a784
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f3a868a0864df19b76cff5a48870a3548c38e7d791842bbb188a0ead0c6738
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0ce3a2d0027d283f5b109fd48578532c4e4912691f75493651949ebe93ab9a4f
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b
10d789ae1808dc2bc4fe0b8e52542b3ccb34ecff0d3f5491a82be29532e0317a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192
1b2360557ce5f9ad179577cca363c3f45c80870d2f646769fb4c7f2f334cf3dc
1cd17ab1cf74e54887cae963b3bb6f4e3adb59c03201e86c2bf6462aba035b7b
1d400a00395c77028ac77590629d2d9777f9f8d1fabf23d4138fe0b6335887db
1dc3d0ddeb900b0a56df76e80b0182ddf71c222d611ecfaf3ea133fa4b33b619
1f173215dc11fd24c993174dc835476a0e40744558a7ae98c8b979f505349ca7
1f48fc28745589b66873b4bb9386e6f9534bf86213594e294a9518d6c3557f4d
1fa3bf12114ba5eb644c6edde3068fa9737f2ce11625d22a5794239621568fb1
2167f9a9a6375a6735b8b0b141986e849f6fe87c24b70b16d2e667e00622c8c9
25d6fd3b4dcdc05593cab2b4157e21194ada84e5b0de832011246e65d15fe8a9
25f49dcda7feadc2ed8366036e9a74fe3bc4397d44aede53433c96de337aaf6a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cc9c6cc3ba80af028d892b651029d7f16dd8d4bf2bef8ded80ed125db62cb78
2cdfbe5051f60e31a8ed7a2aa9bc0876aa1cf4bd3c900f322c8bbc95ffb64ddf
2dd79556627a19bbbfdd5eedb169b5a3e81a9d784a833643af7e1650e554c3b3
2e224f74c4df04a8c0c906f51b0ad5eb5c9457ee23398cdb3aa058a7d74e5cf8
2e6e211e42d6d4bc60ec035cc8a5711d8b4f5cea07658480531f19e8140d0b6d
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d
3bb0c95684846eb3014e8fe9a0051d98f97184ea08d5105158b8c2b385c77610
40c9589e6b9b3b46aef228f9547686f3d190430951ca33085b798edc9ef20e64
44e0a799c9edf60ebca029f16ee29ceb131207ab4216685ca58b0e0340fe55b0
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
45b99c6daf9c826ca767fc48c14bcd7c71876c812e2674a32f32d23b3168b248
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49ccd528d2b8d2fea0997860fd8a85e85cad9a0fd3f6fac98cba80ff1ce3bcbf
4a72f159997dd06a19c1a235d95e586f67ffe27b72fb7fdeb1dda3a1cb63baeb
4cd0555e8b8b91a8a4ca3091eb4507397cda5c571ada85d4fe51338ea6a568c4
4e6578e7d27122eadf8f0b772be1060a357ad885a75487247d661a4b00b42dd4
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
5756ea36358e3296da9102d4dca7eaab1e8686a5d6b66709701b951eca9f1a14
57f75b5cfbdbc77eed3820ecc8277276f64b1c34750963d0405e9bcbbb11bb36
5aa4142a40b5a1e0cdee8d5416c145c0e3d8b785254a566b5393069dcd2e0de8
5b0fda5b2c7393ca8b81f628fae6715aab69ed4e2491398cf32703b31cddc76e
5fc7df17c5c1832032838befbc40a5706481461d3e6acd5e8f8572005c148347
62f2eeec7851ae0d5e322062cf40092478236d4a4fc5a2cfd87b257739104147
65ade6066145f6a51a3901d13ba45cc17ddfb390ffd0349fa86a42d3ad2da227
65cc3378406f7fa9b8a3b83a8e568a187441c9cf109d988d48ec980cd699debd
662a06474cb1ae08d1a968e1a4590629f413bd83b71287d2c46d1e7c4c825358
66bfa6dd42535b06a283b3844a0bddcfd7f1aca1368baae035a7cda89a6b97fd
6727c372a14f47bd90f6d9ddb1c8bb5d83a2d9eb031ac36ad4cc244fdbd87cc6
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174
69c803bc20bf2279583323ae6ec0a2f79c474d8832f3762ef48fa17c4688a013
6a0921b113349de34a92b9616263085e80596fa912da276d3bafdf678a14062c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6be58733dd15ba676260a98e2475f60a68ea1f8d3d3b2dc83a3cce6df74d47ac
6d0dbaafdbbf1d3f9334bffc7cf32213e7eeac013648dbbf947144d32b22993c
6e23002cb4e5c9ac3aa6a9c1b391fec2111ef7a86749bc89d46da80d65b671a8
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78
71941a01eb19e363a4315629dc23bbbb2284a2d3c494ae2270a060a0850ac1dd
71ceeedc90a87a7adf6afcddb5e83be98b5956564bb113f9e427b5c2a929ebde
73339d824e344121a3039b2e0e9c9353fb8132e005bb6d53249814c213520d5d
741162599ae94b69b055b9935eb7c5b3ed86ec49e19285fd37a70ac49574d36e
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
747a03fee397ff9cf8a76308966b2cc28f4dd00160af7610bc81ccfcb2836fab
748b39065cb376aa50a0a8611d32232e6f49cd0cabba8b16bbeb645ead5fc532
77e06543a649eb09ec89ba780c4f4d6a2bd07764b17d0e3ed70b8d7127dc0089
780f07315b9ae14a59d642a0620542a714ab82d1102d7e9a4c1d06bf9072a27d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a25353e9747e15fcb6af0ffb08379874ce707ea172e7a2ec6a0de8fb821a2ae
7c7d8f61cf9961f7bdc5a08b815883937e2b6d1910cdc984a978d8a473de9989
7de4b7496b67ac3304e91d2b8c55d44c11aca208c78e121ce11f2c830ad67c77
827ed037882fdaabc56262ba11f36580c3f4c0fdf339948ffd3dfeca88cb7a75
82dad1c3707a8b283fdf0d100e52c1b1867230f38fdd2e817bf6333c60782736
8820c8ce102317e73c55e36e151f154e0bbde766f8673537bb0c22f57143b304
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f4c774f55e71e45e3d4ef1d775977b4f884a6280a8087d606bbdc5929dd18d6
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
921b75b6a783e76b80b8238dac5f8230e260a7004211ec54aa25d0e82b1c2fa1
9301bc72cd5e4eadd5e89aada2afd9e89eacea56660ae4191b179fa73458538e
94d8aa676711380bd2b2e671b081dff1002ec7b561d1925e83aab6cd2e29bb2f
95e83ac15ac07dd3a3a0aa0a7da1daf8dc20aefc5b9acee755b41dc59e0dca25
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9
98170098ad5b9e0e27bc80b4fab39889cb6437246979ee85680f64bb77d03a08
9c4740903ba9c8accf0a82a96c4553065510bc6b1a486715c2cfd79b8cfd3f6c
9ebc35ba9f607eefdc973225a8c6831d1472714df5da1b43d5e72611bac8c2ad
a00f70b076a48051e0773d7ca820307c57d9c3bd6e7e4afa3f0d561835d27b39
a16d1c07142eec5e35f1a48c8fbf1cdc87398ee6d4acf8a72b297bde595757fe
a44b4e645ecc10fef54f53f4d0983af2b365f39ba3c458280d12307231a09e81
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
a9144e695a5278db0dfec9bf6f8e6be991e413b973ebe7cad7feea78cc386243
accfe32fdaeb89d28283b764b8df224f4cac9d14adedc5b854965f490329edc1
ad9597b8598bf3318ce189d5b4c47930f1a7fe619de1a62f583788449952b14c
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b11734511d68c3bcccae0646b415fff85a898d192a6130021bf1547b3d68bd26
b3e65f5bc65f920ed835a1329e8e585275e7c0e93de8a5c5642eab6300a11cef
b4639f7e4b23e9a3a2dcc3a440dc59cdb6824b3939b3840a2fc85939989b62db
b6b7de78f3aab03365190707be632d0f50c6abfb08586d7a20bc4ee51cb0dd92
b6dfd3b677f07f0e1f38cbca8116e77a7bfe78cddd11820dd5c28c50d1d02f13
ba46754446aab272f3abd13f796325ed945b5438d7d8272e097b93b8970d9304
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29
bff72ff19963fb873cb8248c567f746a096cf4bd4999f0ec160742f88d1df0b3
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3
c4203636462bb1fb653e6291e7ddc1bcd65d40334e5a6a6f92c90d01f1edc51d
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8
c7714be5150899442faf570cab4e7846a794e81d6b420300148d1f5a9a405c7a
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
d287699582a487b09bbb89d2dbdb5349a7a1dc871b55b70c9f98551158b4f9b2
d3c90c9f422cd851a555f14024b5409356fdf65fc3eeb2e119137cc5a5d95e2d
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f
d8c64fa8a1410020b6ada4404bad8f915e7f369673ed7cd81010c421049c6600
d8eb0eea39a37b88dc5af05c475212e7a86814b77e9f9814e88ab458e3b7111a
dc79d618ed700e7c19db746ed52d5e63e09850e19ec6722e602580f8c4eb1e26
dd12df38bb6d5e83053655d3a5d81a7166743b7e3bdb1f8cd38b3b556b515801
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de5d19a224c3b122e6f3244e003a82e55af5253965f72b51688dfaa3319809a7
de6e2d5387306353aa4ef2fa752edeb7006eccb64198d5549ff06f55a3c142e0
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e502ba6d5a342b3981c0b952d3552529d3169eb6deb8cd1d37db63daeabf35d9
e5259060d010e85d09754ef06639c192c7eeb743600d048c222187b6d38546ad
e64776e40c83f8b9359aa84c128557f20c58b7e8ca15f0f41d6a3da717582cab
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293
ea96defa8284ab6fb47873d08324707fce48164694963421492e0c91573dbda6
ec95a631650981cd2ff2eecd07118042dee23fc0a3fd6ed70926fa3d94e4e5d3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458
f47e390daff67fdcea7e21664ca489c27e2275d8f77b34b62443e84f38c908cd
f486e76f85479c0ade338a1083398b0cf9afdbe17789018330ee468495f2de4e
f9a0f763a9b9ca828b68928f455794d55d1bf7268e5fb595ccc1cc72273b1be2
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c
fbcc20cd0eee3571dd3e63e6326c9e870226b9e9e014750831d5a62f0df01b7b
fcf0dc706fe16b5bbd80b304df323854d02e85ce8dfdc63ecf414d9521e95f5a
fdbc0b0ea0dd9600acd165acfa2c0779257bf9bda9c6a1c87b8c533c8f29edfc