urlscan.io logo urlscan.io
SecurityTrails logo

safehaven.com Open in urlscan Pro
54.201.238.66  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://safehaven.com.admin-eu.cas.ms/
Effective URL: https://safehaven.com/
Submission: On May 08 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 52 IPs in 8 countries across 39 domains to perform 253 HTTP transactions. The main IP is 54.201.238.66, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is safehaven.com.
TLS certificate: Issued by Amazon on December 3rd 2019. Valid for: a year.
This is the only time safehaven.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.155.161.91 8075 (MICROSOFT...)
1 54.201.238.66 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
13 52.222.182.108 16509 (AMAZON-02)
4 2606:4700:303... 13335 (CLOUDFLAR...)
27 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
11 2600:9000:21f... 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 2600:9000:207... 16509 (AMAZON-02)
1 2600:9000:21f... 16509 (AMAZON-02)
17 2600:9000:21f... 16509 (AMAZON-02)
20 63.250.56.23 41436 (CLOUDWEBM...)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 216.58.212.130 15169 (GOOGLE)
7 172.217.22.34 15169 (GOOGLE)
6 104.16.190.66 13335 (CLOUDFLAR...)
5 52.222.191.80 16509 (AMAZON-02)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
2 37.252.172.36 29990 (ASN-APPNEX)
1 178.128.135.80 14061 (DIGITALOC...)
5 69.173.144.140 26667 (RUBICONPR...)
1 185.64.189.112 62713 (AS-PUBMATIC)
4 6 2606:2800:233... 15133 (EDGECAST)
1 3 34.95.120.147 15169 (GOOGLE)
1 216.52.2.19 29791 (VOXEL-DOT...)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 37.252.172.45 29990 (ASN-APPNEX)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.111.11.100 33438 (HIGHWINDS2)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a03:2880:f11... 32934 (FACEBOOK)
1 52.222.182.84 16509 (AMAZON-02)
2 72.247.225.32 16625 (AKAMAI-AS)
21 185.167.97.84 41436 (CLOUDWEBM...)
1 2 52.59.50.21 16509 (AMAZON-02)
1 1 148.251.129.84 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 52.57.217.231 16509 (AMAZON-02)
13 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
29 2a00:1450:400... 15169 (GOOGLE)
2 104.109.78.125 20940 (AKAMAI-ASN1)
1 1 206.189.254.17 14061 (DIGITALOC...)
1 205.185.216.42 20446 (HIGHWINDS3)
1 72.247.225.17 16625 (AKAMAI-AS)
2 52.57.106.47 16509 (AMAZON-02)
1 2a02:fa8:8806... 41041 (VCLK-EU-)
1 1 91.228.74.183 27281 (QUANTCAST)
1 54.77.250.219 16509 (AMAZON-02)
253 52
1    52.155.161.91 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
safehaven.com.admin-eu.cas.ms
1    54.201.238.66 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-201-238-66.us-west-2.compute.amazonaws.com
safehaven.com
4    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
13    52.222.182.108 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-182-108.ham50.r.cloudfront.net
tagan.adlightning.com
4    2606:4700:3037::6812:2030 (United States)

ASN13335 (CLOUDFLARENET, US)
qd.admetricspro.com
27    2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
adservice.google.de
googleads.g.doubleclick.net
1    2606:4700::6812:633c (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.ca
11    2600:9000:21f3:7e00:c:5250:79c0:21 (United States)

ASN16509 (AMAZON-02, US)
d2p6ty67371ecn.cloudfront.net
4    2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2600:9000:2070:ae00:10:4f52:7800:21 (United States)

ASN16509 (AMAZON-02, US)
d1o9e4un86hhpc.cloudfront.net
1    2600:9000:21f3:5a00:17:eca0:da80:21 (United States)

ASN16509 (AMAZON-02, US)
d32r1sh890xpii.cloudfront.net
17    2600:9000:21f3:b000:3:442:6dc0:21 (United States)

ASN16509 (AMAZON-02, US)
d2t794khe5w43b.cloudfront.net
20    63.250.56.23 (United States)

ASN41436 (CLOUDWEBMANAGE-EU, GB)
live.sekindo.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net
www.googleadservices.com
7    172.217.22.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s16-in-f2.1e100.net
securepubads.g.doubleclick.net
6    104.16.190.66 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.districtm.io
dmx.districtm.io
5    52.222.191.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-191-80.ham50.r.cloudfront.net
c.amazon-adsystem.com
1    2a02:fa8:8806:16::1460 (Sweden)

ASN41041 (VCLK-EU-, SE)
web.hb.ad.cpe.dotomi.com
2    37.252.172.36 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
1    178.128.135.80 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
e.serverbid.com
5    69.173.144.140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
6    2606:2800:233:97b6:26be:138a:cba8:bb01 (United States)

ASN15133 (EDGECAST, US)
adserver-us.adtech.advertising.com
3    34.95.120.147 (United States)

ASN15169 (GOOGLE, US)
PTR: 147.120.95.34.bc.googleusercontent.com
teachingaids-d.openx.net
eu-u.openx.net
1    216.52.2.19 (United States)

ASN29791 (VOXEL-DOT-NET, US)
ap.lijit.com
3    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700:10::6814:3677 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.pushcrew.com
5    37.252.172.45 (Ascension Island)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2a00:1450:400c:c08::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    23.111.11.100 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)
a.optmstr.com
2    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
3    2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
4    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    52.222.182.84 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-182-84.ham50.r.cloudfront.net
api.omappapi.com
2    72.247.225.32 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-32.deploy.static.akamaitechnologies.com
ads.pubmatic.com
21    185.167.97.84 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, GB)
video.sekindo.com
2    52.59.50.21 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-50-21.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    148.251.129.84 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.84.129.251.148.clients.your-server.de
csync.loopme.me
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.57.217.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-217-231.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
13    2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
29    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.com
2    104.109.78.125 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    206.189.254.17 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.serverbid.com
1    205.185.216.42 (Phoenix, United States)

ASN20446 (HIGHWINDS3, US)
PTR: map2.hwcdn.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1    72.247.225.17 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-17.deploy.static.akamaitechnologies.com
acdn.adnxs.com
2    52.57.106.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-106-47.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    2a02:fa8:8806:12::1370 (Sweden)

ASN41041 (VCLK-EU-, SE)
aol-match.dotomi.com
1    91.228.74.183 (United Kingdom)

ASN27281 (QUANTCAST, US)
pixel.quantserve.com
1    54.77.250.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-250-219.eu-west-1.compute.amazonaws.com
match.adsrvr.org
Apex Domain
Subdomains		 Transfer
41 sekindo.com
live.sekindo.com
video.sekindo.com
3 MB
37 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
668 KB
32 cloudfront.net
d2p6ty67371ecn.cloudfront.net
d1o9e4un86hhpc.cloudfront.net
d32r1sh890xpii.cloudfront.net
d2t794khe5w43b.cloudfront.net
2 MB
17 doubleclick.net
securepubads.g.doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
95 KB
13 adlightning.com
tagan.adlightning.com
330 KB
12 googletagservices.com
www.googletagservices.com
318 KB
9 google.de
adservice.google.de
www.google.de
1 KB
8 google.com
www.google.com
adservice.google.com
1 KB
8 advertising.com
adserver-us.adtech.advertising.com Failed
pixel.advertising.com
3 KB
8 rubiconproject.com
fastlane.rubiconproject.com
prebid-server.rubiconproject.com
eus.rubiconproject.com
9 KB
8 adnxs.com
ib.adnxs.com
secure.adnxs.com
acdn.adnxs.com
5 KB
6 districtm.io
cdn.districtm.io
dmx.districtm.io
326 B
5 amazon-adsystem.com
c.amazon-adsystem.com
59 KB
5 cloudflare.com
cdnjs.cloudflare.com
106 KB
5 googleapis.com
fonts.googleapis.com
ajax.googleapis.com
9 KB
4 facebook.com
www.facebook.com
459 B
4 admetricspro.com
qd.admetricspro.com
162 KB
4 googletagmanager.com
www.googletagmanager.com
119 KB
3 gstatic.com
fonts.gstatic.com
29 KB
3 facebook.net
connect.facebook.net
270 KB
3 openx.net
teachingaids-d.openx.net
eu-u.openx.net
821 B
3 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
114 B
2 bidswitch.net
x.bidswitch.net
916 B
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com
82 KB
2 serverbid.com
e.serverbid.com
sync.serverbid.com
266 B
2 dotomi.com
web.hb.ad.cpe.dotomi.com
aol-match.dotomi.com
731 B
2 google-analytics.com
www.google-analytics.com
18 KB
1 adsrvr.org
match.adsrvr.org
264 B
1 quantserve.com
pixel.quantserve.com
843 B
1 digitaloceanspaces.com
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
1 loopme.me
csync.loopme.me
226 B
1 omappapi.com
api.omappapi.com
10 KB
1 optmstr.com
a.optmstr.com
60 KB
1 pushcrew.com
cdn.pushcrew.com
68 KB
1 lijit.com
ap.lijit.com
700 B
1 googleadservices.com
www.googleadservices.com
11 KB
1 districtm.ca
cdn.districtm.ca
23 KB
1 safehaven.com
safehaven.com
13 KB
1 cas.ms
safehaven.com.admin-eu.cas.ms
322 B
253 39
Domain Requested by
24 pagead2.googlesyndication.com tagan.adlightning.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
safehaven.com
21 video.sekindo.com safehaven.com
live.sekindo.com
20 live.sekindo.com safehaven.com
live.sekindo.com
17 d2t794khe5w43b.cloudfront.net safehaven.com
13 tpc.googlesyndication.com tagan.adlightning.com
13 tagan.adlightning.com safehaven.com
tagan.adlightning.com
12 www.googletagservices.com safehaven.com
tagan.adlightning.com
securepubads.g.doubleclick.net
11 d2p6ty67371ecn.cloudfront.net safehaven.com
9 googleads.g.doubleclick.net tagan.adlightning.com
7 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
safehaven.com
6 adserver-us.adtech.advertising.com safehaven.com
6 adservice.google.de tagan.adlightning.com
5 adservice.google.com tagan.adlightning.com
5 secure.adnxs.com cdn.districtm.ca
5 dmx.districtm.io cdn.districtm.ca
5 fastlane.rubiconproject.com qd.admetricspro.com
5 c.amazon-adsystem.com safehaven.com
c.amazon-adsystem.com
live.sekindo.com
5 cdnjs.cloudflare.com safehaven.com
tagan.adlightning.com
ajax.googleapis.com
live.sekindo.com
4 www.facebook.com safehaven.com
connect.facebook.net
4 qd.admetricspro.com safehaven.com
4 fonts.googleapis.com safehaven.com
live.sekindo.com
ajax.googleapis.com
4 www.googletagmanager.com safehaven.com
3 fonts.gstatic.com safehaven.com
live.sekindo.com
3 www.google.de safehaven.com
3 www.google.com safehaven.com
3 connect.facebook.net safehaven.com
connect.facebook.net
3 d1o9e4un86hhpc.cloudfront.net safehaven.com
2 pixel.advertising.com
2 eu-u.openx.net 1 redirects qd.admetricspro.com
2 eus.rubiconproject.com live.sekindo.com
qd.admetricspro.com
2 x.bidswitch.net 1 redirects safehaven.com
2 ads.pubmatic.com live.sekindo.com
qd.admetricspro.com
2 maxcdn.bootstrapcdn.com safehaven.com
live.sekindo.com
2 ib.adnxs.com qd.admetricspro.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
1 match.adsrvr.org
1 pixel.quantserve.com 1 redirects
1 aol-match.dotomi.com
1 acdn.adnxs.com qd.admetricspro.com
1 serverbid-sync.nyc3.cdn.digitaloceanspaces.com qd.admetricspro.com
1 sync.serverbid.com 1 redirects
1 prebid-server.rubiconproject.com live.sekindo.com
1 ajax.googleapis.com tagan.adlightning.com
1 csync.loopme.me 1 redirects
1 api.omappapi.com a.optmstr.com
1 a.optmstr.com tagan.adlightning.com
1 stats.g.doubleclick.net safehaven.com
1 cdn.pushcrew.com safehaven.com
1 ap.lijit.com qd.admetricspro.com
1 teachingaids-d.openx.net qd.admetricspro.com
1 hbopenbid.pubmatic.com qd.admetricspro.com
1 e.serverbid.com qd.admetricspro.com
1 web.hb.ad.cpe.dotomi.com qd.admetricspro.com
1 cdn.districtm.io tagan.adlightning.com
1 www.googleadservices.com www.googletagmanager.com
1 d32r1sh890xpii.cloudfront.net safehaven.com
1 cdn.districtm.ca safehaven.com
1 safehaven.com
1 safehaven.com.admin-eu.cas.ms 1 redirects
253 59

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
plus.google.com
Subject Issuer Validity Valid
safehaven.com
Amazon		 2019-12-03 -
2021-01-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.adlightning.com
Amazon		 2019-08-19 -
2020-09-19		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-04 -
2020-10-09		 8 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
www.sekindo.com
Go Daddy Secure Certificate Authority - G2		 2019-05-23 -
2020-06-18		 a year crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
districtm.io
CloudFlare Inc ECC CA-2		 2020-02-25 -
2020-10-09		 7 months crt.sh
c.amazon-adsystem.com
Amazon		 2019-10-07 -
2020-09-29		 a year crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2020-03-30 -
2022-06-25		 2 years crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA		 2019-01-23 -
2021-03-08		 2 years crt.sh
e.serverbid.com
Let's Encrypt Authority X3		 2020-03-24 -
2020-06-22		 3 months crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA		 2019-02-22 -
2021-02-21		 2 years crt.sh
*.adtech.advertising.com
DigiCert SHA2 Secure Server CA		 2020-04-16 -
2022-04-21		 2 years crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2018-01-04 -
2020-07-09		 3 years crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2020-03-11 -
2021-05-10		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-04-15 -
2020-07-14		 3 months crt.sh
*.pushcrew.com
Go Daddy Secure Certificate Authority - G2		 2019-07-23 -
2021-07-31		 2 years crt.sh
*.optmstr.com
Go Daddy Secure Certificate Authority - G2		 2020-01-10 -
2022-01-24		 2 years crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
www.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
api.opmnstr.com
Amazon		 2020-04-09 -
2021-05-09		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.nyc3.cdn.digitaloceanspaces.com
DigiCert SHA2 Secure Server CA		 2020-03-11 -
2021-04-14		 a year crt.sh
cdn.adnxs.com
GeoTrust RSA CA 2018		 2020-01-02 -
2021-04-02		 a year crt.sh
pixel.advertising.com
DigiCert SHA2 High Assurance Server CA		 2017-06-14 -
2020-06-18		 3 years crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh
*.adsrvr.org
Trustwave Organization Validation SHA256 CA, Level 1		 2019-03-07 -
2021-04-19		 2 years crt.sh

This page contains 29 frames:

Primary Page: https://safehaven.com/
Frame ID: 1AB844DFD465E7D053797C80572D00F4
Requests: 124 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: B8BB4CAF06CBD7AC758FB02094ECB643
Requests: 1 HTTP requests in this frame

Frame: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Frame ID: 485A81FDDD1CAB7E6697B65741CEA955
Requests: 26 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: AD5CC37E9BF63A3BB6E4CDDB6972837E
Requests: 6 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 9FE7F4BF8C622FE5D0CE8B91CA2BB110
Requests: 17 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: 91C9727E9AAE77FF539272B4AC89EAAF
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Frame ID: A8765EBB0C529C934BA390624B3E8D41
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Frame ID: 86B0C998830E3EE969CADCBA5CC4F5A3
Requests: 14 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Frame ID: 1866A9DDBE19243B404F07E1FAE9E698
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Frame ID: D0C7F59B85EB9B57ECD56084DAD3BC0E
Requests: 13 HTTP requests in this frame

Frame: https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Frame ID: 2D602ABBDF39DD0F67E4D1B8E306B414
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html
Frame ID: 13C32521E45F614F38BAB3429DC9E8D9
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: FCB88B31BC20D70F3C1A6770DF9C7D3E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017207&bpp=24&bdt=267&idt=357&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=2&ga_vid=872445442.1588940018&ga_sid=1588940018&ga_hid=1195151529&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=723020603681401&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.a9iui6e5w30h&fsb=1&dtd=376
Frame ID: F1B51C94AB061E2D884A2E74B4C98DA3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 7FC75E7DAFD2D052AB0687107988947B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&dt=1588940017455&bpp=3&bdt=498&idt=200&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1666900433.1588940018&ga_sid=1588940018&ga_hid=1222251735&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2507&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=3611683374944784&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.mmaa671i5w23&btvi=1&fsb=1&dtd=216
Frame ID: C9E1EEBCAC6A57E084FF699C3A0A5A98
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017475&bpp=3&bdt=509&idt=210&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1907760033.1588940018&ga_sid=1588940018&ga_hid=156243219&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1206&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21066085%2C44716866&oid=3&pvsid=200796105327949&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.sffqol1zqlvi&btvi=1&fsb=1&dtd=218
Frame ID: 4A97BD044F8D68476E416F3892792D19
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017366&bpp=5&bdt=415&idt=367&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=708233854.1588940018&ga_sid=1588940018&ga_hid=620661132&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21066085%2C21062175&oid=3&pvsid=2714834117011205&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.4ziak0tjrmqa&fsb=1&dtd=382
Frame ID: D9478EA292EC4A6A8DD5AD6EB9AB52AD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017502&bpp=3&bdt=528&idt=272&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=240465734.1588940018&ga_sid=1588940018&ga_hid=1091402820&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3125&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085%2C26835105&oid=3&pvsid=346686311625295&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.xlhffntkpkmj&btvi=1&fsb=1&dtd=281
Frame ID: E2772C94597075BF8D37C04A223651A5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 51CB29D847B4972826F7316DDCD43637
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 1A43B47CC430E022157FBD3C8CC5F5DD
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 55BFA745A26C3ED34B0239E12DB31276
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 4FDF76F984D96BA41C20A711EB56A590
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Frame ID: 0BBDE91FBA9AF7EA9C737A84AF41C8C7
Requests: 1 HTTP requests in this frame

Frame: https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Frame ID: 477D38D5307316A08A9690E9144DF010
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 94AE87D340540B951FCDE88DD887C721
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: CB344733DE1878CA7F6EE675F8F9D023
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Frame ID: 765BD6F26EC50AFB9745D26EC27EA9D6
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: A944FA407363943F543AF7B39BE961E9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://safehaven.com.admin-eu.cas.ms/ HTTP 307
    https://safehaven.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /php\/?([\d.]+)?/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • headers server /\(Amazon\)/i
Overall confidence: 100%
Detected patterns
  • script /adnxs\.(?:net|com)/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/prebid\.js/i

Page Statistics

253
Requests

98 %
HTTPS

47 %
IPv6

39
Domains

59
Subdomains

52
IPs

8
Countries

7884 kB
Transfer

13299 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://safehaven.com.admin-eu.cas.ms/ HTTP 307
    https://safehaven.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 63
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1A57cf07c0-9125-11ea-84af-122675b00be4;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268
Request Chain 64
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1588940014;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A57d6ee4a-9125-11ea-9741-12fd82435158;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268
Request Chain 65
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1A57d739a4-9125-11ea-813c-1212911483a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268
Request Chain 66
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A57cec134-9125-11ea-8094-123c39a1c2a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268
Request Chain 67
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269; HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269 HTTP 302
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A57ce7fbc-9125-11ea-9607-126145921f52;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269
Request Chain 90
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=529772676&t=pageview&_s=1&dl=https%3A%2F%2Fsafehaven.com%2F&ul=en-us&de=UTF-8&dt=Safehaven.com%20%7C%20Preservation%20of%20Capital&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=923695954&gjid=1523967460&cid=1581210580.1588940016&tid=UA-2249023-27&_gid=59486273.1588940016&_r=1&gtm=2ou4t0&z=2036910862 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=1581210580.1588940016&jid=923695954&_gid=59486273.1588940016&gjid=1523967460&_v=j82&z=2036910862
Request Chain 127
  • https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent=
Request Chain 128
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
  • https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=349f9a39-45ad-49d7-9d8f-e015a7e89095
Request Chain 242
  • https://sync.serverbid.com/ss/2000891.html HTTP 302
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Request Chain 245
  • https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1 HTTP 302
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Request Chain 249
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent= HTTP 302
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OLoZMTm8HTcgvhgyOepWMT3oTTcg7x5gbrpugRSt

253 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
safehaven.com/
Redirect Chain
  • https://safehaven.com.admin-eu.cas.ms/
  • https://safehaven.com/
92 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.201.238.66 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-201-238-66.us-west-2.compute.amazonaws.com
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
f57d00bd61c7d482bfaa474197e9ff250cc8528bdbd35d17841315b709c87618

Request headers

:method
GET
:authority
safehaven.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 08 May 2020 12:13:34 GMT
content-type
text/html; charset=UTF-8
content-length
12993
set-cookie
AWSALB=uzfuRJF5x9oCVkCA0NPKAcEogKdCej454yetfOXqCiGuj9BtsxHhkrKvztwyyLjvEUjQQ8XP0S3SBHKbonxxQO2BB+JVp7wVGRX2PfdGOlnnPKgsuxvhVSSIjOz0; Expires=Fri, 15 May 2020 12:13:34 GMT; Path=/ AWSALBCORS=uzfuRJF5x9oCVkCA0NPKAcEogKdCej454yetfOXqCiGuj9BtsxHhkrKvztwyyLjvEUjQQ8XP0S3SBHKbonxxQO2BB+JVp7wVGRX2PfdGOlnnPKgsuxvhVSSIjOz0; Expires=Fri, 15 May 2020 12:13:34 GMT; Path=/; SameSite=None; Secure csrf_safehaven_cookie=40e5503169c8ce4138ac4aa2db289223; expires=Fri, 08-May-2020 14:13:34 GMT; Max-Age=7200; path=/ safehaven_ci=161c0762990227d2441f4d5a931f8e1939d63a2d; path=/; HttpOnly
server
Apache/2.4.41 (Amazon) PHP/5.6.40
x-powered-by
PHP/5.6.40
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
vary
Accept-Encoding,User-Agent
content-encoding
gzip

Redirect headers

Server
openresty
Date
Fri, 08 May 2020 12:13:34 GMT
Connection
keep-alive
X-MCAS-Request-Id
6e68af5484622e27ea37abc66e5718a5
Strict-Transport-Security
max-age=31536000
Location
https://safehaven.com/
X-MCAS-Upstream-Time
n/a
X-MCAS-Processing-Time
2
Content-Length
136
js
www.googletagmanager.com/gtag/ 		81 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
561e6451b332757d5b4ba03bfad62c4af46d21288ad13a83dd134f13c78b10b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30413
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:34 GMT
js
www.googletagmanager.com/gtag/ 		80 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-814550776
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8b44595b56b3899377b8e6d50e2f5f314055225a82c5474dd12bae8a2911ebd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30412
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:34 GMT
css
fonts.googleapis.com/ 		2 KB
690 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:500&display=swap
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 12:13:34 GMT
server
ESF
date
Fri, 08 May 2020 12:13:34 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 12:13:34 GMT
op.js
tagan.adlightning.com/math-aids/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/op.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
42b3fc91a1ad52d699828c32fab5b6c562dd9b6e7f287bd300b589a9f010a60a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:02:24 GMT
content-encoding
gzip
age
671
x-cache
Hit from cloudfront
status
200
content-length
12063
x-amz-meta-git_commit
0d4dfcb
last-modified
Thu, 07 May 2020 23:03:16 GMT
server
AmazonS3
etag
"c9355861af30ba2acaee28d29cbfb015"
x-amz-version-id
vvF6bEuHBPTp.JE4kH7JRYXw5MKJYiVY
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=900
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
wsd_Z7Vmj0SOqdI7IH_MMPlRhm9jtcpXwhPU8ALZiDlri2z8Zwzzkw==
layout.js
qd.admetricspro.com/js/safehaven/ 		14 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/layout.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
267de44d3e0da48ea910544cc6ae698dc28c977de6cb7baf62a4913765f49a2b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
cf-cache-status
HIT
age
103
status
200
cf-request-id
0295cd9d5a0000d6f9568e9200000001
last-modified
Fri, 03 Apr 2020 17:20:45 GMT
server
cloudflare
etag
W/"3905-5a266233b698f-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
590318755e5cd6f9-FRA
expires
Fri, 08 May 2020 12:21:51 GMT
gpt.js
www.googletagservices.com/tag/js/ 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203c53e92c4994351bfcb37003059ba3a9bd041580a8271e7881f03bbc061fcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"509 / 893 of 1000 / last-modified: 1588867830"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
15392
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:34 GMT
cmp.js
qd.admetricspro.com/js/safehaven/ 		218 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/cmp.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
cf-cache-status
HIT
age
103
status
200
cf-request-id
0295cd9d5b0000d6f9568eb200000001
last-modified
Fri, 27 Sep 2019 21:07:46 GMT
server
cloudflare
etag
W/"367ba-5938f47194c80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
590318755e60d6f9-FRA
expires
Fri, 08 May 2020 12:21:50 GMT
merge.142016.js
cdn.districtm.ca/merge/ 		96 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.ca/merge/merge.142016.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:633c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
152348
cf-polished
origSize=98705
status
200
last-modified
Mon, 09 Sep 2019 19:18:19 GMT
x-amz-request-id
9445A9EB2D8C95D0
x-amz-id-2
qd4YUTJ7ej/awokk1hdGiEuKwY43QuD55Jy+MEAYZiJPsVg16PAZcyXugM9DGW0KcY/AgIlzRao=
cf-bgj
minify
server
cloudflare
etag
W/"af89e858721db33fe8776b832f2f75a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
x-amz-version-id
W3M7ZtQBM6rvV9.80JF8eLB1ASMBDZAU
cf-request-id
0295cd9d9500009766428b2200000001
cf-ray
59031875b9ac9766-FRA
expires
Fri, 08 May 2020 16:13:35 GMT
prebid.js
qd.admetricspro.com/js/safehaven/ 		294 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/prebid.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
cf-cache-status
HIT
age
104
status
200
cf-request-id
0295cd9d5b0000d6f9568ec200000001
last-modified
Wed, 26 Feb 2020 03:30:32 GMT
server
cloudflare
etag
W/"49929-59f723a0fd39e-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
590318755e63d6f9-FRA
expires
Fri, 08 May 2020 12:18:05 GMT
engine.js
qd.admetricspro.com/js/safehaven/ 		16 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qd.admetricspro.com/js/safehaven/engine.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6812:2030 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
cf-cache-status
HIT
age
104
status
200
cf-request-id
0295cd9d5b0000d6f9568ed200000001
last-modified
Sun, 24 Nov 2019 00:06:08 GMT
server
cloudflare
etag
W/"41f6-5980c69fe949d-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
590318755e64d6f9-FRA
expires
Fri, 08 May 2020 12:18:05 GMT
js
www.googletagmanager.com/gtag/ 		80 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-820290545
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
76e31e4a531b1b8d35570016e89fa8fdbf86f1ad8b47b5d487cd3b7528801b89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30410
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:35 GMT
js
www.googletagmanager.com/gtag/ 		80 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-802310072
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d51666e314361b7739359e6e1a39bd50ef39c0fdc710171f3383df569fdc6dfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30411
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:35 GMT
style.css
d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/ 		72 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:59:06 GMT
content-encoding
gzip
age
602068
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
10330
last-modified
Fri, 01 May 2020 12:38:59 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1588336739;gz"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
oG77DR8IgaBcf_a7Bdoz4xk15n4Oc1Jx9NozOGTwhRE8rg4V639n9Q==
expires
Sat, 01 May 2021 12:59:06 GMT
jquery-1.12.3.min.js
d2p6ty67371ecn.cloudfront.net/a/js/third_party/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/js/third_party/jquery-1.12.3.min.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 13:07:55 GMT
content-encoding
gzip
last-modified
Fri, 01 May 2020 15:47:55 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
83139
etag
"17b9c-5a4981ad75a46-gzip"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
33794
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
x-amz-cf-id
GAXBiW44zeChSCBU78OTrCxc53k5O119xPhKo2C7sW5cg5arAee2yw==
cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
16434241
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0295cd9d40000005d4ef33f200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:18:36 GMT
server
cloudflare
etag
W/"5afd48ec-f62"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
590318753af905d4-FRA
expires
Wed, 28 Apr 2021 12:13:34 GMT
cookieconsent.min.js
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:34 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
24899150
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0295cd9d40000005d4ef340200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:18:32 GMT
server
cloudflare
etag
W/"5afd48e8-4d5a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
590318753afd05d4-FRA
expires
Wed, 28 Apr 2021 12:13:34 GMT
logo-no-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-no-light.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:39:02 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602078
etag
"470b-5a495775215b8"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
18187
x-amz-cf-id
qOkzKeziMlkUispU4Pnh_nHku40vo5Q8EVdCnKbaWH2R0DLWjblTyQ==
expires
Fri, 08 May 2020 12:58:56 GMT
logo-light.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/logo-light.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:57 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:07 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602078
etag
"3d01-5a49574111890"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15617
x-amz-cf-id
iwnbJFc-NXlcacbGSpQVtYEZMJENbm0raMmSmGIrzmOsiKgp4gAugg==
expires
Fri, 08 May 2020 12:58:57 GMT
chart_green.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		32 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_green.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:ae00:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 21 Apr 2020 22:21:45 GMT
content-encoding
gzip
age
1432310
x-cache
Hit from cloudfront
status
200
content-length
4218
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"80e2-591a1da78e7ac-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 20997ca80e84f6ddda445ba948f015bd.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C3
accept-ranges
bytes
x-amz-cf-id
h-2ewUZnV6coTII7Hiry7rr2YEdVUuB-taHxtfxFNC5nGjGkZSWumg==
expires
Wed, 21 Apr 2021 22:21:45 GMT
chart_red_flip.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		15 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart_red_flip.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:ae00:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 04:58:04 GMT
content-encoding
gzip
age
1322131
x-cache
Hit from cloudfront
status
200
content-length
1798
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"3ca0-591a1da7a5eac-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 20997ca80e84f6ddda445ba948f015bd.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C3
accept-ranges
bytes
x-amz-cf-id
PXRP_ofuvwf30BuTRgwjanfqqdPx2z92I6c0oA9AOFAtCnbAHk0shQ==
expires
Fri, 23 Apr 2021 04:58:04 GMT
chart.svg
d1o9e4un86hhpc.cloudfront.net/a/img/common/header/ 		27 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1o9e4un86hhpc.cloudfront.net/a/img/common/header/chart.svg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2070:ae00:10:4f52:7800:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/7.2.24 /
Resource Hash
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 21 Apr 2020 16:54:49 GMT
content-encoding
gzip
age
1451926
x-cache
Hit from cloudfront
status
200
content-length
4143
last-modified
Tue, 03 Sep 2019 08:27:04 GMT
server
Apache/2.4.41 (Amazon) PHP/7.2.24
etag
"6c58-591a1da77804c-gzip"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 20997ca80e84f6ddda445ba948f015bd.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C3
accept-ranges
bytes
x-amz-cf-id
Z6F2Jl1COZ_05U2vF_XPnMHiDXPN3W8Yownu56kLTj7nh5V0bDhD4w==
expires
Wed, 21 Apr 2021 16:54:48 GMT
blend_45_2.png
d32r1sh890xpii.cloudfront.net/header_graphs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d32r1sh890xpii.cloudfront.net/header_graphs/blend_45_2.png?cb=1588939802
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:5a00:17:eca0:da80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
94825a38fe05eb8161707b3783b7ad8e3405d2b9cb6a4e8b2e3c2390dedba33a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:26 GMT
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
last-modified
Fri, 08 May 2020 12:13:04 GMT
server
AmazonS3
age
10
etag
"e3e7a7f38b34ce738db5dc967494c3c3"
x-cache
Hit from cloudfront
x-amz-version-id
8ZEudF3btnG8nZetHzJBwOTvd39Hfg3.
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-type
image/png
content-length
6755
x-amz-cf-id
a7mAlISoo60OHkvIUmGdcsgNZyJv_gIn3mgH17IZeBqDffvQweo6Wg==
d525cbbcfcc58cae512c785390df5573.jpg
d2t794khe5w43b.cloudfront.net/article/718x300/ 		158 KB
158 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/718x300/d525cbbcfcc58cae512c785390df5573.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2886cb37ae9565ff853f695f1dd901549ef29661d21f4a9633d544bf8dd7c757

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 01:15:07 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 22:06:15 GMT
server
AmazonS3
age
39509
etag
"a0edcbcb7e1d191a3f0521a45cbf1f34"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
161663
x-amz-cf-id
lR15-Mzgc97sS-x3rUGhEUlwFuJsvp6jpHd0K3Wc85BMzUfVfMpGDg==
6621b228fc8ca701e71b6b6dce79ee45.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/6621b228fc8ca701e71b6b6dce79ee45.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6d40fc6a27a558f6f09b142ba587591cfe9d4f86ab0fd015a0c39ae9fb90e8eb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 01:15:07 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 21:53:38 GMT
server
AmazonS3
age
39509
etag
"33bbc0ca370e6b0d264c2cb577496e2c"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
66622
x-amz-cf-id
rJUaPkgGF-RQZxxIm4XQ1ZHXxcxehgXCbNwJ-x6Lqnn4tYbQt29Ofg==
06685a2a5b9c31966c9019d4bbe755e2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		106 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/06685a2a5b9c31966c9019d4bbe755e2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
40fddc2a37b32e799d931b5bf87c338cc2eaf4be9591afb587e0ccb565f4fd65

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:18:26 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Thu, 07 May 2020 17:25:15 GMT
server
AmazonS3
age
46510
etag
"8f1b5455e9872a5243e7f8b9341ed1e5"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
108242
x-amz-cf-id
GJXYGQlMg248-CVW47ESELpznhow12uysMsotpewMhUGLoBXw4PRsw==
ce90c17bd3f82f17513ec156d1ba9210.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/ce90c17bd3f82f17513ec156d1ba9210.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
95db8a9b223e23289fdaca9a64bceddf52771d09ab7fabf6f72fa450c414810e

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 01:15:07 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 22:43:36 GMT
server
AmazonS3
age
39509
etag
"e56d9e5b0b408b0e577ff0e04fa76476"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
85501
x-amz-cf-id
59_EboxkZqmg4PwNSKNKLln9DOGGcEPxuIre755MvKzjZ_dAEbSM1Q==
18ce4a9a9ea22f74b625a00aeca39e83.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		91 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/18ce4a9a9ea22f74b625a00aeca39e83.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a96de9b5cab3a965483ca1974e4c89f6e16b77ce6aa09ec9b58921a3da0778cd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 01:21:16 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 22:46:19 GMT
server
AmazonS3
age
39140
etag
"d45723af9b2303ea969d039a636798f0"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
92895
x-amz-cf-id
5bOxDNgsTeNtNg9DUIJFeAmYVv7i2BdtwJXIpdTNTmhOBFEXcjA0Og==
fddaed69a2bed88ad92c38982f93686e.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		183 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/fddaed69a2bed88ad92c38982f93686e.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b028c2df0b60ae6849af0ddee92ff49d080d5cf91041bae321397f5bb046d1e9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 20:50:23 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 14:21:32 GMT
server
AmazonS3
age
55393
etag
"73a453c9a0128143f366b1e5e56572ea"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
187395
x-amz-cf-id
LsaNCT2VrXpQ9oITV--GjF5ofdNTc7bmy0ZzEsQ_DrsEZBKLd7wm5w==
ccfa8ff892d2412b5b1ae6c85cf706a2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		128 KB
129 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/ccfa8ff892d2412b5b1ae6c85cf706a2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8c17613217b11da7589afe53aa138606274ad5c49d5638d5275b5ab4bbd76dcb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 15:35:11 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Wed, 06 May 2020 14:32:10 GMT
server
AmazonS3
age
74305
etag
"d7cd76130dc2ef962b685abedf8ef9c7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
131326
x-amz-cf-id
zAD92rJxgaRwaJnqPwO-tL7NV49ezipFceYF8w6e-HjJuyqvG1_7_g==
30b468439cea58f3e4135f3fbb2e20d2.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/30b468439cea58f3e4135f3fbb2e20d2.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a02e6cb846a5e7a2d7f10a40c60be5d5f6bf9f432e994e688990712714cd4eb0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 08:48:34 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 22:47:38 GMT
server
AmazonS3
age
12302
etag
"4c6d29b561bb462e16ef8238940f2ead"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
112086
x-amz-cf-id
xkyAAXzZ3sVH-2eqPdL-y3O3oQMJrn1hdncYaTc8xFmp_QlV_NBqXA==
2467be954d2ff73b7199a69b51464cd1.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/2467be954d2ff73b7199a69b51464cd1.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
29bb72af92ce3a332ed2315043b17307ae458d3e3b7e24db3bb47417d6e433f8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 09:15:45 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 22:46:32 GMT
server
AmazonS3
age
10671
etag
"18e1f4f94202668fce19bf47650863b1"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
100506
x-amz-cf-id
G2oLw5YEXQZ0oUs2COORKFv0fN_H0VKmhakKUwj7OMUVIyz8CVkLUw==
5025bd44e126ebf179feab18da0eaa47.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/5025bd44e126ebf179feab18da0eaa47.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
968f52680af792b0d892af779cdfc6a197c35698450088340c6a471b2e056a7d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 08:48:34 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 16:38:51 GMT
server
AmazonS3
age
12302
etag
"840ef35851453999ff445bb7251a9167"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
79470
x-amz-cf-id
9uo8cd5gmy4T8FjxookP2TCtNPWLgHPkQjnWBISzVD7Kg_pRLWP3bA==
6309ec9f3c9fc848f32290cb165930ec.png
d2t794khe5w43b.cloudfront.net/article/495x320/ 		280 KB
281 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/6309ec9f3c9fc848f32290cb165930ec.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
579d29f71b15657f86363fa09f655d4f41e3023e9601e46d81f56010eef88844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 04:16:59 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Tue, 05 May 2020 15:01:19 GMT
server
AmazonS3
age
28597
etag
"a46dbed618ed4de0683aff8615941684"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
286986
x-amz-cf-id
3iwkQE10JP5NHWNu4_Z9nQBdBs2N7QfyrI5w8a81-32GF1ePmJCYUA==
f51c4a5589c03415f84e2013ed34afe5.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/f51c4a5589c03415f84e2013ed34afe5.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a032bc143a0d78657b8ef39bd54084bfe9d5857f89cede4e17029bf6b7b08c91

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 08:48:34 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 21:14:18 GMT
server
AmazonS3
age
12302
etag
"28fd66f11a884598c0f05804eccb57eb"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
75274
x-amz-cf-id
CKPJHsk7YUdSK0hKUi0KWGcK-Ax616NpQIOW5HcXtAET6ZbST3HSrA==
bae06b43a843f4d575bc458f3e8516d7.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/bae06b43a843f4d575bc458f3e8516d7.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 09:58:58 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 21:11:36 GMT
server
AmazonS3
age
8078
etag
"309925db1294d77fe170e0e602c308ea"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
70279
x-amz-cf-id
ZyTgyMkxSUsOeBwaK4enS4NVnUK8GQXAjleInQQYuo9Z7ZHPW2e2oQ==
dfd685fa44ac7fd67fc0e81c31bce7da.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/dfd685fa44ac7fd67fc0e81c31bce7da.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9c80f88c3b68f5aa70d72e6cc3ee2b63c7304ae2d7d5a0699b2fde98d4e1100

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 09:15:45 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Mon, 04 May 2020 18:02:34 GMT
server
AmazonS3
age
10671
etag
"2242d3872e81ce688b35032a4cabf0cf"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
89850
x-amz-cf-id
yMVm_yffERZoNdtkWr5TnfXBy4dx2etdJhcoj6txcbqgO8-393l_bg==
18554b728b50fbabca02c5555043c903.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		104 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/18554b728b50fbabca02c5555043c903.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f6a0f2ed3d7266da65abffc40108aff7ec33d6d63a020893de90235e66dc78f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 09:33:59 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 20:55:49 GMT
server
AmazonS3
age
9577
etag
"f33bb7c52c6a52dbb1616989d9df9da4"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
106310
x-amz-cf-id
oXVKtqEbJryY3yLkQ7Nqrq6iof2hIObixdDqHR7gbjGgZw1oM6uW-Q==
8f97c6eb6a891ccd9e1a41bf68d1b2be.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/8f97c6eb6a891ccd9e1a41bf68d1b2be.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62e5d5f4a0db067e567962cfe7b9b938e4a0b6a7c5cc2c72f822caad1d5388f9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 13:14:28 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 20:12:18 GMT
server
AmazonS3
age
82748
etag
"0678700f5cec00da4f71216a1492efe7"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
150844
x-amz-cf-id
guBJJPCpmQXdXXop9aNVWLoOAnRjHpG28uWEZGPLxg4TFSCuB86bHQ==
c118366afd0d19c430611f527a871002.jpg
d2t794khe5w43b.cloudfront.net/article/495x320/ 		103 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2t794khe5w43b.cloudfront.net/article/495x320/c118366afd0d19c430611f527a871002.jpg
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:b000:3:442:6dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a492f8c0fdbb910dbabf2370b67bcd120f5c82f974104e30c9307f152c2025c1

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 09:59:02 GMT
via
1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 15:34:28 GMT
server
AmazonS3
age
8074
etag
"9d5d9b7aa09952711acb11cd66c6232f"
x-cache
Hit from cloudfront
content-type
application/octet-stream
status
200
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
105958
x-amz-cf-id
jXDdajN72XAryJPe5IzJVc6I-GixVDWXCqF_vwGflgkoyLWu6f1Dig==
liveView.php
live.sekindo.com/live/ 		25 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
fd75dfc55754771b904c39e575bc69d205fcc1789860d1cf0e4b6dd975d0466d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:34 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
envolope.png
d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/newsletter/2/envolope.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602079
etag
"543c-5a49574283abe"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
21564
x-amz-cf-id
TQx-YmFY6qc4YPAOw7tM848U9nVIoM_WnGLUnDWDzvwCJ5vYefZKWg==
expires
Fri, 08 May 2020 12:58:56 GMT
twitter.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/twitter.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:59 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602079
etag
"3bd9-5a4957729cdfc"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15321
x-amz-cf-id
dq7NOzBGejJAqzjc1JoJARI7SX72np-v6yFUH9woG6ncMv_Y5kGhOQ==
expires
Fri, 08 May 2020 12:58:56 GMT
facebook.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/facebook.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:34 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602079
etag
"3b58-5a49575a292c3"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15192
x-amz-cf-id
P7_upDYb8FsE3pe1IwzM8rE8Np1hhjK8A4BqtX6q677zVGSPFa15Uw==
expires
Fri, 08 May 2020 12:58:56 GMT
google-plus.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/google-plus.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:32 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602079
etag
"3c67-5a495758e012a"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15463
x-amz-cf-id
f-D9fk4j2TTe9He6xwCL6ih6twuUi5PmHDX4DqsK8IVKdkuK8_iAOg==
expires
Fri, 08 May 2020 12:58:56 GMT
rss.png
d2p6ty67371ecn.cloudfront.net/a/img/common/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/common/rss.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:56 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:09 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602079
etag
"3c51-5a4957425aa76"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
15441
x-amz-cf-id
wCwu2bX3VwsX-oZjiYMIm4OJHbbvnF-irq6T-oe2Af5EBQ73P2MC3g==
expires
Fri, 08 May 2020 12:58:56 GMT
script.js
d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2p6ty67371ecn.cloudfront.net/min/f=a/js/third_party/jquery.cookie.js,a/js/third_party/jquery.lightbox_me.js,a/js/script.js,a/js/homepage/script.js?v=27
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 / PHP/5.6.40
Resource Hash
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:59:07 GMT
content-encoding
gzip
age
602068
x-powered-by
PHP/5.6.40
x-cache
Hit from cloudfront
status
200
content-length
4389
last-modified
Fri, 01 May 2020 12:39:00 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
etag
"pub1588336740;gz"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
1wnIy3wRuhk1FuZFd9v5Lwq2BUOGm4eElRKaS-fECrgBgn_CRrSrkg==
expires
Sat, 01 May 2021 12:59:07 GMT
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
5700
date
Fri, 08 May 2020 10:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Fri, 08 May 2020 12:38:35 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-2249023-27
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f130.1e100.net
Software
cafe /
Resource Hash
65a1850028118c64febbde9b109da293910bfff6ee261caf0087d3d3364359ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
10877
x-xss-protection
0
server
cafe
etag
12200185889747903800
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:35 GMT
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414661
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Ru03x2LznQ0z7Qhab74VbHx12kghTh03XjwWvOGBZIYejK-Y5Rnvjw==
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47198
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
UhsAr2PrIx6eRSN1PoyPNIZX42n-EHzEA375dM8hXUMYlXxOvTu6AA==
pubads_impl_2020043001.js
securepubads.g.doubleclick.net/gpt/ 		239 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020043001.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
sffe /
Resource Hash
2531e515d47b88300e3c5e3a91d5d22a292bdfdb6cec2e6399090bd9545ba92c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 13:07:28 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87920
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:35 GMT
integrator.sync.js
adservice.google.de/adsid/ 		113 B
178 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
108
x-xss-protection
0
index.html
cdn.districtm.io/ids/ Frame B8BB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.districtm.io/ids/index.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
cdn.districtm.io
:scheme
https
:path
/ids/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
204
date
Fri, 08 May 2020 12:13:35 GMT
set-cookie
__cfduid=db2e4ccef058813d62ae674595de8d82d1588940015; expires=Sun, 07-Jun-20 12:13:35 GMT; path=/; domain=.districtm.io; HttpOnly; SameSite=Lax
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Origin
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
590318774df4c775-AMS
cf-request-id
0295cd9e8c0000c775451e2200000001
apstag.js
c.amazon-adsystem.com/aax2/ 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 20:13:12 GMT
content-encoding
gzip
server
Server
age
57623
etag
ad48a5f558eb50f381edaa87211f6c91
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
56d_GEfVRfJcS287uYjssXFHU57daFcDJ5qb-vkelx2m-akIdblFYA==
via
1.1 c3ea695df6623739937b8dda8c1599f9.cloudfront.net (CloudFront)
24
web.hb.ad.cpe.dotomi.com/s2s/header/ 		444 B
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:fa8:8806:16::1460 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
ed5eb4d1707f18429fad9c095555e3f20a6634778f2987e3f85f189007333a60

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
server
nginx
status
200
content-type
application/json
access-control-allow-origin
https://safehaven.com
cache-control
no-cache
access-control-allow-credentials
true
content-length
444
expires
0
prebid
ib.adnxs.com/ut/v3/ 		19 B
708 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.90:80
AN-X-Request-Uuid
7dbe309f-6fad-479b-833e-17d81b95b87b
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v2
e.serverbid.com/api/ 		16 B
167 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://e.serverbid.com/api/v2
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
178.128.135.80 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Fri, 08 May 2020 12:13:34 GMT
access-control-allow-credentials
true
access-control-allow-origin
https://safehaven.com
content-length
16
vary
Origin
content-type
application/json
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=15&p_pos=atf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=45d3e8e8-78d8-4551-976f-52516756fe3e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.04962650158906734
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
83df4aa4147870d1ba36e2e85617224cca5d2e15bcbbf6e33358243fab52a8b6

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=479
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=15&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=0c0299e0-78cf-4046-8d58-1b907764196d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3771370683004205
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
30a116c1c7e4fe1f52ed83a94155582ba3203e00e264cbad99267f180bc812e4

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=90
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		241 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244366&size_id=15&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=e537cc03-ea8e-4369-b874-1b48fd4bde09&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.3156526372603634
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
a02d73c04b6f00d2484cd44c0be9e20f6b9f7d4546efd517263a95d25ccebe2d

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=433
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244360&size_id=2&p_pos=atf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=12c4a0be-8108-4b8e-b409-e921a9ca1715&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5325305126923552
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
7b9a3920c68d1c803f5b5b1dbb23c54aa648fda94edb3e064ea688f26aa7dfa9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=190
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		240 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=19254&site_id=250874&zone_id=1244362&size_id=2&p_pos=btf&rp_schain=1.0,1!admetricspro.com,102,1,,,&rf=https%3A%2F%2Fsafehaven.com%2F&tk_flint=pbjs_lite_v3.8.0&x_source.tid=f8b13a1c-8090-4da0-b93f-3d40b243b80e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5779176109635098
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
69.173.144.140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
RAS 2.4 /
Resource Hash
d1f25cbabfc5855c96e1de616d03d0912a14db19cb4ac496b8c8c7f0a0be3dd8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Server
RAS 2.4
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Type
application/json
Keep-Alive
timeout=5, max=129
Content-Length
240
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
114 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

status
204
date
Fri, 08 May 2020 12:13:35 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://safehaven.com
ADTECH;apid=1A57cf07c0-9125-11ea-84af-122675b00be4;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1A57cf07c0-9125-11ea-84af-122675b00be4;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=15...
0
0
ADTECH;apid=1A57d6ee4a-9125-11ea-9741-12fd82435158;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;cfp=1;rndc=1588940014;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A57d6ee4a-9125-11ea-9741-12fd82435158;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=15...
0
0
ADTECH;apid=1A57d739a4-9125-11ea-813c-1212911483a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1A57d739a4-9125-11ea-813c-1212911483a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=158...
0
0
ADTECH;apid=1A57cec134-9125-11ea-8094-123c39a1c2a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A57cec134-9125-11ea-8094-123c39a1c2a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=15...
945 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A57cec134-9125-11ea-8094-123c39a1c2a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
df1cc68953b66dc9da4a1e666ad0fd6e992422256708c1ee4146729d00f738fd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:36 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
945
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:36 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051293/0/0/ADTECH;apid=1A57cec134-9125-11ea-8094-123c39a1c2a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5899e9f62e4f78d;misc=1588940015268
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
ADTECH;apid=1A57ce7fbc-9125-11ea-9607-126145921f52;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269
adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/
Redirect Chain
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269;
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269
  • https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A57ce7fbc-9125-11ea-9607-126145921f52;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=15...
944 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A57ce7fbc-9125-11ea-9607-126145921f52;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:97b6:26be:138a:cba8:bb01 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Adtech Adserver /
Resource Hash
2c403308659da12092fe74f50390db4e2523bbc5dfe2f8d69d99ecd8d22334fd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:36 GMT
server
Adtech Adserver
status
200
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
944
expires
Mon, 15 Jun 1998 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:36 GMT
server
nginx
status
302
location
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051301/0/0/ADTECH;apid=1A57ce7fbc-9125-11ea-9607-126145921f52;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=59f5aad4d93f7c2;misc=1588940015269
access-control-allow-methods
POST,GET,HEAD,OPTIONS
p3p
CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
access-control-allow-origin
https://safehaven.com
cache-control
no-store, no-cache
access-control-allow-credentials
true
content-length
0
expires
Mon, 15 Jun 1998 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ 		19 B
709 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 692.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.105:80
AN-X-Request-Uuid
84646e5d-da91-42c7-86cb-d3ed554a2294
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
teachingaids-d.openx.net/w/1.0/ 		172 B
567 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://teachingaids-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fsafehaven.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=-120&tws=1600x1200&be=1&bc=hb_pb_3.0.1&dddid=45d3e8e8-78d8-4551-976f-52516756fe3e%2C0c0299e0-78cf-4046-8d58-1b907764196d%2Ce537cc03-ea8e-4369-b874-1b48fd4bde09%2C12c4a0be-8108-4b8e-b409-e921a9ca1715%2Cf8b13a1c-8090-4da0-b93f-3d40b243b80e&nocache=1588940015273&pubcid=09acff4a-7eec-4a53-b8b2-f92553abe6ad&schain=1.0%2C1!admetricspro.com%2C102%2C1%2C%2C%2C&aus=300x250%7C300x250%7C300x250%7C728x90%7C728x90&divIds=div-gpt-ad-1553475674669-0%2Cdiv-gpt-ad-1553475817787-0%2Cdiv-gpt-ad-1553475909622-0%2Cdiv-gpt-ad-1553475988342-0%2Cdiv-gpt-ad-1553476044183-0&auid=540800705%2C540800706%2C540800707%2C540800708%2C540800709&
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.185.0 /
Resource Hash
ab94e116a884648a890f180df115df335536ec84adfe7edb4de3178b2185e3d1

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
server
OXGW/16.185.0
status
200
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://safehaven.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
163
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
ap.lijit.com/rtb/ 		23 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_3.8.0
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.19 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
8fddb86536b524fd5d0a74b64b88c8b5e6b10b8b9f19e68810b81684cfa1994b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://safehaven.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap4ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
fbevents.js
connect.facebook.net/en_US/ 		131 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id
2087142729
pragma
public
x-fb-debug
h30m8qUprexk/qA8TO40VtqKlc5z85E04i62jtS6lV038HqUr0iDX3O/LaMZj3u2QDkcKBwfFIMCZsYPjcCIYg==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Fri, 08 May 2020 12:13:35 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
vary
Accept-Encoding
content-length
31766
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
ee70c0a7d2f14ec08939692fc7857b11.js
cdn.pushcrew.com/js/ 		237 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pushcrew.com/js/ee70c0a7d2f14ec08939692fc7857b11.js
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3677 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c79ada16090cc7e94af116173695bfd88da9efe580f89749e1160ba9d49c54c

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
718
status
200
cf-request-id
0295cd9f2800000ea7e8109200000001
access-control-allow-origin
*
last-modified
Thu, 09 Apr 2020 07:33:27 GMT
server
cloudflare
etag
W/"5e8ecfc7-3b3a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 google
cache-control
max-age=43200
cf-ray
5903187848760ea7-FRA
expires
Fri, 08 May 2020 12:31:37 GMT
search.png
d2p6ty67371ecn.cloudfront.net/a/img/ 		770 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d2p6ty67371ecn.cloudfront.net/a/img/search.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:7e00:c:5250:79c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache/2.4.41 (Amazon) PHP/5.6.40 /
Resource Hash
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d

Request headers

Referer
https://d2p6ty67371ecn.cloudfront.net/min/f=a/css/style.css,a/css/homepage/style.css?v=27
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 May 2020 12:58:58 GMT
via
1.1 91ba7c34719cd9c69e0357c149b94b90.cloudfront.net (CloudFront)
last-modified
Fri, 01 May 2020 12:38:08 GMT
server
Apache/2.4.41 (Amazon) PHP/5.6.40
age
602077
etag
"302-5a495741b9834"
x-cache
Hit from cloudfront
content-type
image/png
status
200
cache-control
max-age=604800
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
770
x-amz-cf-id
ELY_o2qUp4uo9-R7Tj5h6dCI74mZ1QXZbLHWiv1feLC4rk17HfDPog==
expires
Fri, 08 May 2020 12:58:58 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59031878b8bdc775-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0295cd9f770000c775451ee200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=MxXU8Qx4MuhszlVCPkkz6HDeg9HJrV~450~div-gpt-ad-1553475674669-0&psa=0&zone=450&id=15024977&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.123:80
AN-X-Request-Uuid
ed5f413c-9d46-4600-950b-20e349b2070c
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59031878b8bfc775-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0295cd9f770000c775451ef200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=gSYgRZ1FVBJD4Tldl2vv03OFy52LO7~451~div-gpt-ad-1553475817787-0&psa=0&zone=451&id=15024978&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.239:80
AN-X-Request-Uuid
13391045-2a87-4922-b1a8-aca2d5797240
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59031878c8c4c775-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0295cd9f780000c775451f2200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=xBWhdp49mqiWoJ8fGecFVYgZVWdS7C~452~div-gpt-ad-1553475909622-0&psa=0&zone=452&id=15024979&member_id=1908&size=300x250&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.228:80
AN-X-Request-Uuid
6fc3659d-b537-48c4-92e6-00976a1560a2
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59031878c8c5c775-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0295cd9f780000c775451f3200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=U3GHffZ02VtiXPkweXZhJpH06FEdZa~453~div-gpt-ad-1553475988342-0&psa=0&zone=453&id=15024980&member_id=1908&size=728x90&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.230:80
AN-X-Request-Uuid
eb965a7f-1c61-4f4a-a495-653173ad74f8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
dmx.districtm.io/b/ 		0
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dmx.districtm.io/b/v1
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.190.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
server
cloudflare
status
204
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
cf-ray
59031878c8cac775-AMS
access-control-allow-headers
Content-Type, Origin
cf-request-id
0295cd9f790000c775451f4200000001
jpt
secure.adnxs.com/ 		0
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?callback=districtmHeader.ssp.appnexus.handleAppNexusCallback&callback_uid=V38yhJNVdg073DZ4KaSTD2YnW2NiPv~454~div-gpt-ad-1553476044183-0&psa=0&zone=454&id=15024981&member_id=1908&size=728x90&referrer=https://safehaven.com/
Requested by
Host: cdn.districtm.ca
URL: https://cdn.districtm.ca/merge/merge.142016.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 , Ascension Island, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
X-Proxy-Origin
82.102.19.136; 82.102.19.136; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.105:80
AN-X-Request-Uuid
ee3ccacb-c3d2-491c-9af0-7dac7d0e23cb
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 485A 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
268b2c4921b25753799dda461998bb5c1f8d14a18769b4fe5f51a9cfb6312f0a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/javascript; charset=utf-8
bid
c.amazon-adsystem.com/e/dtb/ 		23 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fsafehaven.com%2F&pid=p0Rc7OtukksVA&cb=0&ws=1600x1200&v=7.49.02&t=1200&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-ATF%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-300x250-BTF2%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-ATF%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F192633929%2Fsafehaven-728x90-BTF%22%7D%5D&pubid=cb8cfc89-e83e-44aa-a3a2-ff78eda781ef&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
via
1.1 c3ea695df6623739937b8dda8c1599f9.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
HAM50-C2
status
200
vary
User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
RZ_PjmPrgtiD2rbvY58aMc4SehISmIZZAA5duiQrZ9t-8ESggF3plQ==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 11:54:30 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
1146
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 09 Apr 2020 23:46:54 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 f1d5d7779515e0233ce392877610b704.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
x-amz-cf-id
Ok7ndRsav2pC9bx1evYKj5bcuEMGdy3g5ExscXHdkKuFLP-NuTMk1Q==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/814550776/?random=1588940015676&cv=9&fst=1588940015676&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1253753b607cadf62c8dd095b09364e9074b0561bb9e5bedc2900a40d01296bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1030
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/820290545/?random=1588940015679&cv=9&fst=1588940015679&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a678c6f006c27cbf26080c0660956e7fb24988a9a2c91283aad6fc8d234c350
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1027
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/802310072/?random=1588940015680&cv=9&fst=1588940015680&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
459edf69ef6408bbe3f9dfd06a27d1f543bdbcd7196f893eeb88b6aa5db2d35c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1027
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&aip=1&a=529772676&t=pageview&_s=1&dl=https%3A%2F%2Fsafehaven.com%2F&ul=en-us&de=UTF-8&dt=Safehaven.com%20%7C%20Preservation%20of%20Capital&sd=2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=1581210580.1588940016&jid=923695954&_gid=59486273.1588940016&gjid=1523967460&_v=j82&z=2036910862
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=1581210580.1588940016&jid=923695954&_gid=59486273.1588940016&gjid=1523967460&_v=j82&z=2036910862
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 08 May 2020 12:13:35 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2249023-27&cid=1581210580.1588940016&jid=923695954&_gid=59486273.1588940016&gjid=1523967460&_v=j82&z=2036910862
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
247445556002302
connect.facebook.net/signals/config/ 		475 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/247445556002302?v=2.9.18&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
173bf971478c26c62d39568f01aba75e836f04fe65b35d755803382abea7e5f5
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
122178
x-xss-protection
0
pragma
public
x-fb-debug
0ClyzVrb8eFtDhfdLBemHCUNy/oMc8oY4LLASDMJB9DtpLfkCWfjS13NSIdG7hT3SR97DQrmx6b50qFCJckPZg==
x-fb-trip-id
2087142729
x-frame-options
DENY
date
Fri, 08 May 2020 12:13:35 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
api.min.js
a.optmstr.com/app/js/ 		199 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.optmstr.com/app/js/api.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.100 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
c73e66343b58de4ecf1646d9910e95de94f4286795ce2a2c7ed7efacf6b60e63

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
last-modified
Thu, 07 May 2020 16:20:16 GMT
server
NetDNA-cache/2.2
x-amz-request-id
133571257D38D138
etag
W/"cf7fac43ccd9b89b61eb4521fe60a5f7"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
BDPjGzmDz6oJCL+16t2epF0rvzotI/visMoumJCc4JZdwy5O3MtuWSxPCg5EJKcRD+HA1U3ImUo=
expires
Mon, 03 May 2021 12:13:35 GMT
iab_consent_sdk.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 485A 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Feb 2020 15:01:36 GMT
Server
nginx
ETag
W/"5e441350-4be0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 12:13:35 GMT
DetectGDPR2.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 485A 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR2.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 18:48:12 GMT
Server
nginx
ETag
W/"5e2ddeec-211f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 12:13:35 GMT
DetectGDPR.v1.0.js
live.sekindo.com/content/ClientDetections/ Frame 485A 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/ClientDetections/DetectGDPR.v1.0.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Last-Modified
Sun, 26 Jan 2020 11:58:13 GMT
Server
nginx
ETag
W/"5e2d7ed5-1d87"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 12:13:35 GMT
hls.0.12.4_1.min.js
live.sekindo.com/content/video/hls/ Frame 485A 		247 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Last-Modified
Mon, 06 Jan 2020 15:31:55 GMT
Server
nginx
ETag
W/"5e1352eb-3dcb9"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 12:13:35 GMT
prebidVid.2.44.3_4.min.js
live.sekindo.com/content/prebid/ Frame 485A 		272 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 May 2020 09:21:08 GMT
Server
nginx
ETag
W/"5eafde84-4415a"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, public
Expires
Sat, 08 May 2021 12:13:35 GMT
liveVideo.php
live.sekindo.com/live/ Frame 485A 		413 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveView.php?s=98755&cbuster=%%CACHEBUSTER%%&pubUrl=%%REFERRER_URL_ESC%%&x=400&y=291&vp_content=plembed121drxwqzitg&vp_template=5146&subId=[SUBID_ENCODED]&schain=1.0,1!admetricspro.com,102,1&cbuster=1588940015&pubUrlAuto=https%3A%2F%2Fsafehaven.com%2F&videoType=flow&floatWidth=350&floatHeight=198&floatDirection=br&floatVerticalOffset=1&floatHorizontalOffset=1&floatCloseBtn=1&flowMode=undefined
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
8a591b125bab07a5b0a5fe290fe15165c2860f3935b7933b03f6ea0368611a1f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
/
www.google.com/pagead/1p-user-list/814550776/ 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/814550776/?random=1588940015676&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=2685312798&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/814550776/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/814550776/?random=1588940015676&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=2685312798&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/820290545/ 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/820290545/?random=1588940015679&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=2449933079&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/820290545/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/820290545/?random=1588940015679&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=2449933079&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/802310072/ 		42 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/802310072/?random=1588940015680&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=3142435240&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/802310072/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/802310072/?random=1588940015680&cv=9&fst=1588939200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2ou4t0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fsafehaven.com%2F&tiba=Safehaven.com%20%7C%20Preservation%20of%20Capital&async=1&fmt=3&is_vtc=1&random=3142435240&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:35 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
651529765710614
connect.facebook.net/signals/config/ 		475 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/651529765710614?v=2.9.18&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
370f89f6ebcec94f6a529911989dc8cd601a3cf2795b36cc3b5ba92fae8af47d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id
2087142729
pragma
public
x-fb-debug
oiron88V2jsUHckHI+fumCF9ZrJv7TOlEZNYPzlnVaM2qWpW3st46tk2UPTYR7aEr4zJbNcpn8BLMwJ9R+KfHw==
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
DENY
date
Fri, 08 May 2020 12:13:35 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1200
vary
Accept-Encoding
content-length
122179
x-xss-protection
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
252 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=247445556002302&ev=PageView&dl=https%3A%2F%2Fsafehaven.com%2F&rl=&if=false&ts=1588940015870&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1588940015869.1925411397&it=1588940015734&coo=false&rqm=GET
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT, Fri, 08 May 2020 12:13:35 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Fri, 08 May 2020 12:13:35 GMT
20987
api.omappapi.com/v2/embed/ 		82 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.omappapi.com/v2/embed/20987
Requested by
Host: a.optmstr.com
URL: https://a.optmstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.84 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-84.ham50.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
813628535187fe19c6e20047ec1987cb69c53a0fdc33b3bec28d2876a683a6d9

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
HAM50-C1
x-cache-status
HIT
x-cache
Miss from cloudfront
status
200
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
1720
x-user-agent
standard
server
Pagely Gateway/1.5.1
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
via
1.1 432b13056093689871d6c14aa8f1c81e.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Account
access-control-allow-origin
*
x-amz-cf-id
5Ff_5MFaKvlEgOzFn0M-fH3AY3yLS_eU9mCij3NoneADFE3hzuoOvg==
/
www.facebook.com/tr/ 		44 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=651529765710614&ev=PageView&dl=https%3A%2F%2Fsafehaven.com%2F&rl=&if=false&ts=1588940015932&sw=1600&sh=1200&v=2.9.18&r=stable&ec=0&o=30&fbp=fb.1.1588940015869.1925411397&it=1588940015734&coo=false&rqm=GET
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:35 GMT, Fri, 08 May 2020 12:13:35 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Fri, 08 May 2020 12:13:35 GMT
apstag.js
c.amazon-adsystem.com/aax2/ Frame 485A 		101 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
Server /
Resource Hash
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 20:13:12 GMT
content-encoding
gzip
server
Server
age
57624
etag
ad48a5f558eb50f381edaa87211f6c91
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
iXP4Jbkql0En_sRYIsX5VsMN0LMaONvQj-10GwR81idk7lR255ehlg==
via
1.1 c3ea695df6623739937b8dda8c1599f9.cloudfront.net (CloudFront)
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 485A 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.191.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-191-80.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 11:54:30 GMT
content-encoding
gzip
vary
Accept-Encoding,Origin
age
1147
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Thu, 09 Apr 2020 23:46:54 GMT
server
AmazonS3
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 f1d5d7779515e0233ce392877610b704.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
HAM50-C2
x-amz-cf-id
nArW8D6kKCpVRJRhCW3X1WR7-Ahy_46uqyl_8HCW88nVC2fqqPrBrQ==
css
fonts.googleapis.com/ Frame AD5C 		2 KB
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 12:13:36 GMT
server
ESF
date
Fri, 08 May 2020 12:13:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 12:13:36 GMT
css
fonts.googleapis.com/ Frame 9FE7 		2 KB
638 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 12:13:36 GMT
server
ESF
date
Fri, 08 May 2020 12:13:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 12:13:36 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 91C9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.32 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-32.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:28:34 GMT
ETag
"1300708-2eae-5a33da96f833f"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
4169
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=109018
Expires
Sat, 09 May 2020 18:30:34 GMT
Date
Fri, 08 May 2020 12:13:36 GMT
Connection
keep-alive
Vary
Accept-Encoding
placeHolder.png
live.sekindo.com/content/video/splayer/assets/ 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/content/video/splayer/assets/placeHolder.png
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx /
Resource Hash
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:35 GMT
Last-Modified
Sun, 11 Jun 2017 08:04:05 GMT
Server
nginx
ETag
"593cf975-5dbf"
Content-Type
image/png
Cache-Control
no-cache, private
Accept-Ranges
bytes
Content-Length
23999
Expires
Fri, 08 May 2020 12:13:34 GMT
logo_5146.png
video.sekindo.com/uploads/video/users/logo/19668/ Frame AD5C 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/video/users/logo/19668/logo_5146.png?cbuster=1563896491
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Tue, 23 Jul 2019 15:41:25 GMT
Server
Tengine
ETag
"5d372aa5-470b"
X-Cache-Status
MISS
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
max-age=604800, private
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
18187
Expires
Fri, 15 May 2020 12:13:35 GMT
vid5eb520d45c646066411871.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.jpg?cbuster=1588928725
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
ebcbd416dce4983b194431a61a1b40209efab2f2a682ba19006edd2a941f20d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Fri, 08 May 2020 09:10:35 GMT
Server
Tengine
ETag
"5eb5220b-2fc7"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
12231
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733289db1548301905.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733289db1548301905.jpg?cbuster=1588884276
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
5c8b3abfc048dad503e3e5a62c1518c4c0e933389e46f8339990b12c4deb9213
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:43:47 GMT
Server
Tengine
ETag
"5eb48113-6784"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
26500
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733ee9052239075304.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733ee9052239075304.jpg?cbuster=1588884290
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
39ac46b13bedb7f0fdf649e1b604d551d1070130f08b8bfe74583bde4cc4ebbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:46:59 GMT
Server
Tengine
ETag
"5eb481d3-224e"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
8782
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733d9afab339860429.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733d9afab339860429.jpg?cbuster=1588884286
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
96a1afb1b91fa08558e5a5eb58c0497a7ae508c4d2134fda29fbb66df408168e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:46:03 GMT
Server
Tengine
ETag
"5eb4819b-5760"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
22368
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733c0dbdc216040941.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733c0dbdc216040941.jpg?cbuster=1588884285
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
d72afc407a3d6289f8150ea724ffd9ef215084236cfb6c831a3d91f136cda7ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:45:50 GMT
Server
Tengine
ETag
"5eb4818e-2595"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
9621
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733abe02e232097995.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733abe02e232097995.jpg?cbuster=1588884283
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
96a1afb1b91fa08558e5a5eb58c0497a7ae508c4d2134fda29fbb66df408168e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:45:23 GMT
Server
Tengine
ETag
"5eb48173-5760"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
22368
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb47338c1907736866527.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb47338c1907736866527.jpg?cbuster=1588884282
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
856ebd974805a315c6419b50ff68e30ca94f384415d85af8c56cbb5479f3faa8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:45:09 GMT
Server
Tengine
ETag
"5eb48165-4f50"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
20304
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb47337a1a7a278668266.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb47337a1a7a278668266.jpg?cbuster=1588884280
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
2e14464924e0301cda997640b9918eb65cca0c896a4610e0b35101975b013adf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:44:51 GMT
Server
Tengine
ETag
"5eb48153-2762"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
10082
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb47335316e8519280491.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb47335316e8519280491.jpg?cbuster=1588884279
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
4477dd6cbad78ef9acc3c17095843a20dd110fe9adccea64a6db0b87086fdd81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:44:37 GMT
Server
Tengine
ETag
"5eb48145-340d"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
13325
Expires
Thu, 31 Dec 2037 23:55:55 GMT
vid5eb4733466ad8584484743.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame 9FE7 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb4733466ad8584484743.jpg?cbuster=1588884276
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
f43d2cf395827366eb0b0ae06b9cc2446cd50b8cb198ad918bd550591c9e9571
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Thu, 07 May 2020 21:43:52 GMT
Server
Tengine
ETag
"5eb48118-5d81"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
23937
Expires
Thu, 31 Dec 2037 23:55:55 GMT
sync
x.bidswitch.net/ul_cb/ Frame 485A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent=
43 B
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.50.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-50-21.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 08 May 2020 12:13:36 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status
302
date
Fri, 08 May 2020 12:13:36 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&user_id=5eb54cef8d403&custom_data=5eb54cef8d403&gdpr=1&gdpr_consent=
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
liveCS.php
live.sekindo.com/live/ Frame 485A
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.sekindo.com%2Flive%2FliveCS.php%3Fsource%3Dexternal%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
  • https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=349f9a39-45ad-49d7-9d8f-e015a7e89095
0
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=349f9a39-45ad-49d7-9d8f-e015a7e89095
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:36 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
no-store
Content-Type
text/html; charset=utf-8

Redirect headers

status
307
date
Fri, 08 May 2020 12:13:36 GMT
content-length
0
location
https://live.sekindo.com/live/liveCS.php?source=external&pixel=&advId=93&advUuid=349f9a39-45ad-49d7-9d8f-e015a7e89095
vid5eb520d45c646066411871.jpg
video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/ Frame AD5C 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.sekindo.com/uploads/cn13/video/users/converted/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.jpg?cbuster=1588928725
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
ebcbd416dce4983b194431a61a1b40209efab2f2a682ba19006edd2a941f20d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://amli.sekindo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Fri, 08 May 2020 09:10:35 GMT
Server
Tengine
ETag
"5eb5220b-2fc7"
X-Cache-Status
HIT
Strict-Transport-Security
max-age=31536000
Content-Type
image/jpeg
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
12231
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/ Frame AD5C 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame AD5C 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 23 Apr 2020 17:38:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1276485
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6490
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 23 Apr 2021 17:38:51 GMT
mobile-detect.min.js
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/ 		38 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7876540
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0295cda22d000005d4ef3de200000001
served-in-seconds
0.002
timing-allow-origin
*
last-modified
Sat, 08 Sep 2018 10:00:50 GMT
server
cloudflare
etag
W/"5b939dd2-9624"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5903187d1e1505d4-FRA
expires
Wed, 28 Apr 2021 12:13:36 GMT
liveView.php
live.sekindo.com/live/ Frame 485A 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb520d45c646066411871.mp4&vid_content_id=788378&vid_content_desc=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_title=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_duration=412&debugInformation=&x=396&y=223&fpl=1&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&cbuster=1588940016200&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
6769cb764951b70dd99e89f033efae1b5e4e9b2e115318a96ff986718d655a68

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1274
liveView.php
live.sekindo.com/live/ Frame 485A 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=1&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb520d45c646066411871.mp4&vid_content_id=788378&vid_content_desc=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_title=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_duration=412&debugInformation=&x=350&y=197&fpl=1&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&cbuster=1588940016201&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e9d44c35939572d662858a3b8dd791268710f25e9e030851fb974326092be23f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
1275
liveView.php
live.sekindo.com/live/ Frame 485A 		2 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb520d45c646066411871.mp4&vid_content_id=788378&vid_content_desc=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_title=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_duration=412&debugInformation=&x=396&y=223&fpl=1&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&cbuster=1588940016201&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
22
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin
https://safehaven.com

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:36:18 GMT
status
200
etag
"1544639778"
vary
Accept-Encoding
x-cache
HIT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
77171
liveView.php
live.sekindo.com/live/ Frame 485A 		2 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.sekindo.com/live/liveView.php?s=58057&vid_vastTimeout=-1&vid_vastType=3&vid_playerVer=3.0.0&vid_viewabilityState=0&vid_playbackMethod=auto&vid_content_url=https%3A%2F%2Fvideo.sekindo.com%2Fuploads%2Fcn13%2Fvideo%2Fusers%2Fconverted%2F24485%2Fvideo_5b4c8dbbc9a66557872002%2Fvid5eb520d45c646066411871.mp4&vid_content_id=788378&vid_content_desc=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_title=Siemens+CEO+on+Earnings%2C+Liquidity%2C+Pandemic+Strategy&vid_content_duration=412&debugInformation=&x=350&y=197&fpl=1&pubUrl=https%3A%2F%2Fsafehaven.com%2F&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&isApp=0&geoLati=50.884700775146484&geoLong=4.504899978637695&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&cbuster=1588940016364&gdpr=1&gdprConsent=&isWePassGdpr=0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:35 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
https://safehaven.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Content-Type
application/json; charset=utf-8
Content-Length
22
chunklist_640.m3u8
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/chunklist_640.m3u8
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
064e739a77f7623ba98eb109804d6d70d0773ee7be25f8a7d72e580fff406aa4

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Fri, 08 May 2020 09:12:29 GMT
Server
Tengine
ETag
"5eb5227d-8cc"
Content-Type
application/vnd.apple.mpegurl
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:51 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
2252
X-Proxy-Cache
HIT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame AD5C 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto&display=swap
Origin
https://safehaven.com

Response headers

date
Wed, 01 Apr 2020 18:22:23 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
3174673
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Thu, 01 Apr 2021 18:22:23 GMT
/
www.facebook.com/tr/ 		0
71 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarytC2Yy4Ujq2zYUQY0

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 08 May 2020 12:13:36 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
content-length
0
auction
prebid-server.rubiconproject.com/openrtb2/ Frame 485A 		184 B
386 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.217.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-217-231.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3d934bc80fa57d4a2bdc380c77cbf780b38e82c56c4f4532ab266e88e1a94d73

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
status
200
content-type
application/json
access-control-allow-origin
https://safehaven.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
174
expires
0
/
www.facebook.com/tr/ 		0
32 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryL06A4G2oQkxX8Yt7

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
date
Fri, 08 May 2020 12:13:36 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://safehaven.com
access-control-allow-credentials
true
content-length
0
ads
securepubads.g.doubleclick.net/gampad/ 		19 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4389465912116682&correlator=4478492548118749&output=ldjh&impl=fifs&adsid=NT&vrg=2020043001&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200508&iu_parts=192633929%2Csafehaven-300x250-ATF%2Csafehaven-300x250-BTF%2Csafehaven-300x250-BTF2%2Csafehaven-728x90-ATF%2Csafehaven-728x90-BTF&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&prev_iu_szs=300x250%2C300x250%2C300x250%2C728x90%2C728x90&prev_scp=amznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2%7Camznbid%3D2%26amznp%3D2&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1588940016&dt=1588940016498&dlt=1588940014902&idt=250&frm=20&biw=1585&bih=1200&oid=3&adxs=1068%2C1068%2C240%2C241%2C429&adys=661%2C943%2C2295%2C1206%2C3125&adks=814543115%2C3046793618%2C190242331%2C1732354106%2C2965735416&ucis=1%7C2%7C3%7C4%7C5&ifi=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fsafehaven.com%2F&dssz=59&icsg=180388669440&mso=32&std=31&vis=1&dmc=8&scr_x=0&scr_y=0&psz=320x532%7C320x532%7C395x250%7C824x90%7C1585x90&msz=320x250%7C320x250%7C395x250%7C824x90%7C1585x90&ga_vid=1581210580.1588940016&ga_sid=1588940017&ga_hid=529772676&fws=0%2C0%2C0%2C0%2C0&ohw=0%2C0%2C0%2C0%2C0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020043001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
10312446516e607af468800c11a482b77848a0921367b600637088c90c2a03b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4888
x-xss-protection
0
google-lineitem-id
5012158941,5012537195,5012542490,5012545628,5012261260
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138265267020,138265545376,138265545085,138265545127,138265239347
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://safehaven.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers
w_640_000.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		314 KB
315 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_000.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
4af00ba1a8bb2dd1374c5d434a9e0869343c8ea57922fdae7a53df4cf8bf40e4

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:51 GMT
Last-Modified
Fri, 08 May 2020 09:12:04 GMT
Server
Tengine
ETag
"5eb52264-4e9fc"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:51 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
322044
X-Proxy-Cache
HIT
f7a1a450-0115-42b5-b1f4-d58fb39952c4
https://safehaven.com/ Frame 485A 		63 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://safehaven.com/f7a1a450-0115-42b5-b1f4-d58fb39952c4
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length
64352
Content-Type
text/javascript
css
fonts.googleapis.com/ 		5 KB
750 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
76c828df931848541d008f5df340db07e1fd29788cd50f9f86198c9c452fdc9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 12:13:36 GMT
server
ESF
date
Fri, 08 May 2020 12:13:36 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 12:13:36 GMT
font-awesome.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
2901956
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0295cda43c000005d4ef3fd200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
W/"5afd4939-9226"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
590318806a0705d4-FRA
expires
Wed, 28 Apr 2021 12:13:36 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Origin
https://safehaven.com

Response headers

date
Wed, 06 May 2020 00:50:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
213799
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Thu, 06 May 2021 00:50:17 GMT
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:600,400
Origin
https://safehaven.com

Response headers

date
Fri, 10 Apr 2020 08:39:52 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:44 GMT
server
sffe
age
2432024
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9180
x-xss-protection
0
expires
Sat, 10 Apr 2021 08:39:52 GMT
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032302D30352D30385F31357D7B7331313031303933367D7B4338357D7B536332466D5A576868646D56754C6D4E7662513D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6D61636F73787D7B583430307D7B593239317D7B66317D7B4C353134367DFEFE&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F74.0.3729.169+Safari%2F537.36&playerVersion=3.0.0&fpl=-1&debugInformation=&isWePassGdpr=0&schain=1.0%2C1%21admetricspro.com%2C102%2C1&csuuid=5eb54cef8d403&debugInfo=11010936_&debugPlayerSession=&sta=11010936&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed121drxwqzitg&secondaryContent=&x=400&y=291&pubUrl=https%3A%2F%2Fsafehaven.com%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=1&impGap=2&flow_width=350&flow_height=198&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=50.884700775146484&geoLong=4.504899978637695&vpTemplate=5146&flowMode=both&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.css
Origin
https://safehaven.com

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
8602191
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
77160
cf-request-id
0295cda49200000629bb8c6200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:19:53 GMT
server
cloudflare
etag
"5afd4939-12d68"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
59031880e9b50629-FRA
expires
Wed, 28 Apr 2021 12:13:36 GMT
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ Frame A876 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47199
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
144l5NwW-h2LqOl6E87pPPPFwBLKDDG4WbkJfwxdHTPen3gkbEU2CQ==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame A876 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414662
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
HzhT74ppNGITOWtfDQoysffAWcvQx1MfJSvX48bf-ILU5WONHX-G0A==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame A876 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:36 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame A876 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
osd.js
www.googletagservices.com/activeview/js/current/ 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020043001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ Frame 86B0 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47199
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
1T-whhCoVcDQMvTXCneXNSiC4MUcltUIVzp1W3lH3TkN2G9G-dXnmg==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 86B0 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414662
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
iJPFvmWWGTinXQgvjYgf8xHzRoFBpWc0Li3QwmtW90--qDYE0pxsIw==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 86B0 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:36 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 86B0 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ Frame 1866 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47199
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
5uhZ-FuORCBCJJls2TA7WPFkTKUBvm_ROHd7PYDaBmjLZRvX762I3A==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 1866 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414662
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
e5WbL7kOYy69prihRKRFkucyhl-nEoNrQKA1vOnQK8avT7Ems-n_ug==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 1866 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:36 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 1866 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ Frame D0C7 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47199
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nOQ_FkqM8wCjEFEH8eFNsMDA97cnSKWUAsYPvcTaoEjF5AJNbCG6kw==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame D0C7 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414662
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Mr8rc5CG7teuQJJXomCycWj4imGJ6AbYcEet5BHq64wssaSQxUiH0Q==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame D0C7 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:36 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame D0C7 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
bl-2a28c82-30fdb1af.js
tagan.adlightning.com/math-aids/ Frame 2D60 		95 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/bl-2a28c82-30fdb1af.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 07 May 2020 23:06:58 GMT
content-encoding
gzip
age
47200
x-cache
Hit from cloudfront
status
200
content-length
40717
x-amz-meta-git_commit
2a28c82
last-modified
Thu, 07 May 2020 23:03:03 GMT
server
AmazonS3
etag
"a1cfcb7a7a9eb92fc44067fa7040747c"
x-amz-version-id
KBxEgDVLhgkCX7nnqONQYUX36.Lhe3VZ
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
bVyWL5PcpIoztb7Dgqlinh0wD2UUCLYEFNus2D-29FLWdBNGnQ-jCA==
b-0d4dfcb.js
tagan.adlightning.com/math-aids/ Frame 2D60 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.182.108 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-182-108.ham50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 22 Apr 2020 03:15:55 GMT
content-encoding
gzip
age
1414663
x-cache
Hit from cloudfront
status
200
content-length
12572
x-amz-meta-git_commit
0d4dfcb
last-modified
Wed, 22 Apr 2020 03:14:44 GMT
server
AmazonS3
etag
"34462ea6330b72d722f58f107de6222c"
x-amz-version-id
TzIl1bIdgPnKW4fKc7hSFVBab94YVS9l
via
1.1 b601b11612dbb318dc18b8b7062715df.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
HAM50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
FwtNcCgUcwZh8RvTjPTeIuLDu76eMXZdZXVUmBZVa_1waXAB4p-w7Q==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame 2D60 		107 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
39155
x-xss-protection
0
server
cafe
etag
18137084984814927362
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:36 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 2D60 		74 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
28331
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:36 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020043001&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020043001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1f55c300c75dca148e4cc89dca18f72792cdf02ef36b35e2e4dd9cc91f388741
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5691
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame A876 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvSZSXhXUA82nEWdcze3VdbYMv8zcsEkoYQDcSW6UNIGcAN0XxuysGNlrMnokgRE5WzUj0mEfRESY_e58gjPG_GQV2DP4MHPr9m7aj1E0yfklk3It1U0prdL9sqWnC776fDNnorN6phRqH0TPVb3YRvaWGjTuVfyDuiOxSOCN-BPBHaaJ-n3shV-oJfRuLPPaPhS7y8SbrExyEiPPRfVUhlya9bqsy_QxIpvWAgByxUcOj0jjUHEf9zcBpLkYHNALAuQVWp19QbmucZebqYy_8&sai=AMfl-YTO7XZHMixVR2IcGq63sqTcoXDSnmITxxuwQW0HWF5DlRfYirMEcZMNafDBAEq-0WiXVCfItQ8iBQ1FPw94XjdZfbdn6CkN-nkZIToL&sig=Cg0ArKJSzP2YmjQ3YzQXEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
truncated
/ Frame A876 		214 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6610647c9a66faa8333614680765ecc14236e66c2ce569c837101fed800deded

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
sodar2.js
tpc.googlesyndication.com/sodar/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 86B0 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu-hvqognoV5Eyc2hQUuZz0JIGYR6U3lo6FgmSjYQEUA_W_jEEEBj_IlIcMizSDFWbBxqqhhpuUZEiyQtf0tAa9iYxKBi1j3Jx2GKN32XoIaXR8qC0-fmEYgR_oJ9hnC0-TrRz9jFMTTPTWCrZ4ARy767fqV9JkiGF0Pl10SlboJDssnRoOf6afUAtZ5Me_PWb6eZRSDcFtMvhDTua-4_I5MYTlLxOEBXBUT-CLidAQTfRwtYb4wN3M6xcTuGamHDuLlD0o_J_MG0bfGP2epRI&sai=AMfl-YR1ZbetBFYJ9RscfgXoOjFmaIVqo0QUeUKsq5x1MjL0Nev3x3vk4-kcBFJZdL4wrYyX-TrBriMSLp334M8NgEQ9VMjWA8UP5f_QP6UQ&sig=Cg0ArKJSzLmwmFH4Fg7ZEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 86B0 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7fd17f9a9030c1e0cf69a0626cfe8ad7cd63e1fda84a5ba25b7f3bb9fec64e70

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame A876 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame A876 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame A876 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:37 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/ Frame 13C3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200506/r20190131/zrt_lookup.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200506/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Thu, 07 May 2020 02:45:36 GMT
expires
Thu, 21 May 2020 02:45:36 GMT
content-type
text/html; charset=UTF-8
etag
4094386822458569044
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4444
x-xss-protection
0
cache-control
public, max-age=1209600
age
120481
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
view
securepubads.g.doubleclick.net/pcs/ Frame 1866 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuNJbska3csqxGQw5HL0P_b7AOzJKaQZGmb_kX1-suSLKSn00vOLBbTktF6WOMigg7tfZaT9QvVkJB41ipwIrwdxckfRU6dVQ3cjaHnjT9NUF_KmGuafkgqkOycTDKDE116OOHSxUqyFfiTMC9CF8I6NQl3rdjoXxmMGk3DFWaHEJqCLp8agdLL6xDeF2pxWuTjmD3V3KbVG2O09oWfYattqi_PF1ttIvQ-MCo2b5X145LK1OyzagldItfK0Esr0wxDAJAtZ5SZ1iE9ZT_OIa91&sai=AMfl-YQ1fCfZOWxX1Wzul_aYrQkddfRiLi-gmkGJdCL1OYL28xlghnMVy2y4grq6KjV0a7SCpSWey7XTyIZhmEBC-foKbKxqI2iyAgQroelI&sig=Cg0ArKJSzITauwl3WSjvEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 1866 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
143bfa4037e59e226fe716343ad9f20238f6a954f286f7924ebcc0efe7637363

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
view
securepubads.g.doubleclick.net/pcs/ Frame D0C7 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvIYkQpBqa4KjkgZqZSTTjKcKikRHtk0HXWZdOTFMmoUXk9q6QObyvPUu14gqZF5jgDfM6rqh00ozxcOSsV-yrX7WITDf-mU1RY3COoenGePnJj7_6nsmLuEHLzseUbCaIxVfoF4agQJaTyMxYW8FriQ7O9CbiKQw0wLMcKSgDEz2JqsyDQF7tjqoljoJJQsS4vKydGAEuMOoF914K9Q6HZtQLElb6-3C47aRfj8pcmu4CR_oz6u3vPcFmyKhqGmdv0q2GgW4_Ea8ITpwibxA&sai=AMfl-YRXc017HYTRN50rImrJDKrqJNqUtE0lTBiyNmR8Tg35gw8OJYn0L7cX9Ex7U1AGSOzJqob1zBeEoQW9WkMbBGi5Q7USHvoa_ozZ9W0R&sig=Cg0ArKJSzApKatIkkMmhEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame D0C7 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1bde7bc867e9c19a6f6134b4bf63804a9708ec5abc4929715b1efb74b20a9180

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame 86B0 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 86B0 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 86B0 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:37 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 2D60 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsutqDhzGIRyY3DEoj9y1qYtxC-K7JeyHmVIY4PWJkdwdkTwDpe_R2Dw1tdjgJA07AGVb7QsjJDxGCV0HKGvlylCiuSz17grtAgWV0beES6izKs0W059znHQgVv1cdHSc2VJaQzGTBctmYNp9Tr0hXB3zkm-Ry5xlCFnDVixf3b3n4ea3AvjWFvM6CN2tYZbIc054zFEH96o1n8yplIt395Kw70ePRKgKPuJcIhWlXS5TNcE-zEVE4tlE-7mqWbfvaiDvBAgnK5FWtRdd_wjmA&sai=AMfl-YQknqOMHpO3-tByjPiSaIpD86KyXDPNN1J4xk2E_AVsYjWFjp0pWURbQXYR9qt23DKR0ujwHFSywm2JZlAb64YVKW5tP7n7aLCu2R3t&sig=Cg0ArKJSzEymUY_Vij2WEAE&urlfix=1&adurl=
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s16-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
truncated
/ Frame 2D60 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f37cb8f3a3ad5b80d21d50929742a855b9f58c05d161391b2699571804971f2

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
integrator.js
adservice.google.de/adsid/ Frame 1866 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 1866 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 1866 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:37 GMT
integrator.js
adservice.google.de/adsid/ Frame D0C7 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D0C7 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame D0C7 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:37 GMT
integrator.js
adservice.google.de/adsid/ Frame 2D60 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 2D60 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=safehaven.com
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/ Frame 2D60 		217 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
83827
x-xss-protection
0
server
cafe
etag
14851109439880523126
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 08 May 2020 12:13:37 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame FCB8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/op.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2544
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ads
googleads.g.doubleclick.net/pagead/ Frame F1B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017207&bpp=24&bdt=267&idt=357&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=2&ga_vid=872445442.1588940018&ga_sid=1588940018&ga_hid=1195151529&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=723020603681401&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.a9iui6e5w30h&fsb=1&dtd=376
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=9357229395&adk=309087674&adf=3173046727&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017207&bpp=24&bdt=267&idt=357&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=2&ga_vid=872445442.1588940018&ga_sid=1588940018&ga_hid=1195151529&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=661&biw=1585&bih=1200&isw=300&ish=250&ifk=751659263&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=723020603681401&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.a9iui6e5w30h&fsb=1&dtd=376
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 12:13:37 GMT
server
cafe
content-length
19370
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame A876 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
usync.html
eus.rubiconproject.com/ Frame 7FC7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/prebid/prebidVid.2.44.3_4.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.78.125 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding
gzip
Content-Length
9125
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=35022
Expires
Fri, 08 May 2020 21:57:19 GMT
Date
Fri, 08 May 2020 12:13:37 GMT
Connection
keep-alive
Vary
Accept-Encoding
ads
googleads.g.doubleclick.net/pagead/ Frame C9E1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&dt=1588940017455&bpp=3&bdt=498&idt=200&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1666900433.1588940018&ga_sid=1588940018&ga_hid=1222251735&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2507&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=3611683374944784&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.mmaa671i5w23&btvi=1&fsb=1&dtd=216
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=1547377351&adk=1247324859&adf=3173046725&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&dt=1588940017455&bpp=3&bdt=498&idt=200&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1666900433.1588940018&ga_sid=1588940018&ga_hid=1222251735&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=240&ady=2507&biw=1585&bih=1200&isw=300&ish=250&ifk=364837978&scr_x=0&scr_y=0&eid=21066085&oid=3&pvsid=3611683374944784&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.mmaa671i5w23&btvi=1&fsb=1&dtd=216
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 12:13:37 GMT
server
cafe
content-length
19315
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 1866 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 4A97 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017475&bpp=3&bdt=509&idt=210&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1907760033.1588940018&ga_sid=1588940018&ga_hid=156243219&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1206&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21066085%2C44716866&oid=3&pvsid=200796105327949&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.sffqol1zqlvi&btvi=1&fsb=1&dtd=218
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=1978622193&adk=2047003747&adf=3173046724&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017475&bpp=3&bdt=509&idt=210&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=1907760033.1588940018&ga_sid=1588940018&ga_hid=156243219&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=241&ady=1206&biw=1585&bih=1200&isw=728&ish=90&ifk=1506950742&scr_x=0&scr_y=0&eid=21066085%2C44716866&oid=3&pvsid=200796105327949&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.sffqol1zqlvi&btvi=1&fsb=1&dtd=218
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 12:13:37 GMT
server
cafe
content-length
19205
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame D0C7 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame D947 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017366&bpp=5&bdt=415&idt=367&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=708233854.1588940018&ga_sid=1588940018&ga_hid=620661132&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21066085%2C21062175&oid=3&pvsid=2714834117011205&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.4ziak0tjrmqa&fsb=1&dtd=382
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=250&slotname=8782514321&adk=1231975816&adf=3173046726&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017366&bpp=5&bdt=415&idt=367&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=708233854.1588940018&ga_sid=1588940018&ga_hid=620661132&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1068&ady=943&biw=1585&bih=1200&isw=300&ish=250&ifk=750481399&scr_x=0&scr_y=0&eid=21066085%2C21062175&oid=3&pvsid=2714834117011205&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.4ziak0tjrmqa&fsb=1&dtd=382
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 12:13:37 GMT
server
cafe
content-length
19273
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 86B0 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame E277 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017502&bpp=3&bdt=528&idt=272&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=240465734.1588940018&ga_sid=1588940018&ga_hid=1091402820&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3125&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085%2C26835105&oid=3&pvsid=346686311625295&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.xlhffntkpkmj&btvi=1&fsb=1&dtd=281
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-8460394618887212&output=html&h=90&slotname=7090869147&adk=109494614&adf=3173046723&w=728&psa=0&guci=1.2.0.0.2.2.0.0&format=728x90&url=https%3A%2F%2Fsafehaven.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1588940017502&bpp=3&bdt=528&idt=272&shv=r20200506&cbv=r20190131&ptt=9&saldr=aa&correlator=4849577661628&frm=23&ife=4&pv=1&ga_vid=240465734.1588940018&ga_sid=1588940018&ga_hid=1091402820&ga_fc=0&iag=3&icsg=8362&nhd=1&dssz=14&mdo=0&mso=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=429&ady=3125&biw=1585&bih=1200&isw=728&ish=90&ifk=4249146180&scr_x=0&scr_y=0&eid=21066085%2C26835105&oid=3&pvsid=346686311625295&pem=666&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=8212&bc=31&ifi=1&uci=1.xlhffntkpkmj&btvi=1&fsb=1&dtd=281
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUmRibDsi1h_-7lQjIxKS1A9zO_0xrXBjlU7tdSGYevu8c2oReYAmA5N-Wpl
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 08 May 2020 12:13:37 GMT
server
cafe
content-length
199
x-xss-protection
0
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
osd.js
www.googletagservices.com/activeview/js/current/ Frame 2D60 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1588787389460423"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
27856
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:37 GMT
w_640_001.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		333 KB
333 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_001.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
9dcdc83bf21b50a7a30e8628dc033e2505b134c8cd0dcf24823aed6534669d12

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:52 GMT
Last-Modified
Fri, 08 May 2020 09:12:05 GMT
Server
Tengine
ETag
"5eb52265-5336c"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:52 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
340844
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=16&serverTime=1588940015&s=0&sta=11010936&x=350&y=197&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=788378&mediaPlayListId=4637&playerVer=3.0.0&contentMatchType=&isExcludeFromOpt=0&cbuster=1588940017937&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:37 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
sodar
pagead2.googlesyndication.com/getconfig/ Frame 2D60 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
157046f7d0e38e6f3ef543131fb57bb5c8b86043ee63560a3593ab2f23cdb0d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5534
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 2D60 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gpt_2020043001&jk=4389465912116682&bg=!dHeld29YBcRWYNh4MkMCAAABaFIAAAAymQF1ql_hiqQQKwi7iftqFhWxSPFk35lnxE4AQrWCAYBlstbo0j_K169ylWApQBkosrbmErNpWT_kvVyhMq-IbfMxwRKL_F9hp6nif5vcmKNkIEBOu4HNUbFY1PykOOeN1dBSmBXs7sMGuZq4RVq8CiuWJbEO2AAJFsNqieGfAgdwx-bBFqSjv2USksihMZ2m44B1PHLT2JnHXKiYI9qY4OAhqUnjOhNwi1PL185w3fxygXvyhFAIW4acMz3iUo-81a3kDNTqvRW9KT0k_Wu1timJGwzuhw0mRL_ZJXn6lRTYNvpT3zvhAxJj_vaRrMKPFTBGlNkqSKyfLSCZic8hklQZGHbb9jV2cWOdGlUUZNbiJ8Q-Z7NzsASZ14v1_vIWUcU0zjwqe00AEZQSaT7SKXzhuWggSpalgqaiJYLYt7ASx6D4C7sVxdGj5r8EZKq43TZPV78o4EAls5Sg-zMil95SnF6fFVaB3ZunaonxR-PjetjKZMbycw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 1866 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8833c546d587207bcae52e2099722e5e258a6cae261e4632aee3ee00a3a7cbf0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame A876 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a34b1debb983f79507dbc0f8371d78efed2b2cf36f6b7860e61456b35e53ca5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5532
x-xss-protection
0
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=36&serverTime=1588940015&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=0&mediaPlayListId=0&cbuster=1588940018460&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:38 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 51CB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2545
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 1866 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:38 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame A876 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:38 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 1A43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2545
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 55BF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2545
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
w_640_002.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		317 KB
317 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_002.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
761a8324e7e7cc5c30715cd8d5139110fe53182a94166456e6e5c121044cc1c5

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:53 GMT
Last-Modified
Fri, 08 May 2020 09:12:05 GMT
Server
Tengine
ETag
"5eb52265-4f210"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:53 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
324112
X-Proxy-Cache
HIT
activeview
pagead2.googlesyndication.com/pcs/ Frame A876 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvKX4WaN1M5niNT9vMj0qvjC__Rt4AugJvrWQC3rU7d9ryIEd1_a-TCuRduxgdauo_vt0VOVijzELJvycY1kAoOHXOlLZzozNE1l41jaJA&sig=Cg0ArKJSzJ8FVr-XnaunEAE&adk=814543115&tt=-1&bs=1585%2C1200&mtos=1065,1065,1065,1065,1065&tos=1065,0,0,0,0&p=661,1068,911,1368&mcvt=1065&rs=0&ht=0&tfs=545&tls=1538&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1588940016947&dlt&rpt=561&isd=0&msd=0&ext&xdi=0&ps=1585%2C3645&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-9-12-8-8-0-0-0&tvt=1530&is=300%2C250&iframe_loc=https%3A%2F%2Fsafehaven.com%2F&r=v&id=osdim&vs=4&uc=9&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200506
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 86B0 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXUK2ckS4gL0V8JuH1Hub5Fp3L_LlzA2-AwGhiiePSYHVsKXB04dhir7krw1tCJXuJoix5DFdrI7I9ltUwfwEmw-b0pIJNqjwoZDzth88&sig=Cg0ArKJSzPF6PuGV35kSEAE&adk=3046793618&tt=-1&bs=1585%2C1200&mtos=1053,1053,1053,1053,1053&tos=1053,0,0,0,0&p=943,1068,1193,1368&mcvt=1053&rs=0&ht=0&tfs=464&tls=1448&mc=1&lte=0&bas=0&bac=0&met=ie&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1588940016955&dlt&rpt=417&isd=0&msd=0&ext&xdi=0&ps=1585%2C3645&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-9-8-8-8-0-0-0&tvt=1444&is=300%2C250&iframe_loc=https%3A%2F%2Fsafehaven.com%2F&r=v&id=osdim&vs=4&uc=9&upc=0&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200506
Requested by
Host: safehaven.com
URL: https://safehaven.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame D0C7 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8266ff74a01e3ee0f2ba62a769f60200dbf95e48c1b26968e7cd4cfe1c1eddf1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5479
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ Frame D0C7 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:38 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 86B0 		7 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20200506&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200506/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1cf61ad01722ac4cfb24a204a33127e9d28a12e47eb45bf518341957605bafa6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
5575
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 4FDF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2545
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 86B0 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 12:13:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582746470043195"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5456
x-xss-protection
0
expires
Fri, 08 May 2020 12:13:38 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/209/ Frame 0BBD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/209/runner.html
Requested by
Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/math-aids/b-0d4dfcb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/209/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
5727
date
Fri, 08 May 2020 11:31:13 GMT
expires
Sat, 08 May 2021 11:31:13 GMT
last-modified
Tue, 25 Feb 2020 17:32:01 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
2545
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
w_640_003.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		360 KB
361 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_003.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
d4f8f618b5ea26d134f3a21ea4d754f43ee936d8517133b80dcb6e7dea6d618b

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:53 GMT
Last-Modified
Fri, 08 May 2020 09:12:05 GMT
Server
Tengine
ETag
"5eb52265-5a0d8"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:53 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
368856
X-Proxy-Cache
HIT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D60 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=346686311625295&bg=!Xl2lXUVYvO2zOY6c2KMCAAABa1IAAABqmQF7_oVSSXPtWLf90ybp5KIc2E0r9l3as5mVnCmz-4KLNqfYqt6UXr_EPQfoYUKhqtBKH-m_nqWBbzJt-ycIOFQmRMBiXrlM1lilyvFH7e_C1Ni1qcQVpu3t8kSWVrnZx1ONxsJp_jvBLxR1-bns6dg4EuXsmvrIX4jd2J2pUuQmkE3mI2Y_otwOoubfCmmGte-5tWUEO-aubWD7JWyjdhMN8Nuu_GZKGDbqlE1nmxW4TT7BEPyLpkrKiwUVN3bqJHcKOU5q0c2wAjEIYhUO44v3YukP7yt0MNVtrYqYNnhBUEw87edCFsm4tFC-afl5NdUMeBWs7UXi5GnXwlOugyprCb6OYWCqC8Fo8Q0WypCZGpfXDPJs1I4wWWffOVR3Ey7x9wFlxliLDz0UdE2LvwzJi9SCecszrMSMhai3mxDDwZT1rW3dRjRlRTjvThshI_3XJG2SPGSdBY9ourHDIQnvox9c6Rm8yUVmETClE2zM2Hgmm_BvTpRTaYL_Cg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
w_640_004.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		351 KB
352 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_004.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
0bffe3a273c7f7839ba27081fcf7b2f241db645c7e93f20a1260b89eee76ac00

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:54 GMT
Last-Modified
Fri, 08 May 2020 09:12:06 GMT
Server
Tengine
ETag
"5eb52266-57d98"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:54 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
359832
X-Proxy-Cache
HIT
w_640_005.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		337 KB
338 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_005.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
eae511396b0f23a63d0595139d59e1859ba49c47dbe160bd56a8f055e4ed8acf

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:54 GMT
Last-Modified
Fri, 08 May 2020 09:12:06 GMT
Server
Tengine
ETag
"5eb52266-5450c"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:54 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
345356
X-Proxy-Cache
HIT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1866 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=3611683374944784&bg=!ammlaXFYEIWsOYlf90ACAAAB8lIAAAComQF7PbnJfDJqqrW_bZ9UMFT4aJ2kGtc9bSk-ZGsWqF2YIsFoeXLc9wiYl8ADfdmyIqumYUx7oTYAjO7hqW0fdPiT3b6OLM3pCqTpiwM5wL1e_EI-r6pP2TkoKRkGbQW6pzid9kH-VJvuXGZPJvEfF9fUHNwS1wSGyH8uua-SxmuLV_xbI143ekgGF8PPzYgCr1aJDylPEO5k8_WNVPWABWN3Z1yTv_pJw8gPPdobkUX7uUlwA54LsTuMEbnDVdBN2GaOSy6iDIAPgWDuA5ROC6WbwpjiwP8urpsAtN_CJTeRdbTvPQtVdEWW31aq7xTtGjrXo89rzol6w66O_BjYAK8GaDjKvSZ0F8sviX8l4NcrbnLPXNgnaM2xJ1o2Ngh4pyr4OyxtTedLmajpE8eAf03YW9st4ALXrQiwmLOohQAUFOj3aSvFHGl_EZ-LNGNhmlKLLYZgMK-Gw_sIj66qrl1LdtvKTWsYl_jx4mVd3uGYQ_oe9MO86pgcyMyWNw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A876 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=723020603681401&bg=!XF-lX0dY1N7UU1w4kJ0CAAAB7FIAAABrmQF7pkMxEs5wEnTX2HeHB8bLdKJxFRF0aQ_pWqlp38Srij6NaTuSzyMVSjcbWAJnOgYtC42iFMtA50K6W53buY-U7uM1ttChb3FS264KRMWv7CocZzuCApYqquvGVK290NjY5_P1f0EKuCBR8SsNytMB4-pQ3XL8fiEPtAz2ItxcbipfkkdwVThCVF6-eDVM9_-uO77VCGHwEH5P0Xzk9CW26rI0wQbFok4p-InfZeNeCzhkjgkoHohA_8HDDd4Yi8kLg9RJZ9qx766dt-y43JTedsb7d5goEXMI_YTtxfRe4zXt7yfOy4_oSyqdjpQbyqigzWcaszxkVxz_9pHSTFgMjf44rGLkGUNd8RftXJ6WhqbtPV1n5vbUm8dg5W1YWxDm9s0coPGAsqNNiI9vP-oYLZDcXfeQlkN7BwRl2C0bIyJc15AYIS7IEdMc-10kONV4F9U8OH53nUZZufnnVYqL8Lrr299-agrL9fmMAxhYTgRxgjKF0KcR-kMq1Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2000891.html
serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/ Frame 477D
Redirect Chain
  • https://sync.serverbid.com/ss/2000891.html
  • https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.216.42 Phoenix, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

Host
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Date
Fri, 08 May 2020 12:13:39 GMT
Connection
Keep-Alive
Cache-Control
max-age=30778
Content-Length
4947
Content-Type
text/html
Last-Modified
Wed, 20 Nov 2019 20:29:05 GMT
Accept-Ranges
bytes
ETag
"1b0ebac83fe30af80513039edbdf566f"
x-amz-request-id
tx0000000000000175761a8-005eb473ad-351f149-nyc3a
Strict-Transport-Security
max-age=15552000; includeSubDomains; preload
Vary
Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW
1588940019.dop045.pa1.t,1588940019.cds026.pa1.shn,1588940019.dop045.pa1.t,1588940019.cds030.pa1.c

Redirect headers

status
302
content-length
0
location
https://serverbid-sync.nyc3.cdn.digitaloceanspaces.com/ss/2000891.html
cache-control
no-cache
showad.js
ads.pubmatic.com/AdServer/js/ Frame 94AE 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.32 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-32.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Host
ads.pubmatic.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
KTPCACOOKIE=YES; pi=159196:2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Tue, 14 Apr 2020 10:27:52 GMT
ETag
"13006b6-a4bb-5a33da6f1a023"
Server
Apache/2.2.15 (CentOS)
Accept-Ranges
bytes
Content-Encoding
gzip
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length
15243
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=114189
Expires
Sat, 09 May 2020 19:56:48 GMT
Date
Fri, 08 May 2020 12:13:39 GMT
Connection
keep-alive
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame CB34 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.78.125 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host
eus.rubiconproject.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Last-Modified
Thu, 23 Apr 2020 20:31:59 GMT
Content-Encoding
gzip
Content-Length
9125
Content-Type
text/html; charset=UTF-8
Cache-Control
max-age=35020
Expires
Fri, 08 May 2020 21:57:19 GMT
Date
Fri, 08 May 2020 12:13:39 GMT
Connection
keep-alive
Vary
Accept-Encoding
pd
eu-u.openx.net/w/1.0/ Frame 765B
Redirect Chain
  • https://eu-u.openx.net/w/1.0/pd?plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
  • https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.185.0 /
Resource Hash

Request headers

:method
GET
:authority
eu-u.openx.net
:scheme
https
:path
/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://safehaven.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
i=d141bc93-554c-0e8a-1ad8-4e6783258988|1588940019
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

status
200
vary
Accept, Accept-Encoding
set-cookie
i=d141bc93-554c-0e8a-1ad8-4e6783258988|1588940019; Version=1; Expires=Sat, 08-May-2021 12:13:39 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1588940019|mOgikimWiygu; Version=1; Expires=Sat, 23-May-2020 12:13:39 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.185.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Fri, 08 May 2020 12:13:39 GMT
content-type
text/html
content-length
374
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

status
302
set-cookie
i=d141bc93-554c-0e8a-1ad8-4e6783258988|1588940019; Version=1; Expires=Sat, 08-May-2021 12:13:39 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None
server
OXGW/16.185.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://eu-u.openx.net/w/1.0/pd?cc=1&plm=6&ph=e1b1f5e1-3c2c-4287-9806-317cfbf3bd12&gdpr=1
date
Fri, 08 May 2020 12:13:39 GMT
content-length
0
via
1.1 google
alt-svc
clear
async_usersync.html
acdn.adnxs.com/ib/static/usersync/v3/ Frame A944 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by
Host: qd.admetricspro.com
URL: https://qd.admetricspro.com/js/safehaven/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
72.247.225.17 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a72-247-225-17.deploy.static.akamaitechnologies.com
Software
nginx/1.9.13 /
Resource Hash

Request headers

Host
acdn.adnxs.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://safehaven.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://safehaven.com/

Response headers

Last-Modified
Fri, 20 May 2016 02:07:09 GMT
ETag
"573e714d-3e3"
Server
nginx/1.9.13
Content-Type
text/html
Vary
Accept-Encoding
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Content-Length
506
Cache-Control
max-age=31536000
Expires
Sat, 08 May 2021 12:13:39 GMT
Date
Fri, 08 May 2020 12:13:39 GMT
Connection
keep-alive
sync
pixel.advertising.com/ups/56465/ 		0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/56465/sync?_origin=0&redir=true&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.106.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-106-47.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Fri, 08 May 2020 12:13:39 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
current
aol-match.dotomi.com/match/bounce/ 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aol-match.dotomi.com/match/bounce/current?networkId=60&version=1&nuid=1A57cec134-9125-11ea-8094-123c39a1c2a0&gdpr=1&gdpr_consent=&rurl=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55853%2Fsync%3Fuid%3D%24UID%26_origin%3D0%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1370 , Sweden, ASN41041 (VCLK-EU-, SE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
sync
pixel.advertising.com/ups/55965/
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-NcBg8UA4xqUFp.gif?idmatch=0&gdpr=1&gdpr_consent=
  • https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OLoZMTm8HTcgvhgyOepWMT3oTTcg7x5gbrpugRSt
0
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OLoZMTm8HTcgvhgyOepWMT3oTTcg7x5gbrpugRSt
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.106.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-106-47.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Fri, 08 May 2020 12:13:39 GMT
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:39 GMT
Server
QS
Strict-Transport-Security
max-age=86400
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location
https://pixel.advertising.com/ups/55965/sync?_origin=0&gdpr=1&uid=OLoZMTm8HTcgvhgyOepWMT3oTTcg7x5gbrpugRSt
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 04 Aug 1978 12:00:00 GMT
generic
match.adsrvr.org/track/cmf/ 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aoladtech&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.250.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-77-250-219.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
200
cache-control
private,no-cache, must-revalidate
content-type
image/gif
content-length
70
gen_204
pagead2.googlesyndication.com/pagead/ Frame D0C7 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=200796105327949&bg=!enmleWFYEIKTHe3o-XoCAAABzVIAAABZmQF7DRZiqAPIpHwz7_Y5vZ9TSMHxCx9y075Kc1vyjQFH8TyCM1MBhCNQBOZwKUdyfV_QPvTlDmqcH-Z2HMbIhNY8LSYDfG6kvuQFCzdfxIrDfdNzNM_8gp_4tFgJ7hPa6gKZkVydW47vyyKM47YhD8CxPPLquY4KTMGssaljUxTy3oIi9JpJWwtnrqrvmznaWG0p9oMKKYBzXDAC5pLbN01ZkmYZUbKs9Tpc5TsHlLw1mY3RtYeHVFf71R5bL9Edv6agSlJj9VLq2ecpPIOiOOYMlXT2uaESUJgWhqT65DQx2nLQtf3XkkX6pggQTpsDXHlKtiWJwgl8kt3DAtdW-Lr-VNw6X0CkYhEkEU4XFGppP3J2efwhxWsVnbLwvX6SyY4lIAAxt6CcXP8-YGZRBe96tkzL6FN10MkruoUtNxaFxO2FvSaFFVR4Q9Gg-B0j5K-V2CKJ-V90L5L1Au8Xg8UZPVDz4h3cB7vkIQ-WdX-oGhZNoxtOVr7vdn3UVA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 86B0 		0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=209&t=2&li=gda_r20200506&jk=2714834117011205&bg=!g4ClgJhY9XvDEKA2k4ICAAABTlIAAABPmQF7snnBGfdm-PIMSa8SyX6ACPeBYxyPMDQ2yFWQNJE6qY9HWBIzNQW4abSMvgYGLE8EJMUSIxrGgmW84rhH7CxEcba9sjysRShiYXIYRcf4OvxhX6g5UVF-h_rVfojmP2qPVgDNGms9kByqsP0lKIvoXRwX9Kk0AEHIVlgCRjXNRiSUEjPPAWi6ZSPgHH6frNkFNrmk__F8o6QjzmuBw7JhpoMCQTPah3OVCbWv-GTwLTLUgZkCiT5utfYyVLHU2IKtrLIbVrIbcsuEfkdb9E9jeb6IGJuo0TR05NGSsTnojfCGWnZaSWOO16Eq9CNb4fYBU67cmpMRBK0VVzhKhRCphApT5O774qMXo1aBpFnJ7hl2AElCCbaAQWXE8nJTuM7lR9D0O2FPIxeoxE6eqLrFclbBsvQVpunYDIoTQ2BKMaeWCNCg9WSAEqf0BfLH_WE6mChhnTUik3NIUilxEC4aX0ffViw4Ia_X8WsDcEUn5LEzQkKSZJBM8MwrzQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 May 2020 12:13:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1588940015&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1588940021398&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:40 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_006.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		339 KB
340 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_006.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
1cab0468a17863ff221f656527f6fa55d6d9190ab05f27d6603e082fae16bb50

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:12:58 GMT
Last-Modified
Fri, 08 May 2020 09:12:06 GMT
Server
Tengine
ETag
"5eb52266-54d20"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:12:58 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
347424
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=25&serverTime=1588940015&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=0&mediaPlayListId=0&dur=1000&cbuster=1588940026150&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:45 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1588940015&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1588940026400&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:46 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8
w_640_007.ts
video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/ Frame 485A 		344 KB
345 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.sekindo.com/uploads/cn13/video/users/hls/24485/video_5b4c8dbbc9a66557872002/vid5eb520d45c646066411871.mp4/w_640_007.ts
Requested by
Host: live.sekindo.com
URL: https://live.sekindo.com/content/video/hls/hls.0.12.4_1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.167.97.84 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
Tengine /
Resource Hash
68a006112d2811872b3b6b47e68c378280700a45c61bb3951deb632044b61f4f

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 12:13:04 GMT
Last-Modified
Fri, 08 May 2020 09:12:07 GMT
Server
Tengine
ETag
"5eb52267-560f4"
Content-Type
video/mp2t
Access-Control-Allow-Origin
*
Expires
Fri, 15 May 2020 12:13:04 GMT
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=25
Content-Length
352500
X-Proxy-Cache
HIT
liveView.php
live.sekindo.com/live/ Frame 9FE7 		0
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.sekindo.com/live/liveView.php?njs=1&ito=1&vid_event=42&serverTime=1588940015&s=98755&sta=0&x=400&y=291&vid_passDomain=safehaven.com&subId=safehaven.com&debugInformation=&isApp=0&userIpAddr=82.102.19.136&userUA=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F74.0.3729.169%20Safari%2F537.36&csuuid=5eb54cef8d403&contentFileId=0&mediaPlayListId=0&dur=500&cbuster=1588940031403&gdpr=1&gdprConsent=&isWePassGdpr=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
63.250.56.23 , United States, ASN41436 (CLOUDWEBMANAGE-EU, GB),
Reverse DNS
Software
nginx / PHP/7.3.17
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://safehaven.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 May 2020 12:13:50 GMT
Content-Encoding
gzip
Server
nginx
Age
0
X-Powered-By
PHP/7.3.17
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Type
text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
adserver-us.adtech.advertising.com
URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051297/0/0/ADTECH;apid=1A57cf07c0-9125-11ea-84af-122675b00be4;cfp=1;rndc=1588940016;v=2;cmd=bid;cors=yes;alias=55a3fb1570b536c;misc=1588940015268
Domain
adserver-us.adtech.advertising.com
URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051300/0/0/ADTECH;apid=1A57d6ee4a-9125-11ea-9741-12fd82435158;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=568e12dd7c37716;misc=1588940015268
Domain
adserver-us.adtech.advertising.com
URL
https://adserver-us.adtech.advertising.com/pubapi/3.0/10927.1/5051299/0/0/ADTECH;apid=1A57d739a4-9125-11ea-813c-1212911483a0;cfp=1;rndc=1588940015;v=2;cmd=bid;cors=yes;alias=5700dcd05a6a1d;misc=1588940015268

Verdicts & Comments Add Verdict or Comment

213 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| F3A07a function| F3A07b object| xop function| 2pkv9xhkcg0 boolean| vjk7ey1xlog object| 69h0d6c17uo number| kPrebidTimeout number| kRefreshPollTime number| gRefreshCount number| gOXRefreshCount boolean| gRefreshDebug boolean| gPrebidDebug number| k60SecondRefreshInterval number| k90SecondRefreshInterval number| k120SecondRefreshInterval number| k180SecondRefreshInterval number| kDoNotRefresh number| kDefaultRefreshInterval object| gSChainNodes undefined| gGDPR_forceLocale boolean| gGDPR_silentNoConsent boolean| gGDPR_forceNoConsent string| gGDPR_logoURL string| kAmazonPublisherID object| ad300x250ATF object| ad300x250BTF object| ad300x250BTF2 object| ad728x90ATF object| ad728x90BTF object| ad160x600BTF object| ad300x250ATFM object| ad300x250BTFM number| gBrowserWidth object| desktopAdUnits object| mobileAdUnits object| gAllSlotData number| gAllSlotCount object| OX_dfp_ads number| minWidth boolean| disableBids object| googletag object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleTokenSync number| google_srt function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter undefined| google_measure_js_timing object| __core-js_shared__ object| core undefined| __cmp number| districtmMethod number| districtmRatio number| districtmHeaderTimeOut number| districtmRetryTimeOut number| districtmMaxTimeToTry object| districtmSsp string| districtmCurrency number| districtmAlone number| districtmCurrencyRate object| districtmAllowedSizes number| districtmAppnexusMemberId number| districtmPubmaticPubId object| districtmEasyMap object| districtmExtSSP number| districtmTieBreaker number| districtmMemberId object| districtmCurrencyObject function| cygnus_index_parse_res number| districtmStart number| districtmStop boolean| dm1x1 boolean| dmNeverCall number| districtmExec object| districtmBids object| districtmHeader object| dmWidget object| districtmGA function| pbjsChunk object| pbjs object| _pbjsGlobals object| gRefreshSlots object| gRefreshIDs object| gRefreshTimes object| gRefreshIntervals object| gThisRefreshIDs object| gThisRefreshSlots boolean| gInitialLoad object| gPBJSTimeoutTimer object| gAmazonSlots object| gAmazonBids boolean| gAmazonBidsBack boolean| gOpenXBidsBack boolean| gPrebidBidsBack function| amp_getBidsForAllChannels function| amp_dumpTable function| amp_getBestBids function| amp_dumpBids function| amp_dumpWins function| customOxTargeting function| openXRefreshCallback function| sendAdserverRequest function| checkIfAllBidsBack function| amazonBidsBack function| pbjsBidsBack function| bidsTimeout function| sendBidRequests function| amp_refreshAllSlots function| amp_refreshSlots function| refreshAdSlots function| injectReportAdStyles function| addLoadEvent function| insertAfter function| configureAdSlot function| getCookie object| apstag function| fbq function| _fbq function| $ function| jQuery object| _pcq object| cookieconsent number| inc_adnxs object| districtmManualMap object| viewPortSize object| debugIp object| debugId function| constructsekindoParent564 boolean| apstagLOADED function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| tx5KXa function| tx5KXb function| xblocker object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| e894ua function| e894ub function| xblacklist boolean| _pc_loaded object| PC object| VWO object| _vwo_exp_ids object| _vwo_exp string| _vwo_server_url object| _vis_opt_queue function| bowser object| __pc object| _pushcrewDebuggingQueue object| _pc_u boolean| ecomEventsInit object| _pc object| convertflyQueue object| pctracker function| _pc_s function| menu_underline function| scrollWin function| dump function| addOption function| removeAllOptions function| externalLinks function| country function| hidelinks function| loginFocus function| featuredArticlesHeight function| bottomArticlesHeight object| jQuery1123002892755514744394 function| cb function| raf object| om1720_20987 function| om1720_20987_poll function| setImmediate function| clearImmediate function| OptinMonsterApp boolean| om_loaded boolean| sekindoFlowingPlayerOn object| _omapp object| omypn7xhmhxnjlaszpxc0g object| omru7bsdyie8pylnzonrms number| __google_ad_urls_id number| google_unique_id object| WebFont function| MobileDetect number| height_diff number| margin_height object| ampInaboxIframes object| ampInaboxPendingMessages object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| GoogleGcLKhOms object| google_reactive_ads_global_state object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| google_jobrunner object| google_image_requests

4 Cookies

Domain/Path Name / Value
.pubmatic.com/ Name: pi
Value: 159196:2
.ads.pubmatic.com/ Name: KCCH
Value: YES
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.safehaven.com/ Name: _fbp
Value: fb.1.1588940016426.2003901278

24 Console Messages

Source Level URL
Text
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-ATF div-gpt-ad-1553475674669-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF div-gpt-ad-1553475817787-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-300x250-BTF2 div-gpt-ad-1553475909622-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-ATF div-gpt-ad-1553475988342-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/layout.js(Line 288)
Message:
OpenX Slot defined for /192633929/safehaven-728x90-BTF div-gpt-ad-1553476044183-0
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 3)
Message:
CMP: Locale=en-us gdpr= false
console-api log URL: https://qd.admetricspro.com/js/safehaven/cmp.js(Line 3)
Message:
GDPR is not applicable, skipping initialization of CMP
console-api log (Line 3)
Message:
ENGINE: gSChainNodes found, prebid configured with 1 supply chain object(s)
console-api log (Line 3)
Message:
Initial Ad Load
console-api log (Line 3)
Message:
sendBidRequests() gPBJSTimeoutTimer=null pbjs.adserverRequestSent=undefined
console-api log (Line 3)
Message:
Amazon bids returned, count=5
console-api log (Line 3)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log (Line 3)
Message:
pbjs bids returned
console-api log (Line 3)
Message:
gPBJSTimeoutTimer cleared
console-api log (Line 3)
Message:
sendAdserverRequest(): pbjsBidsBack
console-api log (Line 3)
Message:
sendAdserverRequest()
console-api log (Line 3)
Message:
pbjs.getAdserverTargeting: >> Amazon >> Prebid
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
pbjs.getBidResponses:
console-api log (Line 3)
Message:
[object Object]
console-api log (Line 3)
Message:
gThisRefreshSlots=
console-api log (Line 3)
Message:
[object Object],[object Object],[object Object],[object Object],[object Object]
console-api log (Line 3)
Message:
sendAdserverRequest(): ---> Calling googletag.pubads().refresh()
console-api log (Line 3)
Message:
console.groupEnd

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.optmstr.com
acdn.adnxs.com
ads.pubmatic.com
adserver-us.adtech.advertising.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
aol-match.dotomi.com
ap.lijit.com
api.omappapi.com
c.amazon-adsystem.com
cdn.districtm.ca
cdn.districtm.io
cdn.pushcrew.com
cdnjs.cloudflare.com
connect.facebook.net
csync.loopme.me
d1o9e4un86hhpc.cloudfront.net
d2p6ty67371ecn.cloudfront.net
d2t794khe5w43b.cloudfront.net
d32r1sh890xpii.cloudfront.net
dmx.districtm.io
e.serverbid.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hbopenbid.pubmatic.com
ib.adnxs.com
live.sekindo.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.quantserve.com
prebid-server.rubiconproject.com
qd.admetricspro.com
safehaven.com
safehaven.com.admin-eu.cas.ms
secure.adnxs.com
securepubads.g.doubleclick.net
serverbid-sync.nyc3.cdn.digitaloceanspaces.com
stats.g.doubleclick.net
sync.serverbid.com
tagan.adlightning.com
teachingaids-d.openx.net
tpc.googlesyndication.com
video.sekindo.com
web.hb.ad.cpe.dotomi.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
adserver-us.adtech.advertising.com
104.109.78.125
104.16.190.66
148.251.129.84
172.217.22.34
178.128.135.80
185.167.97.84
185.64.189.112
2001:4de0:ac19::1:b:3a
205.185.216.42
206.189.254.17
216.52.2.19
216.58.212.130
23.111.11.100
2600:9000:2070:ae00:10:4f52:7800:21
2600:9000:21f3:5a00:17:eca0:da80:21
2600:9000:21f3:7e00:c:5250:79c0:21
2600:9000:21f3:b000:3:442:6dc0:21
2606:2800:233:97b6:26be:138a:cba8:bb01
2606:4700:10::6814:3677
2606:4700:3037::6812:2030
2606:4700::6810:84e5
2606:4700::6810:85e5
2606:4700::6812:633c
2a00:1450:4001:800::200a
2a00:1450:4001:801::2001
2a00:1450:4001:808::2002
2a00:1450:4001:809::2008
2a00:1450:4001:809::200e
2a00:1450:4001:814::2003
2a00:1450:4001:814::200a
2a00:1450:4001:819::2004
2a00:1450:4001:81f::2003
2a00:1450:4001:824::2002
2a00:1450:400c:c08::9a
2a02:fa8:8806:12::1370
2a02:fa8:8806:16::1460
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.95.120.147
37.252.172.36
37.252.172.45
52.155.161.91
52.222.182.108
52.222.182.84
52.222.191.80
52.57.106.47
52.57.217.231
52.59.50.21
54.201.238.66
54.77.250.219
63.250.56.23
69.173.144.140
72.247.225.17
72.247.225.32
91.228.74.183
00d4fbacbadc6ecbd73be323ec77febf3d856ce00dc5334d06462a315c7da8e7
03f1965f652a75d06042e823a86b8b1a6502b78bafcf54169d6ea31db16bf441
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
064e739a77f7623ba98eb109804d6d70d0773ee7be25f8a7d72e580fff406aa4
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0875862efc0b3318a2104d27726d71f6f61d95a6e04ef6becb2793e66b2bc27a
0bffe3a273c7f7839ba27081fcf7b2f241db645c7e93f20a1260b89eee76ac00
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0fac0bb93602e6f7d448fab3c2e880bf4fd57a7774dd930c4e58865beca4598b
10312446516e607af468800c11a482b77848a0921367b600637088c90c2a03b1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1253753b607cadf62c8dd095b09364e9074b0561bb9e5bedc2900a40d01296bf
143bfa4037e59e226fe716343ad9f20238f6a954f286f7924ebcc0efe7637363
157046f7d0e38e6f3ef543131fb57bb5c8b86043ee63560a3593ab2f23cdb0d7
173bf971478c26c62d39568f01aba75e836f04fe65b35d755803382abea7e5f5
18cada9261c4f9c200316900d6ab365a430781e234591b7032028bdb2bad7192
1bde7bc867e9c19a6f6134b4bf63804a9708ec5abc4929715b1efb74b20a9180
1cab0468a17863ff221f656527f6fa55d6d9190ab05f27d6603e082fae16bb50
1cf61ad01722ac4cfb24a204a33127e9d28a12e47eb45bf518341957605bafa6
1f55c300c75dca148e4cc89dca18f72792cdf02ef36b35e2e4dd9cc91f388741
203c53e92c4994351bfcb37003059ba3a9bd041580a8271e7881f03bbc061fcf
2531e515d47b88300e3c5e3a91d5d22a292bdfdb6cec2e6399090bd9545ba92c
267de44d3e0da48ea910544cc6ae698dc28c977de6cb7baf62a4913765f49a2b
268b2c4921b25753799dda461998bb5c1f8d14a18769b4fe5f51a9cfb6312f0a
26a445e5f69c9ee7552b52be4bf7293fd39ff7827562bc2d2a26aca7a2055142
2886cb37ae9565ff853f695f1dd901549ef29661d21f4a9633d544bf8dd7c757
29bb72af92ce3a332ed2315043b17307ae458d3e3b7e24db3bb47417d6e433f8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2c167f4042d1338b33e2822f3b3dca3646bffcac14747d934c50794192dc3c2b
2c403308659da12092fe74f50390db4e2523bbc5dfe2f8d69d99ecd8d22334fd
2e14464924e0301cda997640b9918eb65cca0c896a4610e0b35101975b013adf
2f1dccde57c713fe154c8da92f8d4b312373c2a055a0a9d822c6042b0176eb8d
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
30a116c1c7e4fe1f52ed83a94155582ba3203e00e264cbad99267f180bc812e4
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
370f89f6ebcec94f6a529911989dc8cd601a3cf2795b36cc3b5ba92fae8af47d
39ac46b13bedb7f0fdf649e1b604d551d1070130f08b8bfe74583bde4cc4ebbd
3d934bc80fa57d4a2bdc380c77cbf780b38e82c56c4f4532ab266e88e1a94d73
3f37cb8f3a3ad5b80d21d50929742a855b9f58c05d161391b2699571804971f2
4008c399421c2f1282faf06b2631a925629c9fb9bdfa56b972bb8754d829be47
40fddc2a37b32e799d931b5bf87c338cc2eaf4be9591afb587e0ccb565f4fd65
42b3fc91a1ad52d699828c32fab5b6c562dd9b6e7f287bd300b589a9f010a60a
4477dd6cbad78ef9acc3c17095843a20dd110fe9adccea64a6db0b87086fdd81
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
459edf69ef6408bbe3f9dfd06a27d1f543bdbcd7196f893eeb88b6aa5db2d35c
4af00ba1a8bb2dd1374c5d434a9e0869343c8ea57922fdae7a53df4cf8bf40e4
4cb61e44bf63a9e090e666898cd04d382e4c33b55b62cc5e9ff7dab055fbf787
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f6a0f2ed3d7266da65abffc40108aff7ec33d6d63a020893de90235e66dc78f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
55e4d1770f37b9819d263396045786cf66706c25ef6c391ccabcc93a78c1f7b0
561e6451b332757d5b4ba03bfad62c4af46d21288ad13a83dd134f13c78b10b9
579d29f71b15657f86363fa09f655d4f41e3023e9601e46d81f56010eef88844
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5c8b3abfc048dad503e3e5a62c1518c4c0e933389e46f8339990b12c4deb9213
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5fcfe016fdfa44faab867329d353024c109f4456d71b83a6bd07af118f0e9994
62e5d5f4a0db067e567962cfe7b9b938e4a0b6a7c5cc2c72f822caad1d5388f9
65a1850028118c64febbde9b109da293910bfff6ee261caf0087d3d3364359ba
6610647c9a66faa8333614680765ecc14236e66c2ce569c837101fed800deded
6769cb764951b70dd99e89f033efae1b5e4e9b2e115318a96ff986718d655a68
68a006112d2811872b3b6b47e68c378280700a45c61bb3951deb632044b61f4f
698d12a9d9db36a7923a575fa49645417817d415d534c73592669d568d986d79
69a3831c082fc105b56c53865cc797fa90b83d920fb2f9f6875b00ad83a18174
6d40fc6a27a558f6f09b142ba587591cfe9d4f86ab0fd015a0c39ae9fb90e8eb
6f7aa5dfd1c09d9e48906ac4a86bb8d2335685bd7dfaeff60005cfb7d4d257cc
70a78dd71a85c1895021f976541b5fdb7e1f345dbd0a17510b1a82ae354eec78
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
76102878c1198de858725194952ba1c6b35bdee0f870cc6a124e93d17385e64e
761a8324e7e7cc5c30715cd8d5139110fe53182a94166456e6e5c121044cc1c5
76c828df931848541d008f5df340db07e1fd29788cd50f9f86198c9c452fdc9f
76e31e4a531b1b8d35570016e89fa8fdbf86f1ad8b47b5d487cd3b7528801b89
78635c958f3dc562b11ee005d4d129be4272ca39f5b4e9bd7216fdb457568747
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b9a3920c68d1c803f5b5b1dbb23c54aa648fda94edb3e064ea688f26aa7dfa9
7c79ada16090cc7e94af116173695bfd88da9efe580f89749e1160ba9d49c54c
7d0492c66125b1c2bdc419641e41542857e7d90e323d355ee0b8bb268da121fb
7fd17f9a9030c1e0cf69a0626cfe8ad7cd63e1fda84a5ba25b7f3bb9fec64e70
813628535187fe19c6e20047ec1987cb69c53a0fdc33b3bec28d2876a683a6d9
8266ff74a01e3ee0f2ba62a769f60200dbf95e48c1b26968e7cd4cfe1c1eddf1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83df4aa4147870d1ba36e2e85617224cca5d2e15bcbbf6e33358243fab52a8b6
856ebd974805a315c6419b50ff68e30ca94f384415d85af8c56cbb5479f3faa8
8833c546d587207bcae52e2099722e5e258a6cae261e4632aee3ee00a3a7cbf0
8a591b125bab07a5b0a5fe290fe15165c2860f3935b7933b03f6ea0368611a1f
8c17613217b11da7589afe53aa138606274ad5c49d5638d5275b5ab4bbd76dcb
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8fddb86536b524fd5d0a74b64b88c8b5e6b10b8b9f19e68810b81684cfa1994b
903eb8f1cc364e01930ba03579f049a72794aa91d1a5842a2edb6365e436bb7c
94825a38fe05eb8161707b3783b7ad8e3405d2b9cb6a4e8b2e3c2390dedba33a
95db8a9b223e23289fdaca9a64bceddf52771d09ab7fabf6f72fa450c414810e
9670ff323d7cf4d6cd9961af0cd668db30f323daf329e46f7bf809b1c57a84f9
968f52680af792b0d892af779cdfc6a197c35698450088340c6a471b2e056a7d
96a1afb1b91fa08558e5a5eb58c0497a7ae508c4d2134fda29fbb66df408168e
993ebc45d9927d420801f05819222e8cc1aa523187e4c0b290df02b23ce18093
9a678c6f006c27cbf26080c0660956e7fb24988a9a2c91283aad6fc8d234c350
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
9dcdc83bf21b50a7a30e8628dc033e2505b134c8cd0dcf24823aed6534669d12
9f40f7297122393e1425eec62e78a75c3211f7ad3f6b09a356aa317fcedc2cf3
a02d73c04b6f00d2484cd44c0be9e20f6b9f7d4546efd517263a95d25ccebe2d
a02e6cb846a5e7a2d7f10a40c60be5d5f6bf9f432e994e688990712714cd4eb0
a032bc143a0d78657b8ef39bd54084bfe9d5857f89cede4e17029bf6b7b08c91
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a34b1debb983f79507dbc0f8371d78efed2b2cf36f6b7860e61456b35e53ca5f
a47f17d6ebbf4621d8fe87ab790d8d8fb5c3086629194d9ff2d64faaa6e46ab6
a492f8c0fdbb910dbabf2370b67bcd120f5c82f974104e30c9307f152c2025c1
a837fab08c038562b05eb2eb81c1c340c8cd2762d2c43d5e3bb26c2980fc9bfb
a96de9b5cab3a965483ca1974e4c89f6e16b77ce6aa09ec9b58921a3da0778cd
aaf45a172ec90c76bcecd61c68d998c2256fe9b1700371e80011d1161c5ab629
ab94e116a884648a890f180df115df335536ec84adfe7edb4de3178b2185e3d1
ace61d80f3fe90bbb02ab328d9705b57a9c8a95d3a0bf6b4cd510d4dacd033df
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b028c2df0b60ae6849af0ddee92ff49d080d5cf91041bae321397f5bb046d1e9
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
bcf391dd0b006a87698ac0894d71039d610480913d24fcdaa1f2fdeeeda943e3
bdaa0a5953cfaaf9abed9e2152ae1255928062363fc018c57575d5f39ee12e29
c1cfce5a4dacb4a40ca0c6a300bbff43d6ea6a8570e5dc2419b8c5e28f57a9a3
c54aa0d4f9dea350f780a74d277f1facff0094b5f23d62483ae9bb7354a29fe8
c73e66343b58de4ecf1646d9910e95de94f4286795ce2a2c7ed7efacf6b60e63
c8b44595b56b3899377b8e6d50e2f5f314055225a82c5474dd12bae8a2911ebd
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d1f25cbabfc5855c96e1de616d03d0912a14db19cb4ac496b8c8c7f0a0be3dd8
d4f8f618b5ea26d134f3a21ea4d754f43ee936d8517133b80dcb6e7dea6d618b
d51666e314361b7739359e6e1a39bd50ef39c0fdc710171f3383df569fdc6dfc
d72afc407a3d6289f8150ea724ffd9ef215084236cfb6c831a3d91f136cda7ab
d847475ca969f76b8f8421c4150f23fbe5bef200839b80481b845a6ccdd6e86f
d8d4cd94814ce2f48eca1be92f88ed035ad47544d56d18b5b19f12ada7b33f08
d9c80f88c3b68f5aa70d72e6cc3ee2b63c7304ae2d7d5a0699b2fde98d4e1100
df1cc68953b66dc9da4a1e666ad0fd6e992422256708c1ee4146729d00f738fd
e1c3c2dafe2208caea4f809f414a89a9d256deb8671e1c5d49bff9a873782796
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78eb6051a41b3ff2fc7b969bfbe9bdd3092b705bb3fed550c85c8c3e7025293
e9d44c35939572d662858a3b8dd791268710f25e9e030851fb974326092be23f
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
eae511396b0f23a63d0595139d59e1859ba49c47dbe160bd56a8f055e4ed8acf
ebcbd416dce4983b194431a61a1b40209efab2f2a682ba19006edd2a941f20d5
ed5eb4d1707f18429fad9c095555e3f20a6634778f2987e3f85f189007333a60
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f005062f62e55ca808ee1eaf4920372d1173dfa35b1c52a64ee22de27cd8a458
f43d2cf395827366eb0b0ae06b9cc2446cd50b8cb198ad918bd550591c9e9571
f57d00bd61c7d482bfaa474197e9ff250cc8528bdbd35d17841315b709c87618
f9dd535864c28f0f4812ac3892f23cdd50a304d542d290a10518b31df09bc62c
fd75dfc55754771b904c39e575bc69d205fcc1789860d1cf0e4b6dd975d0466d