dearevanhansen.com Open in urlscan Pro
141.193.213.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dearevanhansen.com/
Effective URL:
https://dearevanhansen.com/
Submission: On June 27 via api (June 27th 2022, 6:36:40 pm UTC) from GB — Scanned from GB

Summary HTTP 52 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 5 countries across 18 domains to perform 52 HTTP transactions. The main IP is 141.193.213.20, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is dearevanhansen.com.
TLS certificate: Issued by R3 on June 7th 2022. Valid for: 3 months.

This is the only time dearevanhansen.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	141.193.213.20 141.193.213.20	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
5	2606:4700::68... 2606:4700::6811:e04e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	35.196.203.130 35.196.203.130	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.135.85.6 18.135.85.6	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	143.204.89.26 143.204.89.26	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
6	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
3 4	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
3	34.107.173.171 34.107.173.171	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
52	22

11 141.193.213.20 (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

dearevanhansen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:e04e (United States)

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.196.203.130 (North Charleston, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 130.203.196.35.bc.googleusercontent.com

dearevanhansen.wpengine.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.135.85.6 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-135-85-6.eu-west-2.compute.amazonaws.com

widgets.tickxcore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.89.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-89-26.fra50.r.cloudfront.net

widget-cdn.producer360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.166 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

11800103.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.173.171 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 171.173.107.34.bc.googleusercontent.com

consentag.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

i.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	dearevanhansen.com 1 redirects dearevanhansen.com	117 KB
6	doubleclick.net 3 redirects 11800103.fls.doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 119 ad.doubleclick.net — Cisco Umbrella Rank: 189	3 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	20 KB
5	fonts.net fast.fonts.net — Cisco Umbrella Rank: 3151	48 KB
4	google.com www.google.com — Cisco Umbrella Rank: 8 adservice.google.com — Cisco Umbrella Rank: 92	2 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	38 KB
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 2765 adservice.google.co.uk — Cisco Umbrella Rank: 4608	1 KB
3	consentag.eu consentag.eu — Cisco Umbrella Rank: 31902	8 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 96	426 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 107	52 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	109 KB
2	wpengine.com dearevanhansen.wpengine.com	103 KB
1	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 745	632 B
1	ctnsnet.com i.ctnsnet.com — Cisco Umbrella Rank: 4280	711 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 126	15 KB
1	producer360.io widget-cdn.producer360.io — Cisco Umbrella Rank: 414857	115 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 89	64 KB
1	tickxcore.com widgets.tickxcore.com — Cisco Umbrella Rank: 518975	956 B
52	18

	Domain	Requested by
11	dearevanhansen.com	1 redirects dearevanhansen.com
6	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com dearevanhansen.com
5	fast.fonts.net	dearevanhansen.com fast.fonts.net
4	cdnjs.cloudflare.com	dearevanhansen.com consentag.eu
3	consentag.eu	www.googletagmanager.com consentag.eu cdnjs.cloudflare.com
2	ad.doubleclick.net	2 redirects
2	www.facebook.com	dearevanhansen.com
2	adservice.google.com	11800103.fls.doubleclick.net
2	www.google.co.uk	dearevanhansen.com
2	www.google.com	dearevanhansen.com
2	www.youtube.com	dearevanhansen.com www.youtube.com
2	connect.facebook.net	dearevanhansen.com connect.facebook.net
2	11800103.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	dearevanhansen.wpengine.com	dearevanhansen.com
1	sp.analytics.yahoo.com
1	i.ctnsnet.com	consentag.eu
1	adservice.google.co.uk	adservice.google.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.googleadservices.com	www.googletagmanager.com
1	widget-cdn.producer360.io	widgets.tickxcore.com
1	www.googletagmanager.com	dearevanhansen.com
1	widgets.tickxcore.com	dearevanhansen.com
52	23

This site contains no links.

Subject Issuer	Validity	Valid
dearevanhansen.com R3	`2022-06-07` - `2022-09-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-05` - `2023-06-04`	a year	crt.sh
*.wpengine.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-08-03` - `2022-09-03`	a year	crt.sh
tickxcore.com Amazon	`2022-03-09` - `2023-04-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
producer360.io Amazon	`2022-03-09` - `2023-04-07`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-06` - `2022-07-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
consentag.eu DigiCert TLS RSA SHA256 2020 CA1	`2021-06-15` - `2022-07-16`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.google.co.uk GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
*.ctnsnet.com DigiCert SHA2 Secure Server CA	`2021-10-27` - `2022-11-27`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-03-15` - `2022-09-07`	6 months	crt.sh

This page contains 6 frames:

Primary Page: https://dearevanhansen.com/
Frame ID: 74B1080A143E075047AE5335445DF605
Requests: 44 HTTP requests in this frame

Frame: https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F
Frame ID: 05E4D6D2753859B7707D15E7096CB2D3
Requests: 1 HTTP requests in this frame

Frame: https://consentag.eu/public/3.0.1/popup_silent.html
Frame ID: 70B3A6EABB0386D174203EBE326CF5F1
Requests: 4 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F
Frame ID: 68B697D68A94B5FA8B8926AB8D5535DA
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.uk/ddm/fls/i/dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F
Frame ID: 14CF7AFD33EC88FD969309A9880DC67A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 8A418C7D9FBBE5510B07146806B8119A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Dear Evan Hansen | The Tony Award®-Winning Best Musical | Official Site

Page URL History Show full URLs

http://dearevanhansen.com/ HTTP 301
https://dearevanhansen.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Mustache (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

mustache(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

52
Requests

98 %
HTTPS

59 %
IPv6

18
Domains

23
Subdomains

22
IPs

5
Countries

697 kB
Transfer

2266 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dearevanhansen.com/ HTTP 301
https://dearevanhansen.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://11800103.fls.doubleclick.net/activityi;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F HTTP 302
https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F

Request Chain 50

https://ad.doubleclick.net/ddm/activity/src=11799159;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dearevanhansen.com/
Redirect Chain

http://dearevanhansen.com/
https://dearevanhansen.com/

31 KB
10 KB

507ms
448ms

Document
text/html

141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare / WP Engine
Resource Hash: 1c06aae4dd321bab89575fd7c4dad2c9be3955a6f915287c3e2ba4717f485ba0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 722049f96aa254d6-MAN
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 27 Jun 2022 18:36:34 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link: <https://dearevanhansen.com/api/>; rel="https://api.w.org/" <https://dearevanhansen.com/api/wp/v2/pages/2>; rel="alternate"; type="application/json" <https://dearevanhansen.com/>; rel=shortlink
server: cloudflare
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 11
x-cache-group: normal
x-cacheable: SHORT
x-powered-by: WP Engine

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 722049f7a97754bd-MAN
Connection: keep-alive
Content-Type: text/html
Date: Mon, 27 Jun 2022 18:36:34 GMT
Location: https://dearevanhansen.com/
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 style.min.css
dearevanhansen.com/wp-includes/css/dist/block-library/ 81 KB
11 KB 450ms
447ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.3
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 30 Mar 2022 11:30:25 GMT
server: cloudflare
age: 524287
etag: W/"62443f51-145db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 722049fc9bcd54d6-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 750e6617-7d51-415f-9310-a8399d56f651.css
fast.fonts.net/cssapi/ 11 KB
2 KB 204ms
86ms Stylesheet
text/css 2606:4700::6811:e04e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e04e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf2c6b1b16a9806781e4c0a41d6b6f8afb5e928b92efd8129b0afee215be75e9

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5929
x-amz-request-id: CT87GW28P2T2CSF3
x-amz-id-2: w+Od8jbOLYIchEH5F9xc+sMiFeg1/zsORZ6ml9mPoON56jqe6ZVHQKpiW2VEi+GgJ9bFOQjhBG8=
last-modified: Wed, 17 Feb 2021 07:51:59 GMT
server: cloudflare
etag: W/"190cfdb77e3b5ff13b9ede81979fc23b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
expires: Mon, 27 Jun 2022 18:41:34 GMT
cache-control: public, max-age=300
cf-ray: 722049fd1a0bcc62-ZRH
x-amz-meta-mtime: 1525369766

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 4 KB
2 KB 156ms
54ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1535284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 948
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IVuSxdb5Ft8fSn70RKOL1eROZgMINaHJfDi33nh1XZoBH62jg3wNJcj8pnlLIlFFIP4uBoIw9kMOdYMmuv7ZMcE%2Bx6SkZtyMsoXtDzXNMldTWFXUmGkCEmirN2xE7IsJPdCSE5j4av3%2F7jqwWSnPPqs7"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 722049fce80f0225-ZRH
expires: Sat, 17 Jun 2023 18:36:34 GMT

GET
H2 200 main-2d42e95625.css
dearevanhansen.wpengine.com/wp-content/themes/deh-v2/dist/styles/ 310 KB
49 KB 522ms
161ms Stylesheet
text/css 35.196.203.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.wpengine.com/wp-content/themes/deh-v2/dist/styles/main-2d42e95625.css
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.196.203.130 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 130.203.196.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: d74fb5beb826a0fc3215b17d2ea06a6e4ab4d343197e0e68723d0fdbeb7178b0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
last-modified: Tue, 22 Mar 2022 14:41:18 GMT
server: nginx
etag: W/"6239e00e-4d945"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H2 200 mediaelementplayer-legacy.min.css
dearevanhansen.com/wp-includes/js/mediaelement/ 11 KB
3 KB 406ms
404ms Stylesheet
text/css 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: cloudflare
age: 524375
etag: W/"5f735862-2bf8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 722049fc9bcf54d6-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
dearevanhansen.com/wp-includes/js/jquery/ 87 KB
31 KB 444ms
443ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
server: cloudflare
age: 524375
etag: W/"6048e0ac-15db1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 722049fc9bd154d6-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
dearevanhansen.com/wp-includes/js/jquery/ 11 KB
4 KB 406ms
405ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: cloudflare
age: 524375
etag: W/"5fb4e3fe-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 722049fc9bd354d6-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 DEHLogo.png
dearevanhansen.com/wp-content/uploads/2020/06/ 8 KB
9 KB 112ms
110ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dearevanhansen.com/wp-content/uploads/2020/06/DEHLogo.png
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0187add8a0f2497e996c91d03734dcd221cd4273b797b2282981d2765532a748

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
cf-cache-status: HIT
age: 520688
cf-polished: origFmt=png, origSize=15852
content-disposition: inline; filename="DEHLogo.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8382
last-modified: Tue, 22 Mar 2022 14:41:16 GMT
server: cloudflare
etag: "6239e00c-3dec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 72204a00aac03628-MAN
cf-bgj: imgq:100,h2pri

GET
H3 200 DEHLogo_Mobile.png
dearevanhansen.com/wp-content/uploads/2020/06/ 4 KB
5 KB 114ms
112ms Image
image/webp 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dearevanhansen.com/wp-content/uploads/2020/06/DEHLogo_Mobile.png
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0611f7b57ecc9cedc4ecb9274279f61980fd01da9e35cf84bf551cc7e48e5cee

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
cf-cache-status: HIT
age: 520688
cf-polished: origFmt=png, origSize=8736
content-disposition: inline; filename="DEHLogo_Mobile.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4396
last-modified: Tue, 22 Mar 2022 14:41:16 GMT
server: cloudflare
etag: "6239e00c-2220"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 72204a00aac13628-MAN
cf-bgj: imgq:100,h2pri

GET
H3 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/ 19 KB
6 KB 130ms
67ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8204560
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5676
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-4d5a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7BSHQ8PyxsCvO22Q6P6iGj3ivWoGb8ghqFhg3joQEoV58DCLAJTNkyy6S%2FYN90qghpdMHdj7cxpNfIwvE5On8vGivoSbgOhj7EsFpRM3wBcp5sXMoaT062TVea%2Fcvpt3DqltAI0nJibgOrSZyoIrRRBr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 722049ff9f1101fc-ZRH
expires: Sat, 17 Jun 2023 18:36:35 GMT

GET
H2 200 main-0d6e265ed8.js Show response
dearevanhansen.wpengine.com/wp-content/themes/deh-v2/dist/scripts/ 183 KB
54 KB 149ms
149ms Script
application/javascript 35.196.203.130
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.wpengine.com/wp-content/themes/deh-v2/dist/scripts/main-0d6e265ed8.js
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.196.203.130 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 130.203.196.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 29c134cb9b5eac247a15e3b0f97b980507ab87631e6efdc3b223838be4353710

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
last-modified: Tue, 22 Mar 2022 14:41:18 GMT
server: nginx
etag: W/"6239e00e-2da70"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000

GET
H3 200 mediaelement-and-player.min.js Show response
dearevanhansen.com/wp-includes/js/mediaelement/ 154 KB
38 KB 79ms
79ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: cloudflare
age: 524375
etag: W/"5f735862-267aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 72204a008a553628-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 mediaelement-migrate.min.js Show response
dearevanhansen.com/wp-includes/js/mediaelement/ 1 KB
800 B 111ms
111ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.3
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: cloudflare
age: 524375
etag: W/"5ff5d754-4a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 72204a00aabf3628-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 box-office.js Show response
widgets.tickxcore.com/js/1656354994604/ 798 B
956 B 204ms
64ms Script
text/javascript 18.135.85.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.tickxcore.com/js/1656354994604/box-office.js
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.85.6 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-85-6.eu-west-2.compute.amazonaws.com
Software: / Express
Resource Hash: fdfe70d3e018495d38dc6617b1cdc1d8031c6a67e738a71fd420de4bf472c12d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 27 Jun 2022 18:36:35 GMT
x-powered-by: Express
etag: W/"31e-VerTCbQP/yH8ge5XuGGtBN6DQXo"
content-length: 798
content-type: text/javascript; charset=utf-8

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 190 KB
64 KB 146ms
53ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MQ4DQJR

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e600e5cc22ce865e30696b890c10b0412aec844ad193469a76151a6b4ecb9c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64576
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 27 Jun 2022 18:36:35 GMT

GET
H3 200 wp-emoji-release.min.js Show response
dearevanhansen.com/wp-includes/js/ 18 KB
5 KB 113ms
112ms Script
application/javascript 141.193.213.20
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://dearevanhansen.com/wp-includes/js/wp-emoji-release.min.js?ver=5.9.3
Requested by: Host: dearevanhansen.com
URL: https://dearevanhansen.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 08 Jun 2021 22:15:12 GMT
server: cloudflare
age: 524375
etag: W/"60bfebf0-4705"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 72204a00aac33628-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 1.css
fast.fonts.net/t/ 0
237 B 115ms
114ms Stylesheet
text/css 2606:4700::6811:e04e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=750e6617-7d51-415f-9310-a8399d56f651
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e04e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:34 GMT
cf-cache-status: HIT
age: 200327
cf-ray: 722049fd9ab4cc62-ZRH
content-length: 0
x-amz-id-2: twb2us4UWQE0wn0cn2RNMzFG1ZTRYYUux+PvjvyjPffQxWDmSZqJTMaISsVcrHac6bM1pRPzi7I=
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: N2D83DCPR1XS5GT8
cache-control: public, max-age=0, s-maxage=604800
x-amz-version-id: null
accept-ranges: bytes
content-type: text/css; charset=utf-8
x-amz-meta-mtime: 1519217722

GET
H2 200 eb39afe0-709e-46d6-92ad-db5c3bfd24a9.woff2
fast.fonts.net/dv2/14/ 15 KB
15 KB 188ms
79ms Font
application/octet-stream 2606:4700::6811:e04e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/eb39afe0-709e-46d6-92ad-db5c3bfd24a9.woff2?d44f19a684109620e484157ba790e81816499089734fbd8e6abfc352469fbcd9cb812f3be187fae8936cdd8a6d5ef13de0c889367c5f695398befba20c15bfe6bbd043c62ff056457b9f8f28ea3899db5e8ed2dde834c67eef53468797841cb9f2a3cdb844212741125e95c1d87313822cb4daa5e9b52ba5&projectId=750e6617-7d51-415f-9310-a8399d56f651
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e04e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8cf32a06a3239d300e8ebdaf108ab403a0a8b1bc26ccfd9d66f023bb47f733c3

Request headers

Referer: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Origin: https://dearevanhansen.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
cf-cache-status: HIT
age: 5923
content-length: 15040
x-amz-request-id: M82AJVHX5ZYEXX5H
x-amz-id-2: o++l0MfhhLymXsv36JkbqPSacGoZh9j1EpCoD+efgqezfUqkBUJNztmAkzJu4AaRI6nw7UZp8MY=
expires: Mon, 27 Jun 2022 18:41:35 GMT
last-modified: Sun, 15 Nov 2020 00:59:32 GMT
server: cloudflare
etag: "c47683b1f351000d51d420d256e1b8cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
x-amz-version-id: null
accept-ranges: bytes
cf-ray: 72204a01784acc62-ZRH
x-amz-meta-mtime: 1480832938

GET
H2 200 64017d81-9430-4cba-8219-8f5cc28b923e.woff2
fast.fonts.net/dv2/14/ 15 KB
15 KB 212ms
103ms Font
application/octet-stream 2606:4700::6811:e04e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/64017d81-9430-4cba-8219-8f5cc28b923e.woff2?d44f19a684109620e484157ba790e81816499089734fbd8e6abfc352469fbcd9cb812f3be187fae8936cdd8a6d5ef13de0c889367c5f695398befba20c15bfe6bbd043c62ff056457b9f8f28ea3899db5e8ed2dde834c67eef53468797841cb9f2a3cdb844212741125e95c1d87313822cb4daa5e9b52ba5&projectId=750e6617-7d51-415f-9310-a8399d56f651
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e04e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1c7b29bc0449c071fe96d182426d66bb03c2b200493b2c6f21cfd5d55960323

Request headers

Referer: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Origin: https://dearevanhansen.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
cf-cache-status: HIT
age: 5923
content-length: 15372
x-amz-request-id: M824YG20HDKE3Y4F
x-amz-id-2: HiTwoRvGKfiLimllxXH5SP5rGBXP6+PZeXYUaq6fW/s+fCRksv9lLG3j/OleACL3VMqeGWN4oyw=
expires: Mon, 27 Jun 2022 18:41:35 GMT
last-modified: Fri, 13 Nov 2020 20:25:05 GMT
server: cloudflare
etag: "b56d3a40e32e14460827bd42309a2fed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
x-amz-version-id: null
accept-ranges: bytes
cf-ray: 72204a01784fcc62-ZRH
x-amz-meta-mtime: 1480755818

GET
H2 200 129d49d6-5492-4ed1-96f7-0528c6d53abc.woff2
fast.fonts.net/dv2/14/ 15 KB
16 KB 204ms
95ms Font
application/octet-stream 2606:4700::6811:e04e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/129d49d6-5492-4ed1-96f7-0528c6d53abc.woff2?d44f19a684109620e484157ba790e81816499089734fbd8e6abfc352469fbcd9cb812f3be187fae8936cdd8a6d5ef13de0c889367c5f695398befba20c15bfe6bbd043c62ff056457b9f8f28ea3899db5e8ed2dde834c67eef53468797841cb9f2a3cdb844212741125e95c1d87313822cb4daa5e9b52ba5&projectId=750e6617-7d51-415f-9310-a8399d56f651
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:e04e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c6c138e5c8693855650a523ea574751c52f3ca67126fa960e6501340d85f744

Request headers

Referer: https://fast.fonts.net/cssapi/750e6617-7d51-415f-9310-a8399d56f651.css
Origin: https://dearevanhansen.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
cf-cache-status: HIT
age: 5923
content-length: 15684
x-amz-request-id: M824T0JMGE99DTZX
x-amz-id-2: 5pBRuk1pI1IqjaSF+kh8+i6KTro4WcjObo0304Ln3yFbsEiZgbzknIWUHXf0RGu4dDqbS8OoNts=
expires: Mon, 27 Jun 2022 18:41:35 GMT
last-modified: Fri, 30 Oct 2020 02:10:38 GMT
server: cloudflare
etag: "5c8cee400428bf8a81af7edce3a0cae0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
x-amz-version-id: null
accept-ranges: bytes
cf-ray: 72204a01784dcc62-ZRH
x-amz-meta-mtime: 1480857141

GET
H2 200 main.js Show response
widget-cdn.producer360.io/2.3.389/ 349 KB
115 KB 170ms
50ms Script
application/javascript 143.204.89.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget-cdn.producer360.io/2.3.389/main.js
Requested by: Host: widgets.tickxcore.com
URL: https://widgets.tickxcore.com/js/1656354994604/box-office.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.89.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-89-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b6572f9f2cd99ac6578abf4f1084e82031d0cfc5e4cb7a4ed72f6653ea4a708e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 12:36:24 GMT
content-encoding: gzip
last-modified: Mon, 27 Jun 2022 12:30:25 GMT
server: AmazonS3
age: 21612
etag: "3713ca780e39c4a913b3041cbd3056ab"
vary: Origin
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 117104
x-amz-cf-id: bJVwkLmQzOcyFQuBUdGjh3bZufic3r2FwffTZfYnePw-ow-CIy404Q==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 172ms
64ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ4DQJR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

a9c87374e4ec256cc7ab841753a48a58afd958317dfb7567982b014977008d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15000
x-xss-protection: 0
server: cafe
etag: 15252473734373555178
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 27 Jun 2022 18:36:35 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 112ms
32ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ4DQJR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5874
date: Mon, 27 Jun 2022 16:58:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 27 Jun 2022 18:58:41 GMT

GET
H3

200

activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F Show response
11800103.fls.doubleclick.net/ Frame 05E4
Redirect Chain

https://11800103.fls.doubleclick.net/activityi;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F?
https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdear...

482 B
410 B

149ms
65ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ4DQJR

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

2106486ca1ef0600ea1e38b5079c670c8d1dd1c403c8208147a6b165ba10a1fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: about:blank
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 18:36:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 18:36:35 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 127ms
42ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: RKgd8ebT5vkcSimsFSA9stx7Ptpacn303dPDa5iWpWE3+5Fe76Z1uZ5DVP7z+Opn7K+08bsFa0CDHrN2Iq+ymw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 27 Jun 2022 18:36:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 154ms
59ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

924d460844903e09d017db79025b0060aa21675d4d3c0861d564e7ff22f48695

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Mon, 27 Jun 2022 18:36:35 GMT

GET
H2 200 consenTag.js Show response
consentag.eu/public/3.0.1/ 6 KB
3 KB 107ms
36ms Script
text/javascript 34.107.173.171
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://consentag.eu/public/3.0.1/consenTag.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQ4DQJR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.173.171 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 171.173.107.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: a536a31a18d00aa02e97459f5cb3890b7507e3034b194c6681942526862bb223

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 19:01:23 GMT
content-encoding: gzip
age: 257712
x-guploader-uploadid: ADPycdvfAejfXTv7DLxupNdtxdPIwOAcVW5L2bjLJxVifoPXRi7gFxczO98wfiXkCzQfxxHiEFwme40MNfcDZSD27btC_GqUJQE8
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2606
last-modified: Sun, 26 Dec 2021 13:06:31 GMT
server: UploadServer
etag: "bbf29cf3e8db1d93e091a797634232a9"
x-goog-hash: crc32c=Uvujaw==, md5=u/Kc8+jbHZPgkaeXY0IyqQ==
content-language: en
x-goog-generation: 1640523991137254
cache-control: no-transform
x-goog-stored-content-length: 2606
accept-ranges: bytes
content-type: text/javascript
expires: Sat, 24 Jun 2023 19:01:23 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 100ms
38ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=490819059&t=pageview&_s=1&dl=https%3A%2F%2Fdearevanhansen.com%2F&ul=en-us&de=UTF-8&dt=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAAC~&jid=974017000&gjid=2134667184&cid=1048240029.1656354996&tid=UA-223117062-1&_gid=1524631861.1656354996&_r=1&gtm=2wg6m0MQ4DQJR&z=1615570829

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://dearevanhansen.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dearevanhansen.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 96ms
39ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=490819059&t=pageview&_s=1&dl=https%3A%2F%2Fdearevanhansen.com%2F&ul=en-us&de=UTF-8&dt=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAC~&jid=104914591&gjid=458612510&cid=1048240029.1656354996&tid=UA-223117062-2&_gid=1524631861.1656354996&_r=1&gtm=2wg6m0MQ4DQJR&z=5604165

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://dearevanhansen.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dearevanhansen.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 78ms
34ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=490819059&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdearevanhansen.com%2F&ul=en-us&de=UTF-8&dt=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=50%25&el=%2F&_u=YGDACEABBAAAAC~&jid=&gjid=&cid=1048240029.1656354996&tid=UA-223117062-1&_gid=1524631861.1656354996&gtm=2wg6m0MQ4DQJR&z=1133209697

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 17:10:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5148
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 78ms
34ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=490819059&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdearevanhansen.com%2F&ul=en-us&de=UTF-8&dt=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=75%25&el=%2F&_u=YGDACEABBAAAAC~&jid=&gjid=&cid=1048240029.1656354996&tid=UA-223117062-1&_gid=1524631861.1656354996&gtm=2wg6m0MQ4DQJR&z=1905528130

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 17:10:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5148
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 78ms
34ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=490819059&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdearevanhansen.com%2F&ul=en-us&de=UTF-8&dt=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=100%25&el=%2F&_u=YGDACEABBAAAAC~&jid=&gjid=&cid=1048240029.1656354996&tid=UA-223117062-1&_gid=1524631861.1656354996&gtm=2wg6m0MQ4DQJR&z=590215777

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 17:10:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 5148
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 popup_silent.html Show response
consentag.eu/public/3.0.1/ Frame 70B3 12 KB
4 KB 67ms
34ms Document
text/html 34.107.173.171
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://consentag.eu/public/3.0.1/popup_silent.html
Requested by: Host: consentag.eu
URL: https://consentag.eu/public/3.0.1/consenTag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.173.171 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 171.173.107.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 028a986dd20d66c3950495d957214cda50669a831b7a5c8fcb9bf94c91f861f2

Request headers

Referer: https://dearevanhansen.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 474681
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-transform
content-encoding: gzip
content-language: en
content-length: 3889
content-type: text/html
date: Wed, 22 Jun 2022 06:45:14 GMT
etag: "961f6921c00edbfac20c24cc4deda043"
expires: Thu, 22 Jun 2023 06:45:14 GMT
last-modified: Sun, 26 Dec 2021 13:06:31 GMT
server: UploadServer
x-goog-generation: 1640523991162202
x-goog-hash: crc32c=fNucYA== md5=lh9pIcAO2/rCDCTMTe2gQw==
x-goog-metageneration: 1
x-goog-storage-class: REGIONAL
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 3889
x-guploader-uploadid: ADPycdvn4t4i4h7XIw85RaUcvaJG95WXtNUAZ3nbJeIUTUEB9sHvvCXYc-r0FnabP6vxBXK575pyEpfaOsRJe9ft3K7S6wNvjZof

GET
H3 200 1021365728452388 Show response
connect.facebook.net/signals/config/ 288 KB
83 KB 148ms
93ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1021365728452388?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d4ae202ec55f52ea96f00e64fa6e453b698aeebd60fe684763aaf30320af93db

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: FZAh0OxxDcz2r93b9uFjvJRvE19mwoHxEgoxEfHXKWVkc24eNOzodaivYXFDmP16fBnlugzHianP0YrsGBjKqg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 27 Jun 2022 18:36:35 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1656354995830
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/9c24c545/www-widgetapi.vflset/ 155 KB
50 KB 132ms
45ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/9c24c545/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32e5d3676f7cca9d4bc0898299033b5fd8dfa56c917d007a9696355d1c271c26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1545
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51402
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 17:15:44 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 27 Jun 2023 18:10:50 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10861683030/ 2 KB
2 KB 149ms
56ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10861683030/?random=1656354995720&cv=9&fst=1656354995720&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg6m0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fdearevanhansen.com%2F&tiba=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0c663061a97c57791dfce89056009252b64e18daa22a003b9e78fb51e7de29b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1066
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
447 B 139ms
50ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-223117062-2&cid=1048240029.1656354996&jid=104914591&gjid=458612510&_gid=1524631861.1656354996&_u=YGDACEABBAAAAC~&z=912887639

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://dearevanhansen.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 27 Jun 2022 18:36:35 GMT
content-type: text/plain
access-control-allow-origin: https://dearevanhansen.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ Frame 70B3 84 KB
27 KB 96ms
96ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: consentag.eu
URL: https://consentag.eu/public/3.0.1/popup_silent.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://consentag.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4559825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 26909
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-14e4a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zwsxovlbfuBP9%2Fxfq2jV4xLAWnt%2BLHud%2B09QJNtLPda5oSoqsNvNMt78wqYA7vwNJSt4eRKTbinzTQOQdhVCSPPIl%2F94drhtK5oQk5hIxN9mNoyiCQ1f%2FZL04e3YDBk2g4oBA%2FN1k9EKHlk4MSSBmZ1a"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 72204a040fa201fc-ZRH
expires: Sat, 17 Jun 2023 18:36:35 GMT

GET
H3 200 mustache.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mustache.js/2.3.0/ Frame 70B3 9 KB
3 KB 75ms
74ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mustache.js/2.3.0/mustache.min.js

Requested by

Host: consentag.eu
URL: https://consentag.eu/public/3.0.1/popup_silent.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89aa9f3b9b9ed156d219c122427f8e797c67c4030adbe4201d72030396d6b462

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://consentag.eu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8290917
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2513
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:13:29 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03f29-2538"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jx0gkf60UoXR9klLZFlysUJy6yHP9vbaeuP37IpFD3nHzm3mkAadbrpglapEsj2Ysv%2FDJkHPzXsnbmOhs%2Fq%2BtCaFwuNJYiGsTqQUBnX3ZQO2m849b%2BP1zgk6XP5PzGS0aKgaApy1mgNQ6wrr4uhlNJZS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 72204a040fa301fc-ZRH
expires: Sat, 17 Jun 2023 18:36:35 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10861683030/ 42 B
548 B 175ms
66ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10861683030/?random=1656354995720&cv=9&fst=1656352800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg6m0&sendb=1&frm=0&url=https%3A%2F%2Fdearevanhansen.com%2F&tiba=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&async=1&fmt=3&is_vtc=1&random=4192680341&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/10861683030/ 42 B
548 B 160ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/10861683030/?random=1656354995720&cv=9&fst=1656352800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg6m0&sendb=1&frm=0&url=https%3A%2F%2Fdearevanhansen.com%2F&tiba=Dear%20Evan%20Hansen%20%7C%20The%20Tony%20Award%C2%AE-Winning%20Best%20Musical%20%7C%20Official%20Site&async=1&fmt=3&is_vtc=1&random=4192680341&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F Show response
adservice.google.com/ddm/fls/i/ Frame 68B6 484 B
856 B 180ms
87ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F

Requested by

Host: 11800103.fls.doubleclick.net
URL: https://11800103.fls.doubleclick.net/activityi;dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dab4869c73a52850e552807e1479de0608fdc1eef10005c1b16afe00ee0fbc2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://11800103.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 387
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 18:36:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 109ms
78ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-223117062-2&cid=1048240029.1656354996&jid=104914591&_u=YGDACEABBAAAAC~&z=330335101

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 107ms
76ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-223117062-2&cid=1048240029.1656354996&jid=104914591&_u=YGDACEABBAAAAC~&z=330335101

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 getuam Show response
consentag.eu/manager/consent/user/ Frame 70B3 837 B
853 B 1072ms
1070ms XHR
application/json 34.107.173.171
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://consentag.eu/manager/consent/user/getuam
Requested by: Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.173.171 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 171.173.107.34.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: e02126f4778760f8f8af7cf74d2d14799c68d8138bd7494d826083ff0b777766

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://consentag.eu/public/3.0.1/popup_silent.html
X-Requested-With: XMLHttpRequest
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 27 Jun 2022 18:36:36 GMT
via: 1.1 google
etag: uk-1656354997-e0a30b5a37544ec497606ff1cbedddfa
server: Apache-Coyote/1.1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 837
content-type: application/json

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 131ms
41ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1021365728452388&ev=PageView&dl=https%3A%2F%2Fdearevanhansen.com%2F&rl=&if=false&ts=1656354995991&sw=1600&sh=1200&v=2.9.62&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1656354995990.2038778216&it=1656354995703&coo=false&exp=p0&rqm=GET

Requested by

Host: dearevanhansen.com
URL: https://dearevanhansen.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 18:36:36 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 27 Jun 2022 18:36:36 GMT

GET
H2 200 dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F Show response
adservice.google.co.uk/ddm/fls/i/ Frame 14CF 194 B
870 B 201ms
81ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.uk/ddm/fls/i/dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMj7kJmjzvgCFczS1Qod78IMfg;src=11800103;type=dehsi0;cat=dehwe0;ord=2725895932990;gtm=2wg6m0;auiddc=37885898.1656354996;~oref=https%3A%2F%2Fdearevanhansen.com%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 18:36:36 GMT
expires: Mon, 27 Jun 2022 18:36:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 8A41 0
18 B 109ms
51ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://dearevanhansen.com
Referer: https://dearevanhansen.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://dearevanhansen.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 27 Jun 2022 18:36:36 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 integration Show response
i.ctnsnet.com/int/ 727 B
711 B 103ms
36ms Script
text/javascript 35.186.193.173
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ctnsnet.com/int/integration?pixel=71199634&nid=66354764&cont=s&loc=https%3A%2F%2Fdearevanhansen.com%2F&ref=&cst=true&gdpr_consent=
Requested by: Host: consentag.eu
URL: https://consentag.eu/public/3.0.1/consenTag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 173.193.186.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: 65eedf651cfba6e40049b7dc1ccb951ef2319f655787fa42ff78575fd5dba3d8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:37 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CUR OUR NOR"
via: 1.1 google
cache-control: no-cache, must-revalidate
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ 43 B
632 B 125ms
40ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=10182863

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:37 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Mon, 27 Jun 2022 18:36:37 GMT

GET
H3

200

src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=11799159;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;or...
https://adservice.google.com/ddm/fls/z/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1

42 B
63 B

161ms
77ms

Image
image/gif

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1

Protocol

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://dearevanhansen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 27 Jun 2022 18:36:37 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=11799159;dc_pre=CIrL65mjzvgCFQSSGAodGncOVA;type=invmedia;cat=dear_0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=1;gdpr_consent=;ord=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.fonts.net/	1970-01-20 04:05:56	Name: __cf_bm Value: .pkk3RBJo65TIfNdkZ3AP4KCn1sCadMDsnKEeDXNJmc-1656354994-0-AQUt8G3dAAEiQiuTagTwTYXaotunI0vwO72P48gY2HD610WlEM1TKmVhXuCMO8xMnThzo26UdfkrGOGrQrkCxDA=
.dearevanhansen.com/	1970-01-20 06:15:30	Name: _gcl_au Value: 1.1.37885898.1656354996
.dearevanhansen.com/	1970-01-20 21:37:06	Name: _ga Value: GA1.2.1048240029.1656354996
.dearevanhansen.com/	1970-01-20 04:07:21	Name: _gid Value: GA1.2.1524631861.1656354996
.dearevanhansen.com/	1970-01-20 04:05:55	Name: _gat_UA-223117062-1 Value: 1
.dearevanhansen.com/	1970-01-20 04:05:55	Name: _gat_UA-223117062-2 Value: 1
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: CgOGXz8NY7s
.youtube.com/	1970-01-20 08:25:06	Name: VISITOR_INFO1_LIVE Value: qaAWm8A66-I
dearevanhansen.com/	1969-12-31 23:59:59	Name: txboutm Value: {}
.doubleclick.net/	1970-01-20 04:05:55	Name: test_cookie Value: CheckForPermission
.dearevanhansen.com/	1970-01-20 06:15:30	Name: _fbp Value: fb.1.1656354995990.2038778216
.facebook.com/	1970-01-20 06:15:30	Name: fr Value: 0hU7yOdQhhyBxHS1g..Biufi0...1.0.Biufi0.
.consentag.eu/	1970-01-20 07:41:54	Name: bid Value: uk-1656354997-e0a30b5a37544ec497606ff1cbedddfa
dearevanhansen.com/	1970-01-20 12:51:30	Name: __tmbid Value: uk-1656354997-e0a30b5a37544ec497606ff1cbedddfa
.ctnsnet.com/	1970-01-20 12:51:30	Name: cid_2a51ad091da049759eeaa5353fc82128 Value: 1
.yahoo.com/	1970-01-20 12:51:52	Name: A3 Value: d=AQABBLX4uWICELpCrafs7xfoNCm2GA8FvIgFEgEBAQFKu2LDYgAAAAAA_eMAAA&S=AQAAAnweyDYb5Pip-c6V32fx2Iw

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

11800103.fls.doubleclick.net
ad.doubleclick.net
adservice.google.co.uk
adservice.google.com
cdnjs.cloudflare.com
connect.facebook.net
consentag.eu
dearevanhansen.com
dearevanhansen.wpengine.com
fast.fonts.net
googleads.g.doubleclick.net
i.ctnsnet.com
sp.analytics.yahoo.com
stats.g.doubleclick.net
widget-cdn.producer360.io
widgets.tickxcore.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
141.193.213.20
142.250.185.98
142.250.186.166
143.204.89.26
18.135.85.6
2001:4860:4802:32::178
212.82.100.181
2606:4700::6811:180e
2606:4700::6811:e04e
2a00:1450:4001:801::2004
2a00:1450:4001:802::2002
2a00:1450:4001:803::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:827::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2008
2a00:1450:400c:c07::9a
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
34.107.173.171
35.186.193.173
35.196.203.130
0187add8a0f2497e996c91d03734dcd221cd4273b797b2282981d2765532a748
028a986dd20d66c3950495d957214cda50669a831b7a5c8fcb9bf94c91f861f2
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0611f7b57ecc9cedc4ecb9274279f61980fd01da9e35cf84bf551cc7e48e5cee
0c663061a97c57791dfce89056009252b64e18daa22a003b9e78fb51e7de29b7
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1c06aae4dd321bab89575fd7c4dad2c9be3955a6f915287c3e2ba4717f485ba0
2106486ca1ef0600ea1e38b5079c670c8d1dd1c403c8208147a6b165ba10a1fd
29c134cb9b5eac247a15e3b0f97b980507ab87631e6efdc3b223838be4353710
32e5d3676f7cca9d4bc0898299033b5fd8dfa56c917d007a9696355d1c271c26
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
5c6c138e5c8693855650a523ea574751c52f3ca67126fa960e6501340d85f744
65eedf651cfba6e40049b7dc1ccb951ef2319f655787fa42ff78575fd5dba3d8
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7e600e5cc22ce865e30696b890c10b0412aec844ad193469a76151a6b4ecb9c0
7f34b768792b90cf0b04fced2470e43d8fab7644f6565d5178fbfb49c4859cee
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
89aa9f3b9b9ed156d219c122427f8e797c67c4030adbe4201d72030396d6b462
8cf32a06a3239d300e8ebdaf108ab403a0a8b1bc26ccfd9d66f023bb47f733c3
924d460844903e09d017db79025b0060aa21675d4d3c0861d564e7ff22f48695
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a536a31a18d00aa02e97459f5cb3890b7507e3034b194c6681942526862bb223
a9c87374e4ec256cc7ab841753a48a58afd958317dfb7567982b014977008d1b
af4c6683814aa527caf53bde3d021e6aafe00833b45f2dead043c87ed7864674
b1c7b29bc0449c071fe96d182426d66bb03c2b200493b2c6f21cfd5d55960323
b6572f9f2cd99ac6578abf4f1084e82031d0cfc5e4cb7a4ed72f6653ea4a708e
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bf2c6b1b16a9806781e4c0a41d6b6f8afb5e928b92efd8129b0afee215be75e9
cdbdaa122823601390c7dcbdd1afde33c2f1a432b8c5ff025c6137ee99ba541a
d4ae202ec55f52ea96f00e64fa6e453b698aeebd60fe684763aaf30320af93db
d74fb5beb826a0fc3215b17d2ea06a6e4ab4d343197e0e68723d0fdbeb7178b0
dab4869c73a52850e552807e1479de0608fdc1eef10005c1b16afe00ee0fbc2b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e02126f4778760f8f8af7cf74d2d14799c68d8138bd7494d826083ff0b777766
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fdfe70d3e018495d38dc6617b1cdc1d8031c6a67e738a71fd420de4bf472c12d

dearevanhansen.com Open in urlscan Pro 141.193.213.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

98 %HTTPS

59 %IPv6

18 Domains

23 Subdomains

22 IPs

5 Countries

697 kBTransfer

2266 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

dearevanhansen.com Open in urlscan Pro
141.193.213.20 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

98 %
HTTPS

59 %
IPv6

18
Domains

23
Subdomains

22
IPs

5
Countries

697 kB
Transfer

2266 kB
Size

16
Cookies

52 HTTP transactions
0 data transactions