whattoexpect.cysthost.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response whattoexpect.cysthost.com/	245 KB 29 KB	803ms 735ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 42fd88c769cbcd977d2170459ad7bf4297797b781ec76161a910ff4a526d97d5 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache cf-cache-status DYNAMIC cf-ray 75fe741dcc8a9c10-FRA content-encoding br content-type text/html; charset=utf-8 date Tue, 25 Oct 2022 22:40:23 GMT last-modified Tuesday, 25-Oct-2022 22:40:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46IG8rRcWlq3XftBgMgNYK2fnNPGqETABDa6aSby8rIgSiO6IwI1qzcFuB5mokdxmhq8tI6KOo%2B1liaqUWutFfPG%2B0WoPwf5J3x8uocG9HpSxtYBb0AMNLJX7yigl7aTsRXBLZ2FPsXiZJfgS697oNUBIeVCZxvO"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	css2 fonts.googleapis.com/	8 KB 1 KB	101ms 30ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 46cdc9a385ddddf4dc7b157d5fa9576dab57cd608d6b5b8e1b33bec209692af7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://whattoexpect.cysthost.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 25 Oct 2022 22:40:23 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 25 Oct 2022 21:55:13 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Oct 2022 22:40:23 GMT
GET H2	200	mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 fonts.gstatic.com/s/opensans/v18/	15 KB 15 KB	70ms 20ms	Font font/woff2	2a00:1450:4001:809::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://whattoexpect.cysthost.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 19:55:03 GMT x-content-type-options nosniff age 9920 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 15056 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:11:00 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 25 Oct 2023 19:55:03 GMT
GET H2	200	mem8YaGs126MiZpBA-UFVZ0b.woff2 fonts.gstatic.com/s/opensans/v18/	14 KB 14 KB	91ms 42ms	Font font/woff2	2a00:1450:4001:809::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2 Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://whattoexpect.cysthost.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 06:34:01 GMT x-content-type-options nosniff age 403582 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14380 x-xss-protection 0 last-modified Tue, 15 Sep 2020 18:09:22 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Sat, 21 Oct 2023 06:34:01 GMT
GET H2	200	BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rj.woff2 fonts.gstatic.com/s/robotoslab/v13/	19 KB 19 KB	73ms 25ms	Font font/woff2	2a00:1450:4001:809::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotoslab/v13/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjo0oSmb2Rj.woff2 Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash fd1b1825e279f7679f77d32cb9b4bad74b8c57d217c73635c76123729ef7d7aa Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://whattoexpect.cysthost.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 05:16:59 GMT x-content-type-options nosniff age 62604 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19224 x-xss-protection 0 last-modified Thu, 28 Jan 2021 22:04:09 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 25 Oct 2023 05:16:59 GMT
GET H2	200	homepageNew.css content.whattoexpect.com/assets/whattoexpect/dist/	224 KB 39 KB	151ms 52ms	Stylesheet text/css	2.16.186.138 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://content.whattoexpect.com/assets/whattoexpect/dist/homepageNew.css?8328_18597 Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-138.deploy.static.akamaitechnologies.com Software / Resource Hash 670313f1cbaa7fd5b04e7809f5987072b46857a2d80576d7efcf85c92a7eeb5e Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers x-amz-version-id h0etVwf6KtihJVq9gWr3hn9Li1fnkL2E content-encoding gzip date Tue, 25 Oct 2022 22:40:23 GMT x-amz-request-id 5MVAMZ97DEHG9CHQ x-amz-replication-status COMPLETED content-length 38893 x-amz-id-2 BpzSkSp7Dn/klCIPvqtUwN514ObfZaJKYMsewahpmW1hvsl9TZCsi4fxdslMAHhSYCHm1P0L3uU= last-modified Thu, 20 Oct 2022 14:37:02 GMT vary Accept-Encoding access-control-max-age 86400 content-type text/css access-control-allow-origin * access-control-allow-methods GET,POST cache-control max-age=604800 access-control-allow-credentials false accept-ranges bytes access-control-allow-headers * expires Tue, 01 Nov 2022 22:40:23 GMT
GET H2	404	logo.v3.svg www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/	5 KB 5 KB	241ms 168ms	Image text/html	2.16.186.138 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/logo.v3.svg Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-138.deploy.static.akamaitechnologies.com Software / Resource Hash 7b8fc5d3c2503feadd39c222f73e3404a446bcae1b992cecd55268eebbe7e18f Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers access-control-allow-origin * date Tue, 25 Oct 2022 22:40:23 GMT access-control-allow-headers Content-Type content-length 103271 x-frame-options SAMEORIGIN access-control-allow-methods GET x-device desktop
GET H2	404	lazy-load-img-placeholder.svg www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/	27 KB 27 KB	513ms 440ms	Image text/html	2.16.186.138 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/lazy-load-img-placeholder.svg Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-138.deploy.static.akamaitechnologies.com Software / Resource Hash b7e7e370eef728d7a64467f9909d13ee924ec966b80e8584a4c2e41813c15eeb Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers access-control-allow-origin * date Tue, 25 Oct 2022 22:40:23 GMT access-control-allow-headers Content-Type content-length 103343 x-frame-options SAMEORIGIN access-control-allow-methods GET x-device desktop
GET H2	404	png;base64,iVBORw0KGgoAAAANSUhEUgAAAXcAAADIAQMAAAAp5TOpAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAANQTFRFAAAAp3o92gAAAAF0Uk5TAEDm2GYAAAAgSURBVHic7cExAQAAAMKg9U9tB2+gAAAAAAAAAAAAeAwlgAABoZMkig... www.whattoexpect.com/data:image/	0 460 B	386ms 313ms	Image text/plain	2.16.186.138 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.whattoexpect.com/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAXcAAADIAQMAAAAp5TOpAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAANQTFRFAAAAp3o92gAAAAF0Uk5TAEDm2GYAAAAgSURBVHic7cExAQAAAMKg9U9tB2+gAAAAAAAAAAAAeAwlgAABoZMkigAAAABJRU5ErkJggg== Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-138.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers access-control-allow-origin * date Tue, 25 Oct 2022 22:40:23 GMT access-control-allow-headers Content-Type content-length 0 x-frame-options SAMEORIGIN access-control-allow-methods GET x-device desktop
GET H2	400	ACwAAAAAAQABAAACADs= www.whattoexpect.com/data:image/gif;base64,R0lGODlhAQABAAD/	0 0	391ms 318ms	Image text/html	2.16.186.138 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.whattoexpect.com/data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.138 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-138.deploy.static.akamaitechnologies.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers
GET H2	200	jsnext.js Show response cloud.nextagc.com/	2 KB 2 KB	394ms 335ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cloud.nextagc.com/jsnext.js?uid=81&m=dash Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f3046f938844e7869e82206cfcaee12a5de8f416b22dccd49b25da83d811a0b6 Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:40:23 GMT content-encoding br cf-cache-status BYPASS last-modified Tuesday, 25-Oct-2022 22:40:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding access-control-allow-methods POST,GET,OPTIONS content-type application/javascript;charset=utf-8 access-control-allow-origin * report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M1G6EDNRuBbmxfIrZc15duHkW%2FhKWqoNvzR9A2FHnzU1iaHDii7gBVLXmYCNzhDUUkvo%2Fa%2Fl9hXfoyApTjOesdRzbE38N2NTG2Cpnzt%2BbVwtszrah4gI%2BpomK5Cib6reTeb6YsavRK6AHENnfgic%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control no-store, no-cache cf-ray 75fe742338a9913a-FRA access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	mobile-menu.v3.svg images.agoramedia.com/wte3.0/gcms/redesign/	165 B 394 B	101ms 21ms	Image image/svg+xml	2.16.186.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.agoramedia.com/wte3.0/gcms/redesign/mobile-menu.v3.svg Requested by Host: content.whattoexpect.com URL: https://content.whattoexpect.com/assets/whattoexpect/dist/homepageNew.css?8328_18597 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-224.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash cc27e36cf99600793325f4301a6c184483643df521bb29099a90b2f25cd51206 Request headers accept-language nl-NL,nl;q=0.9 Referer https://content.whattoexpect.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:40:23 GMT content-encoding gzip server-id EHWIMG04 last-modified Thu, 28 May 2020 12:34:41 GMT server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET irmsg Passthrough vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=637768, s-maxage=2592000 content-length 153
GET H2	200	hero-bg-home-gradient2.svg images.agoramedia.com/wte3.0/gcms/redesign/	2 KB 1 KB	99ms 21ms	Image image/svg+xml	2.16.186.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.agoramedia.com/wte3.0/gcms/redesign/hero-bg-home-gradient2.svg Requested by Host: content.whattoexpect.com URL: https://content.whattoexpect.com/assets/whattoexpect/dist/homepageNew.css?8328_18597 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-224.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 2cc6f0f30d724e3d3446a2bef7cc237cfeacdb52b61f36d022bff1b2c852b3b4 Request headers accept-language nl-NL,nl;q=0.9 Referer https://content.whattoexpect.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:40:23 GMT content-encoding gzip server-id EHWIMG04 last-modified Fri, 01 Apr 2022 18:38:50 GMT server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET irmsg Passthrough vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=1541609, s-maxage=2592000 content-length 886
GET H2	200	hero-bg-home-noise2.png images.agoramedia.com/wte3.0/gcms/redesign/	29 KB 29 KB	98ms 22ms	Image image/png	2.16.186.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.agoramedia.com/wte3.0/gcms/redesign/hero-bg-home-noise2.png Requested by Host: content.whattoexpect.com URL: https://content.whattoexpect.com/assets/whattoexpect/dist/homepageNew.css?8328_18597 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-224.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash aad98f03e207f8dcb6089795ea5b69818cf706added109860482e0971d2887be Request headers accept-language nl-NL,nl;q=0.9 Referer https://content.whattoexpect.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:40:23 GMT server-id EHWIMG03 last-modified Fri, 01 Apr 2022 18:38:50 GMT server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET irmsg Passthrough content-type image/png cache-control public, max-age=1270722, s-maxage=2592000 content-length 29638
GET DATA	200 OK	truncated /	449 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a063df4f120e2bb4170c85f37d0ada56dbe031ec878d9f3d24de209e8a57094f Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	449 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash dd7b26653ebb6e293ae066a4b51d04ad8889cc12d7d453b20100b25f7695e4c1 Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	734 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 0b920ec0c6f9c219f63dbb3427fe8caf4b92ed9e1ffc5d1fc70656fb8f4fd671 Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	293 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 42563d0b6fb0bf38b1421c64cf901cabb5641c7a9c63830c334d21ad8f829d21 Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	topic-show-more-down-arrow.svg images.agoramedia.com/wte3.0/gcms/redesign/	334 B 485 B	75ms 22ms	Image image/svg+xml	2.16.186.224 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://images.agoramedia.com/wte3.0/gcms/redesign/topic-show-more-down-arrow.svg Requested by Host: content.whattoexpect.com URL: https://content.whattoexpect.com/assets/whattoexpect/dist/homepageNew.css?8328_18597 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.16.186.224 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-16-186-224.deploy.static.akamaitechnologies.com Software Microsoft-IIS/10.0 / ASP.NET Resource Hash a7fd85751c1c0e51ce4b670504a034f5c5591dbbe5bfa8dbf6e5332a6de90d16 Request headers accept-language nl-NL,nl;q=0.9 Referer https://content.whattoexpect.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:40:23 GMT content-encoding gzip server-id EHWIMG04 last-modified Wed, 18 Jul 2018 10:28:46 GMT server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET irmsg Passthrough vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=775547, s-maxage=2592000 content-length 244
GET H2	200	css2 fonts.googleapis.com/	7 KB 691 B	29ms 29ms	Font text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap Requested by Host: whattoexpect.cysthost.com URL: https://whattoexpect.cysthost.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2b14ba1676063b6f2620dd1820c768e9cdb990f69519e76aef69cf2ab1e7c6b7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://whattoexpect.cysthost.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Tue, 25 Oct 2022 22:40:23 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Tue, 25 Oct 2022 21:53:42 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Tue, 25 Oct 2022 22:40:23 GMT
GET H3	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v25/	30 KB 30 KB	86ms 21ms	Font font/woff2	2a00:1450:4001:809::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600;700&display=swap Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://whattoexpect.cysthost.com accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 21 Oct 2022 01:41:22 GMT x-content-type-options nosniff age 421141 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30928 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:57:39 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 21 Oct 2023 01:41:22 GMT
GET H/1.1	403 Forbidden	invoke.js drawingwheels.com/82d4b0f6495aa90a07471062d1163f87/	0 0	937ms 102ms	Script application/javascript	173.233.137.36 SERVERS-COM
General Check archive.org Show headers Download Go to Full URL https://drawingwheels.com/82d4b0f6495aa90a07471062d1163f87/invoke.js Requested by Host: cloud.nextagc.com URL: https://cloud.nextagc.com/jsnext.js?uid=81&m=dash Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 173.233.137.36 , United States, ASN7979 (SERVERS-COM, US), Reverse DNS Software nginx/1.19.5 / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Tue, 25 Oct 2022 22:40:24 GMT Server nginx/1.19.5 Accept-CH Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA P3P CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Access-Control-Allow-Origin * Content-Type application/javascript Connection keep-alive Content-Length 0
GET H2	200	js15_as.js Show response s10.histats.com/	11 KB 4 KB	81ms 18ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: cloud.nextagc.com URL: https://cloud.nextagc.com/jsnext.js?uid=81&m=dash Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Tue, 25 Oct 2022 22:35:40 GMT content-encoding br last-modified Thu, 16 Apr 2020 10:44:16 GMT x-cacheable Matched cache x-cdn-pop-ip 51.254.41.128/25 etag "-375139978" content-type text/javascript x-cdn-pop rbx1 accept-ranges bytes content-length 4364 x-request-id 511673314
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/	50 B 184 B	301ms 96ms	Script text/html	192.99.8.27 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4690849&@f16&@g1&@h1&@i1&@j1666737624040&@k0&@l1&@mUSA%20TODAY%20s%20%7C%20%F0%9F%98%91%F0%9F%98%A0%F0%9F%A7%90%20What%20to%20Expect%20-%20The%20Most%20Trusted%20Pregnancy%20%26%20Parenting%20Brand&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-57195757&@b3:1666737624&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fwhattoexpect.cysthost.com%2F&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.99.8.27 , Canada, ASN16276 (OVH, FR), Reverse DNS ns500876.ip-192-99-8.net Software / Resource Hash 2b1c3a4032d21954e85c880f47710c6baeab2675ef4a4cc4a846b3d97c310b5d Request headers accept-language nl-NL,nl;q=0.9 Referer https://whattoexpect.cysthost.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers Date Tue, 25 Oct 2022 22:40:24 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| setInnerHTML function| inject object| _Hasync object| atOptions function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.whattoexpect.com/	1970-01-20 07:09:02	Name: AWSALBCORS Value: r1t2pyO4JCPozUsU2VsdM6DGatJYqp+RPWXImlUgj+erjohQH4tiWCWsTwZ6ugJ5B5Agthnbcvmc0trxRWclxTLstmvsitv4+Bz/bMAKxfEDO3jUG2i9nRDLXujR
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstCfa4690849 Value: 1666737624040
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstCla4690849 Value: 1666737624040
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstCmu4690849 Value: 1666737624040
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstPn4690849 Value: 1
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstPt4690849 Value: 1
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstCnv4690849 Value: 1
			whattoexpect.cysthost.com/	1970-01-20 15:44:33	Name: HstCns4690849 Value: 1

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://whattoexpect.cysthost.com/ Message: Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap
other	warning	URL: https://whattoexpect.cysthost.com/ Message: OTS parsing error: invalid sfntVersion: 791289955
other	warning	URL: https://whattoexpect.cysthost.com/ Message: Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap
other	warning	URL: https://whattoexpect.cysthost.com/ Message: OTS parsing error: invalid sfntVersion: 791289955
other	warning	URL: https://whattoexpect.cysthost.com/ Message: Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap
other	warning	URL: https://whattoexpect.cysthost.com/ Message: OTS parsing error: invalid sfntVersion: 791289955
other	warning	URL: https://whattoexpect.cysthost.com/ Message: Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap
other	warning	URL: https://whattoexpect.cysthost.com/ Message: OTS parsing error: invalid sfntVersion: 791289955
other	warning	URL: https://whattoexpect.cysthost.com/ Message: Failed to decode downloaded font: https://fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;700&display=swap
other	warning	URL: https://whattoexpect.cysthost.com/ Message: OTS parsing error: invalid sfntVersion: 791289955
network	error	URL: https://www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/logo.v3.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.whattoexpect.com/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAXcAAADIAQMAAAAp5TOpAAAAAXNSR0IB2cksfwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAANQTFRFAAAAp3o92gAAAAF0Uk5TAEDm2GYAAAAgSURBVHic7cExAQAAAMKg9U9tB2+gAAAAAAAAAAAAeAwlgAABoZMkigAAAABJRU5ErkJggg== Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.whattoexpect.com/data:image/gif;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs= Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://www.whattoexpect.com/images.agoramedia.com/wte3.0/gcms/redesign/lazy-load-img-placeholder.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://drawingwheels.com/82d4b0f6495aa90a07471062d1163f87/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cloud.nextagc.com
content.whattoexpect.com
drawingwheels.com
fonts.googleapis.com
fonts.gstatic.com
images.agoramedia.com
s10.histats.com
s4.histats.com
whattoexpect.cysthost.com
www.whattoexpect.com
173.233.137.36
192.99.8.27
2.16.186.138
2.16.186.224
2a00:1450:4001:809::2003
2a00:1450:4001:829::200a
2a06:98c1:3120::3
2a06:98c1:3121::3
46.105.201.240
0b920ec0c6f9c219f63dbb3427fe8caf4b92ed9e1ffc5d1fc70656fb8f4fd671
2b14ba1676063b6f2620dd1820c768e9cdb990f69519e76aef69cf2ab1e7c6b7
2b1c3a4032d21954e85c880f47710c6baeab2675ef4a4cc4a846b3d97c310b5d
2cc6f0f30d724e3d3446a2bef7cc237cfeacdb52b61f36d022bff1b2c852b3b4
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
42563d0b6fb0bf38b1421c64cf901cabb5641c7a9c63830c334d21ad8f829d21
42fd88c769cbcd977d2170459ad7bf4297797b781ec76161a910ff4a526d97d5
46cdc9a385ddddf4dc7b157d5fa9576dab57cd608d6b5b8e1b33bec209692af7
670313f1cbaa7fd5b04e7809f5987072b46857a2d80576d7efcf85c92a7eeb5e
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
7b8fc5d3c2503feadd39c222f73e3404a446bcae1b992cecd55268eebbe7e18f
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a063df4f120e2bb4170c85f37d0ada56dbe031ec878d9f3d24de209e8a57094f
a7fd85751c1c0e51ce4b670504a034f5c5591dbbe5bfa8dbf6e5332a6de90d16
aad98f03e207f8dcb6089795ea5b69818cf706added109860482e0971d2887be
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
b7e7e370eef728d7a64467f9909d13ee924ec966b80e8584a4c2e41813c15eeb
cc27e36cf99600793325f4301a6c184483643df521bb29099a90b2f25cd51206
dd7b26653ebb6e293ae066a4b51d04ad8889cc12d7d453b20100b25f7695e4c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3046f938844e7869e82206cfcaee12a5de8f416b22dccd49b25da83d811a0b6
fd1b1825e279f7679f77d32cb9b4bad74b8c57d217c73635c76123729ef7d7aa