whitehelmets.org Open in urlscan Pro
2600:9000:2761:da00:8:7be3:d680:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://whitehelmets.org/
Effective URL:
https://whitehelmets.org/en/
Submission: On August 25 via manual (August 25th 2024, 9:20:13 am UTC) from GB — Scanned from GB

Summary HTTP 61 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 16 domains to perform 61 HTTP transactions. The main IP is 2600:9000:2761:da00:8:7be3:d680:93a1, located in United States and belongs to AMAZON-02, US. The main domain is whitehelmets.org.
TLS certificate: Issued by Amazon RSA 2048 M02 on June 12th 2024. Valid for: a year.

This is the only time whitehelmets.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2600:9000:276... 2600:9000:2761:da00:8:7be3:d680:93a1	16509 (AMAZON-02) (AMAZON-02)
19	2606:4700:10:... 2606:4700:10::6816:3e4b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.134.82 172.67.134.82	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
1	162.159.138.60 162.159.138.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2600:9000:206... 2600:9000:206f:1400:e:9f27:c080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
5	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
2	13.248.139.42 13.248.139.42	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
7	35.157.134.11 35.157.134.11	16509 (AMAZON-02) (AMAZON-02)
1	151.101.193.21 151.101.193.21	54113 (FASTLY) (FASTLY)
1 4	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1	35.81.31.24 35.81.31.24	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
1 2	34.147.177.40 34.147.177.40	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:2800:233... 2606:2800:233:ce53:4396:b914:64c2:638e	15133 (EDGECAST) (EDGECAST)
61	23

2 2600:9000:2761:da00:8:7be3:d680:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

whitehelmets.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700:10::6816:3e4b (United States)

ASN13335 (CLOUDFLARENET, US)

www.whitehelmets.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
act.whitehelmets.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.134.82 (United States)

ASN13335 (CLOUDFLARENET, US)

json.geoiplookup.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:206f:1400:e:9f27:c080:93a1 (United States)

ASN16509 (AMAZON-02, US)

d3rta84bycnbpe.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

js.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.139.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae1d37305401c759d.awsglobalaccelerator.com

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.157.134.11 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.194.133 (San Francisco, United States) 1 redirects

ASN54113 (FASTLY, US)

assets.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.31.24 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-31-24.us-west-2.compute.amazonaws.com

ssl.kaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.21 (San Francisco, United States)

ASN54113 (FASTLY, US)

c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.147.177.40 (London, United Kingdom) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 40.177.147.34.bc.googleusercontent.com

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lhr.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:ce53:4396:b914:64c2:638e (United States)

ASN15133 (EDGECAST, US)

c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	whitehelmets.org 1 redirects whitehelmets.org www.whitehelmets.org act.whitehelmets.org	399 KB
16	braintreegateway.com 1 redirects js.braintreegateway.com — Cisco Umbrella Rank: 12556 client-analytics.braintreegateway.com — Cisco Umbrella Rank: 11587 assets.braintreegateway.com — Cisco Umbrella Rank: 28460	64 KB
5	paypal.com 1 redirects c.paypal.com — Cisco Umbrella Rank: 9523 b.stats.paypal.com — Cisco Umbrella Rank: 7102 lhr.stats.paypal.com — Cisco Umbrella Rank: 42963 c6.paypal.com — Cisco Umbrella Rank: 12766	25 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104 region1.google-analytics.com — Cisco Umbrella Rank: 3123	21 KB
3	cloudfront.net d3rta84bycnbpe.cloudfront.net	8 KB
3	google.com www.google.com — Cisco Umbrella Rank: 10	959 B
2	braintree-api.com payments.braintree-api.com — Cisco Umbrella Rank: 13056	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	70 KB
1	kaptcha.com ssl.kaptcha.com — Cisco Umbrella Rank: 9830
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	93 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	33 KB
1	gstatic.com www.gstatic.com	213 KB
1	vimeo.com player.vimeo.com — Cisco Umbrella Rank: 3381
1	geoiplookup.io json.geoiplookup.io — Cisco Umbrella Rank: 87808	852 B
0	polyfill.io Failed polyfill.io Failed
61	16

	Domain	Requested by
12	www.whitehelmets.org	whitehelmets.org www.whitehelmets.org d3rta84bycnbpe.cloudfront.net
7	client-analytics.braintreegateway.com	js.braintreegateway.com
7	act.whitehelmets.org	www.whitehelmets.org act.whitehelmets.org
5	js.braintreegateway.com	act.whitehelmets.org
4	assets.braintreegateway.com	1 redirects js.braintreegateway.com
3	d3rta84bycnbpe.cloudfront.net	act.whitehelmets.org
3	www.google.com	whitehelmets.org www.gstatic.com
2	c.paypal.com	js.braintreegateway.com c.paypal.com
2	payments.braintree-api.com	js.braintreegateway.com
2	www.google-analytics.com	act.whitehelmets.org www.google-analytics.com
2	www.facebook.com	whitehelmets.org
2	connect.facebook.net	whitehelmets.org connect.facebook.net
2	whitehelmets.org	1 redirects
1	c6.paypal.com	act.whitehelmets.org
1	lhr.stats.paypal.com	act.whitehelmets.org
1	b.stats.paypal.com	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	ssl.kaptcha.com	js.braintreegateway.com
1	www.googletagmanager.com	www.google-analytics.com
1	ajax.googleapis.com	act.whitehelmets.org
1	www.gstatic.com	www.google.com
1	player.vimeo.com	www.whitehelmets.org
1	json.geoiplookup.io	whitehelmets.org
0	polyfill.io Failed	whitehelmets.org
61	24

This site contains links to these domains. Also see Links.

Domain
www.whitehelmets.org
www.facebook.com
www.twitter.com
www.netflix.com
itunes.apple.com
www.cbsnews.com
time.com
thesyriacampaign.org
www.thesyriacampaign.org

Subject Issuer	Validity	Valid
whitehelmets.org Amazon RSA 2048 M02	`2024-06-12` - `2025-07-10`	a year	crt.sh
geoiplookup.io WE1	`2024-08-20` - `2024-11-18`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
player.vimeo.com WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2024-06-13` - `2025-06-12`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2024-07-18` - `2025-07-17`	a year	crt.sh
client-analytics.braintreegateway.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-24` - `2025-01-23`	a year	crt.sh
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA	`2024-07-15` - `2025-07-15`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://whitehelmets.org/en/
Frame ID: 03BB15BE6AFB5A090332A4D9EFA84EF3
Requests: 22 HTTP requests in this frame

Frame: https://act.whitehelmets.org/act/peoples-million
Frame ID: AED45893E5E11CA1830BDAE66FE6F17F
Requests: 29 HTTP requests in this frame

Frame: https://player.vimeo.com/video/307091049?autoplay=1&loop=1&muted=1&title=0&byline=0&controls=0
Frame ID: F3EEACBA9CC769C7B0872349E3113992
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LetQiEUAAAAAC5mkK_YsHGJjLE7vxjMTIaNn3MA&co=aHR0cHM6Ly93aGl0ZWhlbG1ldHMub3JnOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=wkhxbae2v7dn
Frame ID: 19B3F824DB4345FBDB48E57D9884B432
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LetQiEUAAAAAC5mkK_YsHGJjLE7vxjMTIaNn3MA
Frame ID: 7CC90DD6070B64D322C7DF42038E6FB5
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html
Frame ID: 14B4A462DF8D6BFB66ACA93B54C96E19
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html
Frame ID: 82B06EC113DFDDF155A0FD833D5784EE
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html
Frame ID: 1F2860BD48FA1A1D941E067A25D5D42D
Requests: 1 HTTP requests in this frame

Frame: https://ssl.kaptcha.com/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3
Frame ID: 77EE46CDBD65B977B3C10057A71C0304
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 7411A31511126A797B8A512252E0CE6A
Requests: 1 HTTP requests in this frame

Frame: https://lhr.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14
Frame ID: C212D5D87D64C25F5506FC8E5B02E14B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Support the White Helmets

Page URL History Show full URLs

http://whitehelmets.org/ HTTP 307
https://whitehelmets.org/ HTTP 302
https://whitehelmets.org/en/ Page URL

Detected technologies

Braintree (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.braintreegateway\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

61
Requests

97 %
HTTPS

45 %
IPv6

16
Domains

24
Subdomains

23
IPs

4
Countries

932 kB
Transfer

2319 kB
Size

13
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://www.whitehelmets.org/en/
Title: The White Helmets

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.whitehelmets.org%2Fen%2F

Search URL Search Domain Scan URL

URL: https://www.twitter.com/intent/tweet?text=Give%20what%20you%20can%20to%20help%20save%20lives%20in%20Syria&url=https%3A%2F%2Fwww.whitehelmets.org%2Fen%2F

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/ar/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/de/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/fr/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/ru/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/es/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/tr/

Search URL Search Domain Scan URL

URL: https://www.whitehelmets.org/en/
Title: Sign up

Search URL Search Domain Scan URL

URL: https://www.netflix.com/gb/title/80101827
Title: <img class="" src="../assets/more/whitehelmets-ka-uk.png"> The White Helmets: an Oscar-winning Netflix documentary

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/movie/last-men-in-aleppo/id1229302767
Title: <img class="" src="../assets/more/last-men-in-aleppo-us-poster-for-web3.png"> Last Men in Aleppo A feature documentary following the efforts of the White Helmets of Aleppo. Winner of the Grand Jury Documentary prize at the Sundance Film Festival

Search URL Search Domain Scan URL

URL: https://www.cbsnews.com/news/60-minutes-volunteers-in-syria-white-helmets-scott-pelley/
Title: <img class="" src="../assets/more/c0ihmotuaaasqya.png"> Fighting for life in Syria’s vicious civil war: 60 Minutes - CBS

Search URL Search Domain Scan URL

URL: https://time.com/magazine/us/4520901/october-17th-2016-vol-188-no-15-u-s/
Title: <img class="" src="../assets/more/syria-cover.png"> White Helmets of Syria: TIME magazine

Search URL Search Domain Scan URL

URL: https://thesyriacampaign.org/privacy-policy/#cookies
Title: Find out more

Search URL Search Domain Scan URL

URL: https://www.thesyriacampaign.org/
Title: www.thesyriacampaign.org

Search URL Search Domain Scan URL

URL: https://thesyriacampaign.org/privacy-policy
Title: The Syria Campaign takes your privacy seriously in accordance with our privacy policy.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://whitehelmets.org/ HTTP 307
https://whitehelmets.org/ HTTP 302
https://whitehelmets.org/en/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56

https://assets.braintreegateway.com/data/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3 HTTP 302
https://ssl.kaptcha.com/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3

Request Chain 60

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14 HTTP 302
https://lhr.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14

61 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
whitehelmets.org/en/
Redirect Chain

http://whitehelmets.org/
https://whitehelmets.org/
https://whitehelmets.org/en/

55 KB
14 KB

98ms
97ms

Document
text/html

2600:9000:2761:da00:8:7be3:d680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:da00:8:7be3:d680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b64aa7004158b716150fb6683a1fe78049527b5cd163fd0bc76e28e91e176f3e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: max-age=60
content-encoding: gzip
content-type: text/html
date: Sun, 25 Aug 2024 09:20:08 GMT
etag: W/"33ff9ebfa7b4d183aba2f5253b4b1758"
last-modified: Wed, 03 Jul 2024 20:09:06 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 d60e84ebd0183f97f50eb1677fb4b7be.cloudfront.net (CloudFront)
x-amz-cf-id: oFgy197J6JHEAd3j40tbPvJaRU3oYNMxqAIXElFX1DCuizWM7zyuew==
x-amz-cf-pop: FRA60-P8
x-cache: RefreshHit from cloudfront

Redirect headers

age: 68125
content-length: 0
date: Sat, 24 Aug 2024 14:24:42 GMT
location: /en/
server: CloudFront
via: 1.1 d60e84ebd0183f97f50eb1677fb4b7be.cloudfront.net (CloudFront)
x-amz-cf-id: I0ctPvSaSlHySikO3d2hzP_hGJ6Rzj47eWCfuXBC91FVuMKbIBr--A==
x-amz-cf-pop: FRA60-P8
x-cache: Hit from cloudfront

GET
H2 200 Lekton-Regular.woff2
www.whitehelmets.org/assets/fonts/ 32 KB
32 KB 130ms
42ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/Lekton-Regular.woff2
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02b6d842cb508a3de65f692c3e2a5e450e272749e914dc12d2f4eafe736d4f35

Request headers

Referer: https://whitehelmets.org/
Origin: https://whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 ed63bc28ec03a429dffd93eedad2fd5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 32644
last-modified: Thu, 09 Nov 2017 11:19:41 GMT
server: cloudflare
etag: "2d8d9366bd9d0b3a59158b0446cc5c0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5248c8-LHR
x-amz-cf-id: gjOM_JquF0oeBWcHWlpGWw3TjKhhQTd2toE63arzti1R7WLqf7ug6Q==

GET
H2 200 Lekton-Bold.woff2
www.whitehelmets.org/assets/fonts/ 32 KB
33 KB 160ms
72ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/Lekton-Bold.woff2
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 326d4b529ca275d4d330a93f8dd4788f7669ced27d3f5098fb8d244511b43a95

Request headers

Referer: https://whitehelmets.org/
Origin: https://whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 9f5b4008febf8a5c5039fa9fa335a2cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 33072
last-modified: Thu, 09 Nov 2017 11:19:38 GMT
server: cloudflare
etag: "effc9114df9d6c6f24b411ea57f6a527"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5048c8-LHR
x-amz-cf-id: f9tRewvv8uSHUXxtfJm_rbX6PRXhTe6oo8o-oglZf6yXjWDVi7EeNw==

GET
H2 200 DINPro-Bold.woff2
www.whitehelmets.org/assets/fonts/ 33 KB
34 KB 131ms
43ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/DINPro-Bold.woff2
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbe15f3c5a6e997e123bdf13967cbac05a4b7aca624198dfa7bef35b57074e45

Request headers

Referer: https://whitehelmets.org/
Origin: https://whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 78e6b1fae5a212c4c9a5380a85716d3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 34100
last-modified: Thu, 09 Nov 2017 11:19:36 GMT
server: cloudflare
etag: "38f8f1fa5cec4a5a50b760f68e6fcae4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5648c8-LHR
x-amz-cf-id: yTi3CNBJWDQAG4DredLEfX1GyoVbWutj9cUKx1NFjVU1gh14VpphKQ==

GET
H2 200 main.css
www.whitehelmets.org/ 24 KB
6 KB 132ms
45ms Stylesheet
text/css 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/main.css?v=1720037342274
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e78015366cac5532bd0fea95b947e0572d216b8f4f520aefe3bb8da938b4baf

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
content-encoding: gzip
via: 1.1 e0f7b9809801dee6376c04a94d95b8f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
last-modified: Tue, 07 Feb 2023 11:47:44 GMT
server: cloudflare
x-amz-cf-pop: LHR50-P5
age: 4540215
etag: W/"7d70030bfdb88bb9c1fd4198e504cedf"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/css
cache-control: max-age=31536000
cf-ray: 8b8a811f98374188-LHR
x-amz-cf-id: 6iO9ds_Ymih0Johx1QVd_r5Z3G210znEAVrtS8L1K5AzIhIHqr29GA==

GET polyfill.min.js
polyfill.io/v2/ 0
0

GET
H2 200 main.js Show response
www.whitehelmets.org/ 20 KB
8 KB 136ms
49ms Script
application/javascript 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/main.js?v=1720037342274
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98a70a97ed84aba85cbe65b58debb3346659eecd46441e3ffe4bba58cc0ac9ab

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
content-encoding: gzip
via: 1.1 2eadda0e57cd7e495ec3550f05424d3e.cloudfront.net (CloudFront)
cf-cache-status: HIT
last-modified: Tue, 07 Feb 2023 11:47:44 GMT
server: cloudflare
x-amz-cf-pop: LHR50-P5
age: 4540026
etag: W/"9cb79515a319f4c03cdcf3ed645a5b28"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 8b8a811f98384188-LHR
x-amz-cf-id: tNNg8QChLG8s_uAX2t6WNrEfM_00-9NtS7i_YvJM3F4rq7yjmRnehQ==

GET
H3 200 / Show response
json.geoiplookup.io/ 579 B
852 B 418ms
364ms Script
application/javascript 172.67.134.82
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://json.geoiplookup.io/?callback=geoIPResult

Requested by

Host: whitehelmets.org
URL: https://whitehelmets.org/en/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.134.82 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Octolus

Resource Hash

080071468206e3339475dbfa0bfcdbffaf595327fd31e308c1df219cbb4e26eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Octolus
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
x-ratelimit-remaining: 10000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pl%2BwT5HW2DKsMC7%2F0P07oPXn4U5sVQfGCIfIjtvXWzM%2BOvFW597wMLVjY9wpVBqWiAKFEAAFPPcJdNURo8UAgS%2B5kSk6O5Ebir8Hp8Hv4vgfvF4XDhoikP9Lor4%2B5z5HTw0CeYkM"}],"group":"cf-nel","max_age":604800}
x-ratelimit-limit: 10000
cf-ray: 8b8a811f7a33bef3-LHR

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
959 B 146ms
55ms Script
text/javascript 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: whitehelmets.org
URL: https://whitehelmets.org/en/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

GSE /

Resource Hash

ee18fa1ada74c5d3261424bcc1c4f077510c31a06bee0ff6742f180ed14c57d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sun, 25 Aug 2024 09:20:07 GMT

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc05721f30773566af928190d44861a371001ff49aa9c0d5fbb8e89a29afa4cc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 peoples-million Show response
act.whitehelmets.org/act/ Frame AED4 91 KB
23 KB 1454ms
1436ms Document
text/html 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/act/peoples-million
Requested by: Host: www.whitehelmets.org
URL: https://www.whitehelmets.org/main.js?v=1720037342274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e90a8388005b02108fd8845425935ca2efde90e64af8e80fd004fc1d971ecea6

Request headers

Referer: https://whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8b8a812018ce4188-LHR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sun, 25 Aug 2024 09:20:09 GMT
server: cloudflare
vary: Accept-Encoding Cookie, origin

GET
H2 200 / Show response
act.whitehelmets.org/progress/ 170 B
237 B 905ms
888ms Script
text/javascript 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/progress/?page=peoples-million&callback=setDonorCount
Requested by: Host: www.whitehelmets.org
URL: https://www.whitehelmets.org/main.js?v=1720037342274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca37d81dc039561ca08b82962eca0fff25f8259016edbab8a2a34dc173dc80c2

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:08 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b8a812018d14188-LHR
vary: Cookie, origin
content-type: text/javascript

GET
H/1.1 200
OK 307091049
player.vimeo.com/video/ Frame F3EE 0
0 382ms
289ms Document
text/html 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/video/307091049?autoplay=1&loop=1&muted=1&title=0&byline=0&controls=0

Requested by

Host: www.whitehelmets.org
URL: https://www.whitehelmets.org/main.js?v=1720037342274

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'self' 'unsafe-inline' https://.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://.akamaized.net https://.akamaized-staging.net https://.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://.kollective.app https://.kollective.app:31015 https://.kollectivecd.com https://.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://.wirewax.com https://.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net; media-src 'self' blob: https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net https://.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

CF-Cache-Status: DYNAMIC
CF-Ray: 8b8a81209e97cda1-LHR
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 25 Aug 2024 09:20:08 GMT
Expires: Fri, 15 Dec 1985 19:30:00 GMT
Link: <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin, <https://i.vimeocdn.com>; rel=preconnect; crossorigin, <https://f.vimeocdn.com>; rel=preconnect; crossorigin
Server: cloudflare
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
Vary: Accept-Encoding
Via: 1.1 varnish
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline' https://*.vimeocdn.com 'unsafe-eval' resource: https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv; style-src 'self' 'unsafe-inline' https://*.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://edge-player5.wirewax.com; connect-src 'self' ws: wss: https://vimeo.com https://api.vimeo.com https://csi.gstatic.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://drm-gke.vhx.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.kollective.app https://*.kollective.app:31015 https://*.kollectivecd.com https://*.hivestreaming.com https://mimir.cloud.vimeo.com https://vimeo.magisto.com https://stage-proxy.vimeo.magisto.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; font-src data: https://edge-assets.wirewax.com https://branding.cdn.magisto.com https://fonts.gstatic.com https://player.vimeo.com; img-src 'self' data: https://player.vimeo.com https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://*.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://i.vimeocdn.com https://duysrfiajusdh.cloudfront.net https://d263mgllkjh2k2.cloudfront.net https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com android-webview-video-poster:; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com; frame-src 'self' https://*
x-backend-server: player-backend-edge-entry
x-bapp-server: player-backend-84f6c48b59-wrwk9
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-host: player-backend-84f6c48b59-wrwk9
x-player-backend: g
x-served-by: cache-lcy-eglc8600095-LCY
x-timer: S1724577608.792073,VS0,VE173
x-xss-protection: 1; mode=block

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 97ms
44ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: whitehelmets.org
URL: https://whitehelmets.org/en/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 25 Aug 2024 09:20:07 GMT
document-policy: force-load-at-top
x-fb-server-load: 35
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58912
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=23, mss=1232, tbw=4294, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: p/S8mY5wH7ZGf2Y/MpgDkUheybmQxDWSRCn77kTL6q2n4j9WVxqmzGc9QenDwoI7HIkJLXzwGDcu4KDF4tO1rg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 341 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0fa282024b452052041051426753ca5738cd9669023be8c9290209a01c1119e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 header.jpg
www.whitehelmets.org/assets/ 47 KB
47 KB 50ms
49ms Image
image/jpeg 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.whitehelmets.org/assets/header.jpg
Requested by: Host: www.whitehelmets.org
URL: https://www.whitehelmets.org/main.css?v=1720037342274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afc002a9fe8227f9c76d1dc06ff40356f147410ff85d4760ba45dab4f44a51d9

Request headers

Referer: https://www.whitehelmets.org/main.css?v=1720037342274
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 22513a5f32c464af3c0b3d4e3c135032.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 13790058
x-amz-cf-pop: LHR3-C1
x-cache: Hit from cloudfront
content-length: 47682
cf-bgj: h2pri
last-modified: Thu, 16 Nov 2017 16:53:02 GMT
server: cloudflare
etag: "a3b5911c619a854e25ce511a15fb83bf"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8b8a812008c04188-LHR
x-amz-cf-id: vP9TfuF_1CI4WbOFUXvrGXaoX6x9EJjajGRcwXJhqkDr0a0224vN9g==

GET
DATA 200
OK truncated
/ 223 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7480346d1e765abd82613c50c6929108bd72558ada4ba9eef20372b9fc088fd7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 play.svg
www.whitehelmets.org/assets/ 350 B
477 B 43ms
42ms Image
image/svg+xml 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.whitehelmets.org/assets/play.svg
Requested by: Host: www.whitehelmets.org
URL: https://www.whitehelmets.org/main.css?v=1720037342274
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4bf51408a1b665c4422ade935304665b3eda02962103681e5545f84201aeadf

Request headers

Referer: https://www.whitehelmets.org/main.css?v=1720037342274
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 5b66c49d121e11542e2a99a7bf794c2c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 13 Nov 2017 16:15:40 GMT
server: cloudflare
x-amz-cf-pop: LHR50-P5
age: 2132677
etag: W/"65b49d2f00a5284be5525f5b5fa4f5c9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=31536000
cf-ray: 8b8a812008c74188-LHR
x-amz-cf-id: Tew2JTbtN6MYEUSnT8FsV9ORYFwjyrDPUNW3hFyArodoAyg8ug6E4w==

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/ 538 KB
213 KB 140ms
42ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://whitehelmets.org/
Origin: https://whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 03:29:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21049
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217366
x-xss-protection: 0
last-modified: Mon, 19 Aug 2024 04:00:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Aug 2025 03:29:18 GMT

GET
H2 200 earthquake-large.jpg
www.whitehelmets.org/assets/sections/ 128 KB
129 KB 45ms
44ms Image
image/jpeg 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.whitehelmets.org/assets/sections/earthquake-large.jpg
Requested by: Host: whitehelmets.org
URL: https://whitehelmets.org/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05287a5383171779372727d2555093118013512b7dc0ea98c0565032c779af7e

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 3578a2fc7abb753f586c61e194c5489a.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 850701
x-amz-cf-pop: LHR50-P5
x-cache: Hit from cloudfront
content-length: 131216
cf-bgj: h2pri
last-modified: Tue, 07 Feb 2023 12:21:36 GMT
server: cloudflare
etag: "1323b159e375dfabc3e06a5c89c91f83"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8b8a812049154188-LHR
x-amz-cf-id: qPyhcqi-PllZw_pBHImzywaUJJ6LRssFFb_RHoH6oyeZoAw5lU_k4g==

GET
H3 200 802688627157563 Show response
connect.facebook.net/signals/config/ 62 KB
12 KB 121ms
121ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/802688627157563?v=2.9.165&r=stable&domain=whitehelmets.org&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

75703328f498926c77f25423a99250c3c2ad6bf44c9f53a6e6417ac8d93cac3b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 25 Aug 2024 09:20:07 GMT
document-policy: force-load-at-top
x-fb-server-load: 33
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=74, mss=1232, tbw=66900, tp=63, tpl=0, uplat=78, ullat=0
pragma: public
x-fb-debug: kcOZ0V3Ii8KJdYaWQsJUtHDSCB1FxunUAe6KUwxRaxakS7iUm+TqLlUBSbkBAi0o/W7+7QtzA39Xo3OOBohIbw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 127ms
41ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=802688627157563&ev=PageView&dl=https%3A%2F%2Fwhitehelmets.org%2Fen%2F&rl=&if=false&ts=1724577607970&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4126&fbp=fb.1.1724577607968.879437488151017575&ler=empty&cdl=API_unavailable&it=1724577607823&coo=false&rqm=GET

Requested by

Host: whitehelmets.org
URL: https://whitehelmets.org/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1297, tbw=2785, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 25 Aug 2024 09:20:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 302ms
216ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=802688627157563&ev=PageView&dl=https%3A%2F%2Fwhitehelmets.org%2Fen%2F&rl=&if=false&ts=1724577607970&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4126&fbp=fb.1.1724577607968.879437488151017575&ler=empty&cdl=API_unavailable&it=1724577607823&coo=false&rqm=FGET

Requested by

Host: whitehelmets.org
URL: https://whitehelmets.org/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sun, 25 Aug 2024 09:20:08 GMT
document-policy: force-load-at-top
x-fb-server-load: 40
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7407004425950694462", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1297, tbw=3103, tp=-1, tpl=-1, uplat=175, ullat=0
pragma: no-cache
x-fb-debug: i6uMExO4IxTvSt27OB4C9oED3YIYYNgwKpzXMlhrluLIDFymWzy1yLXz/CNu1NOcZ94y9gR0lPl6tzHbzM7oiQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7407004425950694462"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 19B3 0
0 143ms
62ms Document
text/html 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LetQiEUAAAAAC5mkK_YsHGJjLE7vxjMTIaNn3MA&co=aHR0cHM6Ly93aGl0ZWhlbG1ldHMub3JnOjQ0Mw..&hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=wkhxbae2v7dn

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-xdDOSZJFHWOq2jkXXV9L3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-xdDOSZJFHWOq2jkXXV9L3w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 09:20:08 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame 7CC9 0
0 59ms
57ms Document
text/html 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=i7X0JrnYWy9Y_5EYdoFM79kV&k=6LetQiEUAAAAAC5mkK_YsHGJjLE7vxjMTIaNn3MA

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sqRCSzzDrjSi1-3xh4TteQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-sqRCSzzDrjSi1-3xh4TteQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 25 Aug 2024 09:20:08 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 actionkit.css
act.whitehelmets.org/media/modern/ Frame AED4 73 KB
19 KB 475ms
472ms Stylesheet
text/css 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/media/modern/actionkit.css?1=22
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90b5d41015da1f3eb25868d6a4610020415c0c9145d5412d174719d3ab5515d1

Request headers

Referer: https://act.whitehelmets.org/act/peoples-million
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Aug 2024 17:59:17 GMT
server: cloudflare
etag: W/"66b26475-1251a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400
cf-ray: 8b8a81292b004188-LHR
expires: Fri, 09 Aug 2024 00:50:37 GMT

GET
H2 200 style.css
d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/ Frame AED4 0
355 B 141ms
42ms Stylesheet
text/css 2600:9000:206f:1400:e:9f27:c080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/style.css?cache=1619079484188
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1400:e:9f27:c080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-control: max-age=604800
date: Sun, 25 Aug 2024 06:56:59 GMT
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Thu, 24 Jan 2019 11:31:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 76030
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 0
x-amz-cf-id: x4dYJ7nbXrR7NBwcXoLEHeEuN4UmCkfNlc0ZPyZW6wSNe1H6jqOxUw==

GET
H2 200 whitehelmets.css
d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/ Frame AED4 8 KB
2 KB 143ms
44ms Stylesheet
text/css 2600:9000:206f:1400:e:9f27:c080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/whitehelmets.css?cache=1619079484188
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1400:e:9f27:c080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d207cfe4c46f2ef0a7a3918729441be01056b904a854038f468251cd62183eb4

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-control: max-age=604800
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
date: Sun, 25 Aug 2024 06:57:00 GMT
last-modified: Fri, 10 Apr 2020 09:12:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 8590
etag: W/"cfdd655a22f87772c2e91a856dbe4dea"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-id: hFep2303kTdi5Q-EEM029OPYpFBlKxPyetMNiwhpYchMcEgxjPWdbw==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.8.3/ Frame AED4 91 KB
33 KB 148ms
44ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:41:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146342
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33593
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 16:41:07 GMT

GET
H2 200 actionkit.js Show response
act.whitehelmets.org/resources/ Frame AED4 98 KB
36 KB 475ms
473ms Script
application/javascript 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/resources/actionkit.js
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f4034e5db3934bc5d6518144d91da903a92c440776bc8b3386c0faeb33b732e

Request headers

Referer: https://act.whitehelmets.org/act/peoples-million
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Aug 2024 17:59:17 GMT
server: cloudflare
etag: W/"66b26475-18896"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8b8a81292b034188-LHR
expires: Fri, 09 Aug 2024 09:48:47 GMT

GET
H2 200 client.min.js Show response
js.braintreegateway.com/web/3.69.0/js/ Frame AED4 41 KB
12 KB 169ms
56ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35EA) /

Resource Hash

0c7426dab3210a5bf3c4b4924bc678c0001f4765137ba482ac8fc07fb4f32001

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: b796d731fd85c
dc: ccg11-origin-www-1.paypal.com
content-length: 12581
last-modified: Fri, 10 Dec 2021 00:01:56 GMT
server: ECAcc (lhd/35EA)
traceparent: 00-0000000000000000000b796d731fd85c-3b5e59acbcce7bea-01
etag: W/"61b298f4-a4b4"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com

GET
H2 200 three-d-secure.min.js Show response
js.braintreegateway.com/web/3.69.0/js/ Frame AED4 58 KB
15 KB 147ms
34ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.69.0/js/three-d-secure.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35F4) /

Resource Hash

a68f878b0525f6d9ab5cad197a55bf60f8610e4bd0f9867dca3daaf25e99bdfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: 42c2fedc66f05
dc: ccg11-origin-www-1.paypal.com
content-length: 15539
last-modified: Fri, 10 Dec 2021 00:01:56 GMT
server: ECAcc (lhd/35F4)
traceparent: 00-000000000000000000042c2fedc66f05-b55b7f75523c4ba3-01
etag: W/"61b298f4-e92a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com

GET
H2 200 hosted-fields.min.js Show response
js.braintreegateway.com/web/3.69.0/js/ Frame AED4 61 KB
17 KB 144ms
32ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.69.0/js/hosted-fields.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/359A) /

Resource Hash

38e7c1f2b12b0503566f214cfcde7353ab180deab7a4ec39d539c0b4623bb761

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: cc5b2019c60f0
dc: ccg11-origin-www-1.paypal.com
content-length: 17329
last-modified: Fri, 10 Dec 2021 00:01:56 GMT
server: ECAcc (lhd/359A)
traceparent: 00-0000000000000000000cc5b2019c60f0-c842e83f1b70f820-01
etag: W/"61b298f4-f591"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com

GET
H2 200 data-collector.min.js Show response
js.braintreegateway.com/web/3.69.0/js/ Frame AED4 31 KB
10 KB 144ms
32ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.69.0/js/data-collector.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/3591) /

Resource Hash

2f3793dd173f59b85a16571e416ccf588b2034dded889a21b1a1251a1ada52b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: feab72cf77ae0
dc: ccg11-origin-www-1.paypal.com
content-length: 10532
last-modified: Fri, 10 Dec 2021 00:01:56 GMT
server: ECAcc (lhd/3591)
traceparent: 00-0000000000000000000feab72cf77ae0-9349d5f24b4e363e-01
etag: W/"61b298f4-7bae"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com

GET
H2 200 us-bank-account.min.js Show response
js.braintreegateway.com/web/3.69.0/js/ Frame AED4 24 KB
7 KB 145ms
33ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.69.0/js/us-bank-account.min.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/3588) /

Resource Hash

84b343633e2b0f92ed854df2f6c90c3b92c01f9e52f596e12abc4bbeec8afaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: HIT
paypal-debug-id: d77f0692db824
dc: ccg11-origin-www-1.paypal.com
content-length: 7193
last-modified: Fri, 10 Dec 2021 00:01:56 GMT
server: ECAcc (lhd/3588)
traceparent: 00-0000000000000000000d77f0692db824-38879fa58fad3a91-01
etag: W/"61b298f4-5e10"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com

GET
H2 200 ak_braintree_vzero.js Show response
act.whitehelmets.org/resources/ Frame AED4 16 KB
4 KB 479ms
479ms Script
application/javascript 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/resources/ak_braintree_vzero.js
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0e6490ff469608c304fd1b538dc48514df06c9938cb838a7839f61768aa5baf

Request headers

Referer: https://act.whitehelmets.org/act/peoples-million
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Aug 2024 17:59:17 GMT
server: cloudflare
etag: W/"66b26475-4065"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 8b8a81292b044188-LHR
expires: Fri, 09 Aug 2024 09:48:47 GMT

GET
H2 200 paypal-logo-1.svg
act.whitehelmets.org/media/modern/ Frame AED4 15 KB
6 KB 458ms
458ms Image
image/svg+xml 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://act.whitehelmets.org/media/modern/paypal-logo-1.svg
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7de5756f03a1c6def8c81d6c0efc4760f2380d25f1e87495b24d4d087394c2ae

Request headers

Referer: https://act.whitehelmets.org/act/peoples-million
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:09 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Tue, 06 Aug 2024 17:59:17 GMT
server: cloudflare
etag: W/"66b26475-3dc9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=86400
cf-ray: 8b8a81292b054188-LHR
expires: Sat, 10 Aug 2024 11:53:30 GMT

GET
H2 200 iframeResizer.contentWindow.min.js Show response
d3rta84bycnbpe.cloudfront.net/actionkit-embed/js/ Frame AED4 14 KB
6 KB 142ms
45ms Script
application/javascript 2600:9000:206f:1400:e:9f27:c080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/js/iframeResizer.contentWindow.min.js?cache=1619079484188
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1400:e:9f27:c080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e291e22c061178bfae4f5c46bbdbbc01f83d8e4695d2faddbbf0ddd1ac7d024f

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-control: max-age=604800
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
date: Sun, 25 Aug 2024 06:56:59 GMT
last-modified: Tue, 14 Nov 2017 12:53:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 11542
etag: W/"132819fe0a42dc0bbcca15633408a8f6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: OtI-H1Rp9sOkYpPs4OvtahWHYDTlu4bdWZG6lpaviHztgy8CSnwYUg==

GET
H2 200 peoples-million Show response
act.whitehelmets.org/context/ Frame AED4 13 KB
6 KB 476ms
475ms Script
text/javascript 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://act.whitehelmets.org/context/peoples-million?callback=actionkit.forms.onContextLoaded&form_name=act&required=email&required=country&required=first_name&required=last_name&required=privacy&required=state&required=zip&required=card_num&required=exp_date_month&required=exp_date_year&required=card_code&want_progress=1&r=0.7577025998632148&url=https%3A%2F%2Fact.whitehelmets.org%2Fact%2Fpeoples-million
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/resources/actionkit.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 056615ff9508a3f55400ea0b32ec5fd467bd2ab9f0df46463bfb3b900046f98c

Request headers

Referer: https://act.whitehelmets.org/act/peoples-million
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:10 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8b8a812c5e944188-LHR
vary: Accept-Encoding, Cookie, origin
content-type: text/javascript

GET
H2 200 Lekton-Bold.woff2
www.whitehelmets.org/assets/fonts/ Frame AED4 32 KB
0 0ms
0ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/Lekton-Bold.woff2
Requested by: Host: d3rta84bycnbpe.cloudfront.net
URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/whitehelmets.css?cache=1619079484188
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 326d4b529ca275d4d330a93f8dd4788f7669ced27d3f5098fb8d244511b43a95

Request headers

Referer: https://d3rta84bycnbpe.cloudfront.net/
Origin: https://act.whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 9f5b4008febf8a5c5039fa9fa335a2cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 33072
last-modified: Thu, 09 Nov 2017 11:19:38 GMT
server: cloudflare
etag: "effc9114df9d6c6f24b411ea57f6a527"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5048c8-LHR
x-amz-cf-id: f9tRewvv8uSHUXxtfJm_rbX6PRXhTe6oo8o-oglZf6yXjWDVi7EeNw==

GET
H2 200 Lekton-Regular.woff2
www.whitehelmets.org/assets/fonts/ Frame AED4 32 KB
0 0ms
0ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/Lekton-Regular.woff2
Requested by: Host: d3rta84bycnbpe.cloudfront.net
URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/whitehelmets.css?cache=1619079484188
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02b6d842cb508a3de65f692c3e2a5e450e272749e914dc12d2f4eafe736d4f35

Request headers

Referer: https://d3rta84bycnbpe.cloudfront.net/
Origin: https://act.whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 ed63bc28ec03a429dffd93eedad2fd5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 32644
last-modified: Thu, 09 Nov 2017 11:19:41 GMT
server: cloudflare
etag: "2d8d9366bd9d0b3a59158b0446cc5c0a"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5248c8-LHR
x-amz-cf-id: gjOM_JquF0oeBWcHWlpGWw3TjKhhQTd2toE63arzti1R7WLqf7ug6Q==

GET
H2 200 DINPro-Bold.woff2
www.whitehelmets.org/assets/fonts/ Frame AED4 33 KB
0 0ms
0ms Font
application/font-woff2 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/assets/fonts/DINPro-Bold.woff2
Requested by: Host: d3rta84bycnbpe.cloudfront.net
URL: https://d3rta84bycnbpe.cloudfront.net/actionkit-embed/css/whitehelmets.css?cache=1619079484188
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbe15f3c5a6e997e123bdf13967cbac05a4b7aca624198dfa7bef35b57074e45

Request headers

Referer: https://d3rta84bycnbpe.cloudfront.net/
Origin: https://act.whitehelmets.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:07 GMT
via: 1.1 78e6b1fae5a212c4c9a5380a85716d3a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: LHR50-P5
age: 344702
x-cache: Hit from cloudfront
content-length: 34100
last-modified: Thu, 09 Nov 2017 11:19:36 GMT
server: cloudflare
etag: "38f8f1fa5cec4a5a50b760f68e6fcae4"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 8b8a811f9c5648c8-LHR
x-amz-cf-id: yTi3CNBJWDQAG4DredLEfX1GyoVbWutj9cUKx1NFjVU1gh14VpphKQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame AED4 52 KB
21 KB 162ms
42ms Script
text/javascript 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 25 Aug 2024 09:15:05 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 304
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 25 Aug 2024 11:15:05 GMT

POST
H2 200 graphql Show response
payments.braintree-api.com/ Frame AED4 1 KB
1 KB 317ms
315ms XHR
application/json 13.248.139.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.248.139.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

c18669c763be993afe42365c135e54582a8ebb09ca57fb2941852960699f8351

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE3MjQ2NjQwMDgsImp0aSI6IjJmYjdlMWU3LTdiZDgtNGZlZi04NTgzLTRhMmNlZTllOWNkYiIsInN1YiI6InNjNDNidDRkdzd4N3o0anMiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6InNjNDNidDRkdzd4N3o0anMiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0IjpmYWxzZX0sInJpZ2h0cyI6WyJtYW5hZ2VfdmF1bHQiXSwic2NvcGUiOlsiQnJhaW50cmVlOlZhdWx0Il0sIm9wdGlvbnMiOnsibWVyY2hhbnRfYWNjb3VudF9pZCI6IlZvaWNlc1Byb2plY3RVU0FfaW5zdGFudCJ9fQ.fBVUn-iOcofQiIXKWzg1PLLKDEi4zNPzko8sRFEHx2JeH2S1TWujq0a309btLK0v4P7qA-Njpy9YdDWDmXcIsw
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Sun, 25 Aug 2024 09:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://act.whitehelmets.org
paypal-debug-id: 89625be9af894
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 974

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 145ms
47ms Preflight 13.248.139.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.248.139.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://act.whitehelmets.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://act.whitehelmets.org
access-control-max-age: 1800
date: Sun, 25 Aug 2024 09:20:09 GMT
paypal-debug-id: 4b5ef9663ff24
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 collect Show response
www.google-analytics.com/j/ Frame AED4 15 B
224 B 53ms
51ms XHR
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1812192493&t=pageview&_s=1&dl=https%3A%2F%2Fact.whitehelmets.org%2Fact%2Fpeoples-million&dr=https%3A%2F%2Fwhitehelmets.org%2F&ul=en-gb&de=UTF-8&dt=Syria%27s%20Heroes%20%7C%20The%20Syria%20Campaign&sd=24-bit&sr=1600x1200&vp=580x150&je=0&_u=IEBAAEABAAAAACAAI~&jid=280956070&gjid=607462065&cid=980136434.1724577610&tid=UA-59071525-1&_gid=560805785.1724577610&_r=1&_slc=1&z=1469563217

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a834fb91a24313169e52eb2cd45785c9fc4e04776e642be7639457bd1ab818dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 25 Aug 2024 09:20:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://act.whitehelmets.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame AED4 262 KB
93 KB 185ms
72ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HT0Y4GCX2Z&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d05ba54b0a051137477d163747857f9aca3dd0dac125c8069c2c0318c181dc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94383
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 25 Aug 2024 09:20:10 GMT

OPTIONS
H/1.1 200
OK sc43bt4dw7x7z4js
client-analytics.braintreegateway.com/ Frame 0
0 231ms
49ms Preflight 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://act.whitehelmets.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Sun, 25 Aug 2024 09:20:10 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK sc43bt4dw7x7z4js Show response
client-analytics.braintreegateway.com/ Frame AED4 0
355 B 47ms
46ms XHR
text/plain 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

Date: Sun, 25 Aug 2024 09:20:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK sc43bt4dw7x7z4js Show response
client-analytics.braintreegateway.com/ Frame AED4 0
355 B 49ms
48ms XHR
text/plain 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

Date: Sun, 25 Aug 2024 09:20:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK sc43bt4dw7x7z4js
client-analytics.braintreegateway.com/ Frame 0
0 223ms
44ms Preflight 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://act.whitehelmets.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Sun, 25 Aug 2024 09:20:10 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains

OPTIONS
H/1.1 200
OK sc43bt4dw7x7z4js
client-analytics.braintreegateway.com/ Frame 0
0 192ms
50ms Preflight 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://act.whitehelmets.org
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Sun, 25 Aug 2024 09:20:10 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK sc43bt4dw7x7z4js Show response
client-analytics.braintreegateway.com/ Frame AED4 0
355 B 48ms
47ms XHR
text/plain 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

Date: Sun, 25 Aug 2024 09:20:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame AED4 69 KB
23 KB 477ms
32ms Script
application/javascript 151.101.193.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/data-collector.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

ECAcc (dac/9C8E) /

Resource Hash

62a4e3fe56286026c23ae5891f4222bd9a455f393af54d88ba443eecba0e6600

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Mon, 26 Aug 2024 09:20:10 GMT
date: Sun, 25 Aug 2024 09:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
via: 1.1 varnish
age: 973977
x-cache: HIT
paypal-debug-id: 1ffa2b5375d6a
server-timing: content-encoding;desc="gzip",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 23384
x-served-by: cache-lcy-eglc8600081-LCY
last-modified: Wed, 14 Aug 2024 01:02:42 GMT
server: ECAcc (dac/9C8E)
traceparent: 00-00000000000000000001ffa2b5375d6a-63f9598853cf3e5a-01
x-timer: S1724577611.677158,VS0,VE1
etag: W/"66bc0232-112e9"
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate,max-age=86400
access-control-allow-credentials: false
access-control-max-age: 86400
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: x-csrf-token
x-cache-hits: 608062

GET
H2 200 hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.69.0/html/ Frame 14B4 0
0 136ms
29ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/hosted-fields.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: br
content-length: 31712
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Sun, 25 Aug 2024 09:20:10 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"6376426f-1ec25"
last-modified: Thu, 17 Nov 2022 14:17:19 GMT
paypal-debug-id: dd851db8c8c17
strict-transport-security: max-age=31557600
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000dd851db8c8c17-bd6835c91e52a740-01
vary: Accept-Encoding, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1979, 6
x-content-type-options: nosniff
x-served-by: cache-sjc1000087-SJC, cache-lcy-eglc8600086-LCY
x-timer: S1724577610.353684,VS0,VE0

GET
H2 200 hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.69.0/html/ Frame 82B0 0
0 133ms
133ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/hosted-fields.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: br
content-length: 31712
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Sun, 25 Aug 2024 09:20:10 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"6376426f-1ec25"
last-modified: Thu, 17 Nov 2022 14:17:19 GMT
paypal-debug-id: dd851db8c8c17
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000dd851db8c8c17-bd6835c91e52a740-01
vary: Accept-Encoding, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1979, 6
x-content-type-options: nosniff
x-served-by: cache-sjc1000087-SJC, cache-lcy-eglc8600086-LCY
x-timer: S1724577610.353684,VS0,VE0

GET
H2 200 hosted-fields-frame.min.html
assets.braintreegateway.com/web/3.69.0/html/ Frame 1F28 0
0 130ms
130ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.69.0/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/hosted-fields.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;
X-Content-Type-Options	nosniff

Request headers

Referer: https://act.whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public,max-age=3600
content-encoding: br
content-length: 31712
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Sun, 25 Aug 2024 09:20:10 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"6376426f-1ec25"
last-modified: Thu, 17 Nov 2022 14:17:19 GMT
paypal-debug-id: dd851db8c8c17
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
traceparent: 00-0000000000000000000dd851db8c8c17-bd6835c91e52a740-01
vary: Accept-Encoding, Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1979, 6
x-content-type-options: nosniff
x-served-by: cache-sjc1000087-SJC, cache-lcy-eglc8600086-LCY
x-timer: S1724577610.353684,VS0,VE0

GET
H/1.1

200
OK

logo.htm
ssl.kaptcha.com/ Frame 77EE
Redirect Chain

https://assets.braintreegateway.com/data/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3
https://ssl.kaptcha.com/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3

0
0

549ms
176ms

Document
text/html

35.81.31.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.kaptcha.com/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/data-collector.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.81.31.24 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-31-24.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://act.whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache no-store must-revalidate private
Content-Length: 41
Content-Type: text/html
Date: Sun, 25 Aug 2024 09:20:11 GMT
Expires: 0
Pragma: no-cache
X-Correlation-Id: dd840ab9-deb9-4609-a936-83ea16e17d14

Redirect headers

accept-ranges: bytes
cache-control: s-maxage=31536000, public, max-age=3600
content-length: 138
content-type: text/html
date: Sun, 25 Aug 2024 09:20:10 GMT
dc: ccg11-origin-www-1.paypal.com
location: https://ssl.kaptcha.com/logo.htm?m=null&s=187773082c38fb28d63ea8d0ab389ca3
paypal-debug-id: 7310d8907189f
strict-transport-security: max-age=31557600
traceparent: 00-00000000000000000007310d8907189f-848b90b214c390f2-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-sjc1000102-SJC, cache-lcy-eglc8600086-LCY
x-timer: S1724577610.353679,VS0,VE247

POST
H2 204 collect
region1.google-analytics.com/g/ Frame AED4 0
0 137ms
38ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-HT0Y4GCX2Z&gtm=45je48l0v9123194035za200&_p=1724577609948&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=0&ul=en-gb&sr=1600x1200&cid=980136434.1724577610&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=2&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fact.whitehelmets.org%2Fact%2Fpeoples-million&dr=https%3A%2F%2Fwhitehelmets.org%2F&dt=Syria%27s%20Heroes%20%7C%20The%20Syria%20Campaign&sid=1724577610&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=2613
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HT0Y4GCX2Z&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 25 Aug 2024 09:20:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://act.whitehelmets.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK sc43bt4dw7x7z4js Show response
client-analytics.braintreegateway.com/ Frame AED4 0
355 B 86ms
46ms XHR
text/plain 35.157.134.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://client-analytics.braintreegateway.com/sc43bt4dw7x7z4js

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.69.0/js/client.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.157.134.11 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-157-134-11.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

Date: Sun, 25 Aug 2024 09:20:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, HEAD, POST, OPTIONS
Access-Control-Allow-Origin: https://act.whitehelmets.org
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 i
c.paypal.com/v1/r/d/ Frame 7411 0
0 256ms
188ms Document
text/html 151.101.65.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.65.21 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://act.whitehelmets.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua, sec-ch-ua-mobile, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-platform, sec-ch-ua-platform-version, sec-ch-ua-arch, sec-ch-ua-wow64, sec-ch-ua-bitness, sec-ch-ua-model, sec-ch-ua-full
accept-ranges: none
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: 6e2ca60189aeb
date: Sun, 25 Aug 2024 09:20:10 GMT
origin-trial: A0A/uBW0ogQIica1KkPCeSOoHfvTATXdyRg8F/Ka8gjK4pCprEDwF3d3wTxNzSPn1ASb5ncpd46h7RQiSqGYpA8AAACMeyJvcmlnaW4iOiJodHRwczovL2MucGF5cGFsLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY5NTUxMzU5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
paypal-debug-id: 6e2ca60189aeb
server-timing: "traceparent;desc="00-00000000000000000006e2ca60189aeb-eeaa13a559e66a9a-01"";content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000006e2ca60189aeb-8ee84f5f821c55ff-01
vary: Accept-Encoding
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-content-type-options: nosniff
x-served-by: cache-lhr-egll1980074-LHR, cache-lcy-eglc8600025-LCY
x-timer: S1724577611.830616,VS0,VE159
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
lhr.stats.paypal.com/ Frame C212
Redirect Chain

https://b.stats.paypal.com/counter.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14
https://lhr.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14

42 B
299 B

107ms
33ms

Image
image/jpeg

34.147.177.40
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lhr.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14
Requested by: Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million
Protocol: HTTP/1.1
Server: 34.147.177.40 London, United Kingdom, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 40.177.147.34.bc.googleusercontent.com
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 25 Aug 2024 09:20:10 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://lhr.stats.paypal.com/counter2.cgi?i=127.0.0.1&p=1766390403b55a19d8e1766d0dad31bb&t=1724577610.216&a=14
Date: Sun, 25 Aug 2024 09:20:10 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame AED4 0
421 B 414ms
241ms Image
text/plain 2606:2800:233:ce53:4396:b914:64c2:638e
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=1766390403b55a19d8e1766d0dad31bb&s=BRAINTREE_SIGNIN

Requested by

Host: act.whitehelmets.org
URL: https://act.whitehelmets.org/act/peoples-million

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:ce53:4396:b914:64c2:638e , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lhd/35A6) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://act.whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:11 GMT
content-encoding: gzip
correlation-id: 5d353587e6f07
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: ECAcc (lhd/35A6)
traceparent: 00-00000000000000000005d353587e6f07-3067fe1a2cfe2c9f-01
vary: Accept-Encoding
paypal-debug-id: 5d353587e6f07
access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: traceparent;desc="00-00000000000000000005d353587e6f07-b2d1ac6ee2cb2a2c-01", content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 20

GET
H2 200 favicon-32x32.png
www.whitehelmets.org/ 2 KB
2 KB 45ms
45ms Other
image/png 2606:4700:10::6816:3e4b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.whitehelmets.org/favicon-32x32.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3e4b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2806aaa4f16a2c86db37abd6bea627c8b273d533f727cf12fd5bd917e4c7ee6d

Request headers

Referer: https://whitehelmets.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 25 Aug 2024 09:20:11 GMT
via: 1.1 8aa8f49930a2f48f6eda9fd64daa812e.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: GRU3-P5
age: 13777848
x-cache: Hit from cloudfront
content-length: 1544
last-modified: Thu, 09 Nov 2017 11:19:35 GMT
server: cloudflare
etag: "1509d53e780d52411e1fa5b7b99040e8"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 8b8a813609534188-LHR
x-amz-cf-id: F9iyQr_afGL4xvEXgQsIHfg63xsol9cZTQ5bYQPb2VJL8zuws1fH0g==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: polyfill.io
URL: https://polyfill.io/v2/polyfill.min.js?features=IntersectionObserver

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 03:22:09	Name: _GRECAPTCHA Value: 09AMAEUMCMEbRmQ0DvSpjTvgJEbETgEkMLewUYQCOSG0kyNFoWkOrnDVe8mEfD8s_Y1RHXmMEVtLQVS0hKK_bX4VA
.whitehelmets.org/	1970-01-21 01:12:33	Name: _fbp Value: fb.1.1724577607968.879437488151017575
.vimeo.com/	1970-01-21 07:48:33	Name: player Value: ""
.vimeo.com/	1970-01-21 08:38:57	Name: vuid Value: pl706283774.695618186
.vimeo.com/	1970-01-20 23:02:59	Name: __cf_bm Value: OWpzflYABlJsTFHDsfLs2i6ahVpD.RkbWL25svoZiSo-1724577608-1.0.1.1-CDIq3XXyPx6zHbzBNIHTB6N93die1maMi0uT0ih0lQikFgCyjxEalu1XkmSUw3Pc
.vimeo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: O2xxVOEpX2LRIJXWPE9D4DQC05YICP7gyT8Tf1h_ipM-1724577608676-0.0.1.1-604800000
.whitehelmets.org/	1970-01-21 08:38:57	Name: _ga Value: GA1.2.980136434.1724577610
.whitehelmets.org/	1970-01-20 23:04:24	Name: _gid Value: GA1.2.560805785.1724577610
.whitehelmets.org/	1970-01-20 23:02:57	Name: _gat Value: 1
.whitehelmets.org/	1970-01-21 08:38:57	Name: _ga_HT0Y4GCX2Z Value: GS1.2.1724577610.1.0.1724577610.0.0.0
.paypal.com/	1970-01-21 08:38:57	Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK Value: Eeipc0bxRyMB4uNGE58gPAHqifjgomZxMhwe3y6Zk9JGUQ6USfuDHLSRTsjUeicWdvfK3Ft1vemLRngT
.paypal.com/	1970-01-20 23:02:59	Name: l7_az Value: dcg01.phx
.paypal.com/	1970-01-21 08:38:57	Name: sc_f Value: Eb7Tq-0iN5FidZ3yeMwcaTt1Ws0ALsU__SemcS0PiwBl0fntzlnXM9yQ6xHObkQYipkBuGClmC_itW6DESEw5pZSd6J8UbsSmGCm7G

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://polyfill.io/v2/polyfill.min.js?features=IntersectionObserver Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
security	warning	URL: https://www.whitehelmets.org/main.js?v=1720037342274 Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://act.whitehelmets.org') does not match the recipient window's origin ('https://whitehelmets.org').
violation	error	URL: https://js.braintreegateway.com/web/3.69.0/js/data-collector.min.js Message: Permissions policy violation: accelerometer is not allowed in this document.
javascript	warning	URL: https://js.braintreegateway.com/web/3.69.0/js/data-collector.min.js Message: The devicemotion events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

act.whitehelmets.org
ajax.googleapis.com
assets.braintreegateway.com
b.stats.paypal.com
c.paypal.com
c6.paypal.com
client-analytics.braintreegateway.com
connect.facebook.net
d3rta84bycnbpe.cloudfront.net
js.braintreegateway.com
json.geoiplookup.io
lhr.stats.paypal.com
payments.braintree-api.com
player.vimeo.com
polyfill.io
region1.google-analytics.com
ssl.kaptcha.com
whitehelmets.org
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.whitehelmets.org
polyfill.io
13.248.139.42
142.250.186.132
151.101.193.21
151.101.194.133
151.101.65.21
157.240.253.1
162.159.138.60
172.67.134.82
192.229.221.25
2001:4860:4802:34::36
2600:9000:206f:1400:e:9f27:c080:93a1
2600:9000:2761:da00:8:7be3:d680:93a1
2606:2800:233:ce53:4396:b914:64c2:638e
2606:4700:10::6816:3e4b
2a00:1450:4001:800::200e
2a00:1450:4001:810::2008
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2003
2a03:2880:f177:185:face:b00c:0:25de
34.147.177.40
35.157.134.11
35.81.31.24
02b6d842cb508a3de65f692c3e2a5e450e272749e914dc12d2f4eafe736d4f35
05287a5383171779372727d2555093118013512b7dc0ea98c0565032c779af7e
056615ff9508a3f55400ea0b32ec5fd467bd2ab9f0df46463bfb3b900046f98c
080071468206e3339475dbfa0bfcdbffaf595327fd31e308c1df219cbb4e26eb
0c7426dab3210a5bf3c4b4924bc678c0001f4765137ba482ac8fc07fb4f32001
1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b
2806aaa4f16a2c86db37abd6bea627c8b273d533f727cf12fd5bd917e4c7ee6d
2f3793dd173f59b85a16571e416ccf588b2034dded889a21b1a1251a1ada52b8
2f4034e5db3934bc5d6518144d91da903a92c440776bc8b3386c0faeb33b732e
326d4b529ca275d4d330a93f8dd4788f7669ced27d3f5098fb8d244511b43a95
38e7c1f2b12b0503566f214cfcde7353ab180deab7a4ec39d539c0b4623bb761
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
62a4e3fe56286026c23ae5891f4222bd9a455f393af54d88ba443eecba0e6600
7480346d1e765abd82613c50c6929108bd72558ada4ba9eef20372b9fc088fd7
75703328f498926c77f25423a99250c3c2ad6bf44c9f53a6e6417ac8d93cac3b
7de5756f03a1c6def8c81d6c0efc4760f2380d25f1e87495b24d4d087394c2ae
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
84b343633e2b0f92ed854df2f6c90c3b92c01f9e52f596e12abc4bbeec8afaac
90b5d41015da1f3eb25868d6a4610020415c0c9145d5412d174719d3ab5515d1
98a70a97ed84aba85cbe65b58debb3346659eecd46441e3ffe4bba58cc0ac9ab
9e78015366cac5532bd0fea95b947e0572d216b8f4f520aefe3bb8da938b4baf
a68f878b0525f6d9ab5cad197a55bf60f8610e4bd0f9867dca3daaf25e99bdfb
a834fb91a24313169e52eb2cd45785c9fc4e04776e642be7639457bd1ab818dc
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
afc002a9fe8227f9c76d1dc06ff40356f147410ff85d4760ba45dab4f44a51d9
b0e6490ff469608c304fd1b538dc48514df06c9938cb838a7839f61768aa5baf
b64aa7004158b716150fb6683a1fe78049527b5cd163fd0bc76e28e91e176f3e
c0fa282024b452052041051426753ca5738cd9669023be8c9290209a01c1119e
c18669c763be993afe42365c135e54582a8ebb09ca57fb2941852960699f8351
ca37d81dc039561ca08b82962eca0fff25f8259016edbab8a2a34dc173dc80c2
d05ba54b0a051137477d163747857f9aca3dd0dac125c8069c2c0318c181dc47
d207cfe4c46f2ef0a7a3918729441be01056b904a854038f468251cd62183eb4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e291e22c061178bfae4f5c46bbdbbc01f83d8e4695d2faddbbf0ddd1ac7d024f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bf51408a1b665c4422ade935304665b3eda02962103681e5545f84201aeadf
e90a8388005b02108fd8845425935ca2efde90e64af8e80fd004fc1d971ecea6
ee18fa1ada74c5d3261424bcc1c4f077510c31a06bee0ff6742f180ed14c57d8
fbe15f3c5a6e997e123bdf13967cbac05a4b7aca624198dfa7bef35b57074e45
fc05721f30773566af928190d44861a371001ff49aa9c0d5fbb8e89a29afa4cc

whitehelmets.org Open in urlscan Pro 2600:9000:2761:da00:8:7be3:d680:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

61 Requests

97 %HTTPS

45 %IPv6

16 Domains

24 Subdomains

23 IPs

4 Countries

932 kBTransfer

2319 kBSize

13 Cookies

17 Outgoing links

Page URL History

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

whitehelmets.org Open in urlscan Pro
2600:9000:2761:da00:8:7be3:d680:93a1 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

97 %
HTTPS

45 %
IPv6

16
Domains

24
Subdomains

23
IPs

4
Countries

932 kB
Transfer

2319 kB
Size

13
Cookies

61 HTTP transactions
3 data transactions