www.thepetitionsite.com Open in urlscan Pro
38.99.122.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.thepetitionsite.com/takeaction/398/447/926/
Effective URL:
https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Submission: On September 07 via manual (September 7th 2022, 5:21:21 pm UTC) from US — Scanned from DE

Summary HTTP 90 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 24 IPs in 7 countries across 20 domains to perform 90 HTTP transactions. The main IP is 38.99.122.3, located in San Jose, United States and belongs to COGENT-174, US. The main domain is www.thepetitionsite.com. The Cisco Umbrella rank of the primary domain is 466211.
TLS certificate: Issued by R3 on July 2nd 2022. Valid for: 3 months.

This is the only time www.thepetitionsite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	38.99.122.3 38.99.122.3	174 (COGENT-174) (COGENT-174)
2	38.99.122.5 38.99.122.5	174 (COGENT-174) (COGENT-174)
2	34.117.117.118 34.117.117.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
3	38.99.122.172 38.99.122.172	174 (COGENT-174) (COGENT-174)
2 4	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
7	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1 6	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:470... 2a02:26f0:4700:196::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	199.232.136.157 199.232.136.157	54113 (FASTLY) (FASTLY)
2	54.226.8.81 54.226.8.81	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:27::... 2620:1ec:27::cafe:1389	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	158.69.52.117 158.69.52.117	16276 (OVH) (OVH)
3	20.120.65.166 20.120.65.166	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
90	24

29 38.99.122.3 (San Jose, United States)

ASN174 (COGENT-174, US)
PTR: lb2-38-99-122-3.care2.com

www.thepetitionsite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dingo.care2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 38.99.122.5 (San Jose, United States)

ASN174 (COGENT-174, US)
PTR: ip-38-99-122-5.care2.com

www.care2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.117.118 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.117.117.34.bc.googleusercontent.com

www.ccpmtrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 38.99.122.172 (San Jose, United States)

ASN174 (COGENT-174, US)
PTR: ip-38-99-122-172.care2.com

matomo.care2.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.11 (United States) 2 redirects

ASN20446 (STACKPATH-CDN, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:4700:196::1931 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.136.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.226.8.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-226-8-81.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1389 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.69.52.117 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: prd-usage-3.tjsint.net

usage.trackjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.120.65.166 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

l.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	care2.com dingo.care2.com — Cisco Umbrella Rank: 377227 www.care2.com — Cisco Umbrella Rank: 388932	2 MB
11	thepetitionsite.com www.thepetitionsite.com — Cisco Umbrella Rank: 466211	49 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 787 c.clarity.ms — Cisco Umbrella Rank: 1178 l.clarity.ms — Cisco Umbrella Rank: 6761	26 KB
7	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	282 KB
6	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 664 c.bing.com — Cisco Umbrella Rank: 408	24 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 94	40 KB
4	mouseflow.com 2 redirects cdn.mouseflow.com — Cisco Umbrella Rank: 9794	35 KB
3	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 993	21 KB
3	care2.us matomo.care2.us — Cisco Umbrella Rank: 559191	126 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 111	23 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 188 googleads.g.doubleclick.net — Cisco Umbrella Rank: 73	2 KB
2	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4933	11 KB
2	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 996	30 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 141	90 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 120	2 KB
2	ccpmtrk.com www.ccpmtrk.com — Cisco Umbrella Rank: 594579	36 KB
1	google.de www.google.de — Cisco Umbrella Rank: 3469 Failed	548 B
1	google.com www.google.com — Cisco Umbrella Rank: 19 Failed	548 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 159 Failed	16 KB
1	trackjs.com usage.trackjs.com — Cisco Umbrella Rank: 11302 Failed	229 B
90	20

	Domain	Requested by
18	dingo.care2.com	www.thepetitionsite.com dingo.care2.com
11	www.thepetitionsite.com	dingo.care2.com
7	connect.facebook.net	dingo.care2.com connect.facebook.net
5	bat.bing.com	dingo.care2.com bat.bing.com www.thepetitionsite.com
4	www.google-analytics.com	dingo.care2.com www.thepetitionsite.com
4	cdn.mouseflow.com	2 redirects www.thepetitionsite.com
3	l.clarity.ms	dingo.care2.com
3	s.pinimg.com	dingo.care2.com s.pinimg.com
3	matomo.care2.us	www.thepetitionsite.com matomo.care2.us
2	c.clarity.ms	1 redirects
2	www.facebook.com	dingo.care2.com connect.facebook.net
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	tags.srv.stackadapt.com	dingo.care2.com
2	static.ads-twitter.com	dingo.care2.com
2	www.googletagmanager.com	dingo.care2.com
2	fonts.googleapis.com	dingo.care2.com
2	www.ccpmtrk.com	www.thepetitionsite.com
2	www.care2.com	www.thepetitionsite.com
1	c.bing.com	1 redirects
1	googleads.g.doubleclick.net	www.googleadservices.com
1	www.google.de	www.thepetitionsite.com
1	www.google.com	www.thepetitionsite.com
1	www.googleadservices.com	www.googletagmanager.com
1	stats.g.doubleclick.net	dingo.care2.com
1	usage.trackjs.com
90	25

This site contains links to these domains. Also see Links.

Domain
www.care2.com
www.facebook.com
www.twitter.com
www.pinterest.com
www.linkedin.com
www.care2services.com

Subject Issuer	Validity	Valid
thepetitionsite.com R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
care2.com R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
ccpmtrk.com Starfield Secure Certificate Authority - G2	`2022-06-10` - `2023-07-12`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
care2.us R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-06-17` - `2022-09-15`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-09-03` - `2023-03-03`	6 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-08-08`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.trackjs.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-07-28` - `2023-08-11`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Frame ID: F79239EB48FAA64EB39D41C16EDB2938
Requests: 89 HTTP requests in this frame

Frame: https://www.facebook.com/v2.6/plugins/like.php?app_id=482659988595053&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a845aaf632fc4%26domain%3Dwww.thepetitionsite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.thepetitionsite.com%252Ff3bc8abc46b4ffc%26relation%3Dparent.parent&container_width=1000&href=http%3A%2F%2Fwww.facebook.com%2FCare2&layout=button_count&locale=de_DE&sdk=joey&share=false&show_faces=false
Frame ID: DA256EFCC11A70BE55119291CDAEE403
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Petition: PETITION TO AUDIT, EVALUATE, AND INVESTIGATE LOUDOUN COUNTY, VIRGINIA'S ELECTRONIC REAL ESTATE AND TAX ASSESSMENT DATABASE SYSTEMS – RESTORING CONFIDENCE IN TITLE DEEDS AND STATE GOVERNMENT LAND RECORDS, United States

Page URL History Show full URLs

https://www.thepetitionsite.com/takeaction/398/447/926/ Page URL
https://www.thepetitionsite.com/de-de/takeaction/398/447/926/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

Page Statistics

90
Requests

84 %
HTTPS

52 %
IPv6

20
Domains

25
Subdomains

24
IPs

7
Countries

2500 kB
Transfer

6470 kB
Size

27
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.care2.com/passport/login.html?pg=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F
Title: An_melden

Search URL Search Domain Scan URL

URL: https://www.care2.com/
Title: CARE2 Startseite

Search URL Search Domain Scan URL

URL: https://www.care2.com/aboutus/
Title: Über uns

Search URL Search Domain Scan URL

URL: https://www.care2.com/petition_feedback/398447926
Title: Tyrone Burnett

Search URL Search Domain Scan URL

URL: https://www.care2.com/privacy-policy
Title: Datenschutzpolitik

Search URL Search Domain Scan URL

URL: https://www.care2.com/help/general/tos.html
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: http://www.care2.com/newsletters
Title: E-Mail-Abonnements

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Care2

Search URL Search Domain Scan URL

URL: https://www.twitter.com/Care2

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/Care2

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/care2/

Search URL Search Domain Scan URL

URL: https://www.care2services.com/
Title: Partnerschaften

Search URL Search Domain Scan URL

URL: https://www.care2.com/aboutus/contactus.html
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.care2.com/help
Title: Hilfe

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.thepetitionsite.com/takeaction/398/447/926/ Page URL
https://www.thepetitionsite.com/de-de/takeaction/398/447/926/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js HTTP 301
https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js

Request Chain 52

https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js HTTP 301
https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js

Request Chain 82

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&RedC=c.clarity.ms&MXFR=246B188107EA64A0399B0A9903EA6AC6 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&MUID=0BC39E0F674E6B40134A8C1766C56A73

90 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.thepetitionsite.com/takeaction/398/447/926/ 45 KB
17 KB 593ms
228ms Document
text/html 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/takeaction/398/447/926/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

eb986ca3299b6a122159f7db29f04295ebaba7d2e329bfee83b64953284d3b9c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
content-type: text/html; charset=UTF-8
date: Wed, 07 Sep 2022 17:21:03 GMT
last-modified: Tue, 06 Sep 2022 19:30:47 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
vary: Accept-Encoding
x-cache: REVALIDATE from www.thepetitionsite.com
x-care2-haproxy-be: tps
x-care2-haproxy-host: xlb1
x-care2-haproxy-site: sjc1
x-care2-host: web5
x-care2-site: sjc1

GET
H2 200 sign.css
dingo.care2.com/assets/css/petitionsite/ 503 KB
72 KB 827ms
160ms Stylesheet
text/css 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 2c315ae2e202f36ac0d4a87ee2b6470ec4cfebc88bc79f92a556fb4d4ade8429

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:04 GMT
content-encoding: gzip
x-care2-host: web5
age: 24192
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Thu, 23 Jun 2022 22:04:27 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"7dd19-5e224a3240b6d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:37:52 GMT

GET
H2 200 viewed.php
www.care2.com/servlets/petitions/ 43 B
614 B 677ms
212ms Image
image/gif 38.99.122.5
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.care2.com/servlets/petitions/viewed.php

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.5 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

ip-38-99-122-5.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:04 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web2
content-type: image/gif
x-care2-site: sjc1
x-care2-haproxy-be: care2
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
content-length: 43
x-care2-haproxy-host: xlb3

GET
H2 200 398447-1661301140-wide.jpg
dingo.care2.com/pictures/petition_images/petition/926/ 48 KB
0 159ms
158ms Image
image/jpeg 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dingo.care2.com/pictures/petition_images/petition/926/398447-1661301140-wide.jpg
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
x-care2-host: web5
age: 51476
x-cache: HIT from dingo.care2.com
content-length: 64629
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Wed, 24 Aug 2022 00:32:17 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "fc75-5e6f1d0244a37"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 03:03:09 GMT

GET
H2 200 vendor.js Show response
dingo.care2.com/assets/js/petitionsite/ 71 KB
26 KB 501ms
160ms Script
application/javascript 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/js/petitionsite/vendor.js?1662489218
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 99362574b76fb5077d18e1ec1923f60a6fa377379c089e0fca4497a0d2b3a395

Request headers

Referer: https://www.thepetitionsite.com/
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:05 GMT
content-encoding: gzip
x-care2-host: web5
age: 23082
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 06 Sep 2022 18:33:38 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"11a23-5e8066f4dfa77"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:56:22 GMT

GET
H2 200 sign.js Show response
dingo.care2.com/assets/js/petitionsite/ 787 KB
243 KB 157ms
157ms Script
application/javascript 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: ac6605efd0c6d47ed37c02a6d3a764b1b155c0f01d8d4c4809cc36c507c8e27d

Request headers

Referer: https://www.thepetitionsite.com/
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:05 GMT
content-encoding: gzip
x-care2-host: web3
age: 24479
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 06 Sep 2022 18:33:38 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"c4a0c-5e8066f4c6c09"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:33:05 GMT

GET
H2 200 everflow.js Show response
www.ccpmtrk.com/scripts/sdk/ 58 KB
18 KB 211ms
114ms Script
text/javascript 34.117.117.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ccpmtrk.com/scripts/sdk/everflow.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.117.118 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 118.117.117.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: bb308a6598146ebc9dfb7d47e2f93c6df685295a7a1fe930114b8e1322e38f45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: e2d56c6d-899f-4087-8332-8c5de8da15ae
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1 KB 52ms
17ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:700

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76e7ae895eb5b3768cfdd771ab8c6d570a45d284f5cfe2bc969fef5844649131

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dingo.care2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 17:02:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 07 Sep 2022 17:21:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Sep 2022 17:21:06 GMT

GET
H2 200 matomo.js
matomo.care2.us/ 63 KB
63 KB 524ms
188ms Script
application/javascript 38.99.122.172
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.care2.us/matomo.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.172 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: ip-38-99-122-172.care2.com
Software: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
last-modified: Wed, 25 May 2022 01:28:26 GMT
server: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd
x-care2-host: matomo1
x-care2-haproxy-fe: fe_xindi_external
etag: "faed-5dfcbfd628280"
content-type: application/javascript
x-care2-site: iad1
x-care2-haproxy-be: matomo
accept-ranges: bytes
content-length: 64237

GET care2-logo-2018.svg
dingo.care2.com/assets/img/ 0
0

GET
H2 200 Poppins-Light.ttf
dingo.care2.com/assets/font/Poppins/ 156 KB
157 KB 318ms
317ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-Light.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
x-care2-host: web2
age: 8216
x-cache: HIT from dingo.care2.com
content-length: 159892
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "27094-5e38a43574649"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 15:04:10 GMT

GET
H2 200 Poppins-SemiBold.ttf
dingo.care2.com/assets/font/Poppins/ 152 KB
152 KB 160ms
159ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-SemiBold.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
x-care2-host: web3
age: 8216
x-cache: HIT from dingo.care2.com
content-length: 155232
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "25e60-5e38a43576589"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 15:04:10 GMT

GET
H2 200 care2-icons.woff
dingo.care2.com/assets/font/care2-icons-2020-09/ 13 KB
14 KB 316ms
315ms Font
application/x-font-woff 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/care2-icons-2020-09/care2-icons.woff
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
x-care2-host: web1
age: 17132
x-cache: HIT from dingo.care2.com
content-length: 13716
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Thu, 21 Apr 2022 21:41:37 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "3594-5dd30f98131cb"
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 12:35:33 GMT

GET
H2

200

38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js
cdn.mouseflow.com/projects/
Redirect Chain

https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js
https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js

61 KB
17 KB

13ms
12ms

Script
application/javascript

151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/takeaction/398/447/926/
Protocol: H2
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 16:05:02 GMT
server
etag: "08b4c4141c1d81:0"
x-hw: 1662571266.cds145.fr8.hn,1662571266.cds210.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 17692

Redirect headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 16:05:01 GMT
server
etag: W/"80f4b34041c1d81:0"
location: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js
x-hw: 1662571266.cds145.fr8.hn,1662571266.cds123.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-hw-loc: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js
content-length: 17692

POST
H2 200 user_login.php
www.thepetitionsite.com/servlets/ 2 KB
2 KB 224ms
222ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/user_login.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web2
vary: Accept-Encoding
content-type: application/json
cache-control: no-cache, must-revalidate
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fbevents.js
connect.facebook.net/en_US/ 100 KB
27 KB 234ms
16ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26737
x-xss-protection: 0
pragma: public
x-fb-debug: X5JWzyGKz2zu+YG8O+ZO1qW9GhteRe4uxW4Fa47q4zJ19rfE0A9Yf1P4CHnu5q2g/ONVN4AlG0HQWQnA6PY6Tg==
x-fb-trip-id: 720026100
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js
bat.bing.com/ 38 KB
12 KB 251ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 59561752B1604C91AD175036DCAE9B5E Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:06Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Wed, 07 Sep 2022 17:21:05 GMT
accept-ranges: bytes
content-length: 11367

GET
H2 200 analytics.js
www.google-analytics.com/ 49 KB
20 KB 229ms
11ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 308
date: Wed, 07 Sep 2022 17:15:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 07 Sep 2022 19:15:58 GMT

GET
H2 200 js
www.googletagmanager.com/gtag/ 114 KB
45 KB 232ms
26ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1064448610

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45977
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 16:47:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Sep 2022 17:21:06 GMT

GET
H2 200 core.js
s.pinimg.com/ct/ 1 KB
1 KB 345ms
129ms Script
application/javascript 2a02:26f0:4700:196::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:4700:196::1931 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "b06b4e6cb1f66b46eb000478658c5236"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 uwt.js
static.ads-twitter.com/ 56 KB
15 KB 223ms
14ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: MISS, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15317
x-served-by: cache-iad-kiad7000160-IAD, cache-hhn11582-HHN

GET
H/1.1 200
OK events.js
tags.srv.stackadapt.com/ 17 KB
6 KB 420ms
98ms Script
text/javascript 54.226.8.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.226.8.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-8-81.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Sep 2022 17:21:06 GMT
Content-Encoding: gzip
Cache-Control: max-age=5
Content-Length: 5403
Connection: keep-alive
Content-Type: text/javascript

GET care2-logo-2018-white.svg
dingo.care2.com/assets/img/ 0
0

GET
H2 200 Poppins-Regular.ttf
dingo.care2.com/assets/font/Poppins/ 155 KB
155 KB 217ms
215ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-Regular.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
x-care2-host: web1
age: 4444
x-cache: HIT from dingo.care2.com
content-length: 158240
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "26a20-5e38a435761a1"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 16:07:02 GMT

POST
H2 200 signatures.php
www.thepetitionsite.com/servlets/petitions/ 25 KB
4 KB 232ms
232ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/petitions/signatures.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web5
vary: Accept-Encoding
content-type: application/json
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1

POST
H2 200 get_social_counts.php
www.thepetitionsite.com/servlets/ 128 B
949 B 256ms
256ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/get_social_counts.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:06 GMT
content-encoding: gzip
x-care2-host: web3
access-control-max-age: 1000
x-care2-haproxy-host: xlb1
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.thepetitionsite.com
cache-control: no-cache, must-revalidate
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
access-control-allow-headers: Content-Type
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 sdk.js
connect.facebook.net/de_DE/ 3 KB
2 KB 14ms
12ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: BLidqXLE7jyV4hdmBjQ8uw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 2Oez4kNROynKJ4Eay6SBlKgugBBVDNLpusOlkJJGU3ExZzqfmnQ8TphFK8dJFHln9Bn9Bt4XqrVM2PPX/N876A==
x-fb-trip-id: 720026100
x-fb-content-md5: 130aa6688ef708b03c48b9e988849e5b
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:06 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "af24cfbcd3b90c5bfd7b2bb46d9e1418"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 07 Sep 2022 17:24:20 GMT

GET
H2 200 Primary Request / Show response
www.thepetitionsite.com/de-de/takeaction/398/447/926/ 47 KB
18 KB 302ms
302ms Document
text/html 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

ddabf98600b2f65fb08b35df1c2fd5e61397fc79b5ccbe62c2bbbf5e9829fc82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Referer: https://www.thepetitionsite.com/takeaction/398/447/926/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
content-type: text/html; charset=UTF-8
date: Wed, 07 Sep 2022 17:21:06 GMT
last-modified: Tue, 06 Sep 2022 19:30:47 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
vary: Accept-Encoding
x-cache: MISS from www.thepetitionsite.com
x-care2-haproxy-be: tps
x-care2-haproxy-host: xlb1
x-care2-haproxy-site: sjc1
x-care2-host: web3
x-care2-site: sjc1

GET usage.gif
usage.trackjs.com/ 0
0

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
447 B 70ms
20ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-41501525-1&cid=1552990750.1662571274&jid=514232753&gjid=638661115&_gid=254322425.1662571274&_u=IGBAgEABAAAAAE~&z=1366791123

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thepetitionsite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 07 Sep 2022 17:21:06 GMT
content-type: text/plain
access-control-allow-origin: https://www.thepetitionsite.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 25ms
8ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1161282605&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&ul=en-us&de=UTF-8&dt=petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS%2C%20United%20States&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IGBAgEAB~&jid=514232753&gjid=638661115&cid=1552990750.1662571274&tid=UA-41501525-1&_gid=254322425.1662571274&z=865321850

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 08:06:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33258
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET 137005710.js
bat.bing.com/p/action/ 0
0

GET
H2 204 0
bat.bing.com/action/ 0
175 B 35ms
35ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=137005710&Ver=2&mid=46b725ab-ec40-4b11-83e4-305970d5b1c8&sid=799b83f02ed111ed99016b564925ef75&vid=799bc9702ed111edb42a251e46559c95&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=petition%3A%20PETITION%20TO%20AUDIT,%20EVALUATE,%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY,%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS,%20United%20States&p=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&r=&lt=2908&evt=pageLoad&sv=1&rn=607563

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5615E65B889445AAA1B85878008BA330 Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:06Z
date: Wed, 07 Sep 2022 17:21:06 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 388957491260477
connect.facebook.net/signals/config/ 475 KB
0 14ms
14ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/388957491260477?v=2.9.79&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 143556
x-xss-protection: 0
pragma: public
x-fb-debug: tTqqcuJQ2ADPgMlKqt+fG/+DBhPxS4gBlDQL2eNizo83xU3PnSzJC8KeXxfsiD5PqL98eoaZyCHqPRS1865UrQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET main.55e552f9.js
s.pinimg.com/ct/lib/ 0
0

GET sdk.js
connect.facebook.net/de_DE/ 0
0

GET conversion_async.js
www.googleadservices.com/pagead/ 0
0

POST matomo.php
matomo.care2.us/ 0
0

GET ga-audiences
www.google.com/ads/ 0
0

GET ga-audiences
www.google.de/ads/ 0
0

POST 0
bat.bing.com/actionp/ 0
0

GET
H2 200 sign.css
dingo.care2.com/assets/css/petitionsite/ 503 KB
72 KB 245ms
245ms Stylesheet
text/css 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 2c315ae2e202f36ac0d4a87ee2b6470ec4cfebc88bc79f92a556fb4d4ade8429

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
content-encoding: gzip
x-care2-host: web5
age: 24194
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Thu, 23 Jun 2022 22:04:27 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"7dd19-5e224a3240b6d"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:37:52 GMT

GET
H2 200 viewed.php
www.care2.com/servlets/petitions/ 43 B
613 B 210ms
209ms Image
image/gif 38.99.122.5
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.care2.com/servlets/petitions/viewed.php

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.5 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

ip-38-99-122-5.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web1
content-type: image/gif
x-care2-site: sjc1
x-care2-haproxy-be: care2
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
content-length: 43
x-care2-haproxy-host: xlb3

GET
H2 200 398447-1661301140-wide.jpg
dingo.care2.com/pictures/petition_images/petition/926/ 63 KB
64 KB 648ms
648ms Image
image/jpeg 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dingo.care2.com/pictures/petition_images/petition/926/398447-1661301140-wide.jpg
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 884035843157549f5bee22c8f61c07b05802d474d20ff9b892407ddbccbc3981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
x-care2-host: web3
age: 65543
x-cache: HIT from dingo.care2.com
content-length: 64629
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Wed, 24 Aug 2022 00:32:17 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "fc75-5e6f1d0244a37"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Wed, 07 Sep 2022 23:08:44 GMT

GET
H2 200 vendor.js Show response
dingo.care2.com/assets/js/petitionsite/ 71 KB
26 KB 158ms
158ms Script
application/javascript 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/js/petitionsite/vendor.js?1662489218
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 99362574b76fb5077d18e1ec1923f60a6fa377379c089e0fca4497a0d2b3a395

Request headers

Referer: https://www.thepetitionsite.com/
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
content-encoding: gzip
x-care2-host: web3
age: 22969
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 06 Sep 2022 18:33:38 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"11a23-5e8066f4dfa77"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:58:18 GMT

GET
H2 200 sign.js Show response
dingo.care2.com/assets/js/petitionsite/ 787 KB
243 KB 157ms
157ms Script
application/javascript 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: ac6605efd0c6d47ed37c02a6d3a764b1b155c0f01d8d4c4809cc36c507c8e27d

Request headers

Referer: https://www.thepetitionsite.com/
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
content-encoding: gzip
x-care2-host: web5
age: 22969
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 06 Sep 2022 18:33:38 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"c4a0c-5e8066f4c6c09"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Thu, 08 Sep 2022 10:58:18 GMT

GET
H3 200 everflow.js Show response
www.ccpmtrk.com/scripts/sdk/ 58 KB
18 KB 139ms
116ms Script
text/javascript 34.117.117.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ccpmtrk.com/scripts/sdk/everflow.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.117.117.118 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 118.117.117.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: bb308a6598146ebc9dfb7d47e2f93c6df685295a7a1fe930114b8e1322e38f45

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:07 GMT
via: 1.1 google
server: nginx
vary: Origin
content-type: text/javascript
content-encoding: gzip
cache-control: max-age=14400
x-eflow-request-id: 2905d007-a57f-4c01-934d-ed01f31a5af0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 css
fonts.googleapis.com/ 2 KB
564 B 41ms
17ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:700

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

76e7ae895eb5b3768cfdd771ab8c6d570a45d284f5cfe2bc969fef5844649131

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dingo.care2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 17:10:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 07 Sep 2022 17:21:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 07 Sep 2022 17:21:08 GMT

GET
H2 200 matomo.js Show response
matomo.care2.us/ 63 KB
63 KB 194ms
193ms Script
application/javascript 38.99.122.172
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.care2.us/matomo.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.172 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: ip-38-99-122-172.care2.com
Software: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd /
Resource Hash: 5951438dd533bfc072aa250205ad3d618ac9add4b8f609a68d4608c7d3282434

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
last-modified: Wed, 25 May 2022 01:28:26 GMT
server: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd
x-care2-host: matomo1
x-care2-haproxy-fe: fe_xindi_external
etag: "faed-5dfcbfd628280"
content-type: application/javascript
x-care2-site: iad1
x-care2-haproxy-be: matomo
accept-ranges: bytes
content-length: 64237

GET
H2 200 care2-logo-2018.svg
dingo.care2.com/assets/img/ 7 KB
4 KB 723ms
723ms Image
image/svg+xml 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dingo.care2.com/assets/img/care2-logo-2018.svg
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 2a45935bc9cea6e64fab363642958a4c1327624d02c9f60d61b75b8bd4ea354c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
x-care2-host: web5
age: 77073
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 14 Apr 2020 23:20:25 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"1d1a-5a34871ce1286"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Wed, 07 Sep 2022 19:56:34 GMT

GET
H2 200 Poppins-Light.ttf
dingo.care2.com/assets/font/Poppins/ 156 KB
157 KB 166ms
165ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-Light.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 647f014d36822ef7e0413ffbb65598ae0cb57fb798e635c63912c93d94eb356a

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
x-care2-host: web3
age: 4373
x-cache: HIT from dingo.care2.com
content-length: 159892
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "27094-5e38a43574649"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 16:08:15 GMT

GET
H2 200 Poppins-SemiBold.ttf
dingo.care2.com/assets/font/Poppins/ 152 KB
152 KB 163ms
162ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-SemiBold.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
x-care2-host: web1
age: 4373
x-cache: HIT from dingo.care2.com
content-length: 155232
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "25e60-5e38a43576589"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 16:08:15 GMT

GET
H2 200 care2-icons.woff
dingo.care2.com/assets/font/care2-icons-2020-09/ 13 KB
14 KB 162ms
161ms Font
application/x-font-woff 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/care2-icons-2020-09/care2-icons.woff
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 4c555c077b6e95ca04b44ecb5ec7eb4d7bfc586cd3577384ef5b866224c59271

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
x-care2-host: web5
age: 65556
x-cache: HIT from dingo.care2.com
content-length: 13716
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Thu, 21 Apr 2022 21:41:37 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "3594-5dd30f98131cb"
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Wed, 07 Sep 2022 23:08:32 GMT

GET
H2

200

38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js Show response
cdn.mouseflow.com/projects/
Redirect Chain

https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js
https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js

61 KB
17 KB

11ms
11ms

Script
application/javascript

151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js
Requested by: Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
Protocol: H2
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: 94b3042cf86ac8b5767d1e5af1d03b9dbd48b1713da83c47040b7201259770db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 16:05:02 GMT
server
etag: "08b4c4141c1d81:0"
x-hw: 1662571268.cds145.fr8.hn,1662571268.cds210.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 17692

Redirect headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
last-modified: Mon, 05 Sep 2022 16:05:01 GMT
server
etag: W/"80f4b34041c1d81:0"
location: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8_eu.js
x-hw: 1662571268.cds145.fr8.hn,1662571268.cds123.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
x-hw-loc: https://cdn.mouseflow.com/projects/38fea81a-3db3-4aeb-b653-86bc55d9cff8.js
content-length: 17692

POST
H2 200 user_login.php Show response
www.thepetitionsite.com/servlets/ 2 KB
2 KB 227ms
226ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/user_login.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

2e40a41777c67d4033fc28c9ae8f84accce4f4085cb06887d7f760da4151101d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web3
vary: Accept-Encoding
content-type: application/json
cache-control: no-cache, must-revalidate
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
26 KB 15ms
14ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26737
x-xss-protection: 0
pragma: public
x-fb-debug: X5JWzyGKz2zu+YG8O+ZO1qW9GhteRe4uxW4Fa47q4zJ19rfE0A9Yf1P4CHnu5q2g/ONVN4AlG0HQWQnA6PY6Tg==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:08 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
11 KB 32ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EA304A93CD0242E1B1375538062A5882 Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:08Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Wed, 07 Sep 2022 17:21:07 GMT
accept-ranges: bytes
content-length: 11367

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 310
date: Wed, 07 Sep 2022 17:15:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 07 Sep 2022 19:15:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 41ms
23ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1064448610

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

35a438a95fc0b30971cfb321740de83b5b7c6d417cfa2e937f3e2abf123bed93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45975
x-xss-protection: 0
last-modified: Wed, 07 Sep 2022 16:47:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 07 Sep 2022 17:21:08 GMT

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 1 KB
1 KB 133ms
131ms Script
application/javascript 2a02:26f0:4700:196::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:4700:196::1931 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5afc363b68106631c9744da4953b7f123c67bb28f07e85c21e97d06c439a093a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
x-cdn: akamai
etag: "b06b4e6cb1f66b46eb000478658c5236"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=7200
accept-ranges: bytes
content-length: 1142
access-control-expose-headers: X-CDN

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 10ms
7ms Script
application/javascript 199.232.136.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
last-modified: Tue, 30 Aug 2022 15:04:19 GMT
etag: "d4de8398858246712016031c834bb061+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: MISS, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 15317
x-served-by: cache-iad-kiad7000160-IAD, cache-hhn11582-HHN

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
5 KB 101ms
99ms Script
text/javascript 54.226.8.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.226.8.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-226-8-81.compute-1.amazonaws.com
Software: /
Resource Hash: 15536f4db775e2ac2bea9367bccf26bf8585a885d78ef4b5f43b2298d0fd756d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 07 Sep 2022 17:21:08 GMT
Content-Encoding: gzip
Cache-Control: max-age=5
Content-Length: 5404
Connection: keep-alive
Content-Type: text/javascript

GET
H2 200 care2-logo-2018-white.svg
dingo.care2.com/assets/img/ 7 KB
4 KB 681ms
681ms Image
image/svg+xml 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dingo.care2.com/assets/img/care2-logo-2018-white.svg
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 3caa853646af7ff46f6f7097d691ed712e207fb9de4d7516f631712c6b0acaf6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
x-care2-host: web2
age: 77096
x-cache: HIT from dingo.care2.com
x-care2-haproxy-host: xlb1
last-modified: Tue, 14 Apr 2020 23:20:25 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-haproxy-site: sjc1
etag: W/"1d1a-5a34871ce1286"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
accept-ranges: bytes
expires: Wed, 07 Sep 2022 19:56:12 GMT

GET
H2 200 Poppins-Regular.ttf
dingo.care2.com/assets/font/Poppins/ 155 KB
155 KB 279ms
277ms Font
font/ttf 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://dingo.care2.com/assets/font/Poppins/Poppins-Regular.ttf
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a

Request headers

Referer: https://dingo.care2.com/assets/css/petitionsite/sign.css?1656021867
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
x-care2-host: web3
age: 473
x-cache: HIT from dingo.care2.com
content-length: 158240
x-care2-haproxy-host: xlb1
accept-ranges: bytes
last-modified: Mon, 11 Jul 2022 16:44:18 GMT
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
etag: "26a20-5e38a435761a1"
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
x-care2-site: sjc1
x-care2-haproxy-be: care2
x-care2-haproxy-site: sjc1
expires: Thu, 08 Sep 2022 17:13:15 GMT

POST
H2 200 signatures.php Show response
www.thepetitionsite.com/servlets/petitions/ 25 KB
4 KB 237ms
237ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/petitions/signatures.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

2c07daa50797379625808bc81f8b30c3b6aa50c3fa1387b608165b923ec7bae4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web2
vary: Accept-Encoding
content-type: application/json
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1

POST
H2 200 get_social_counts.php Show response
www.thepetitionsite.com/servlets/ 132 B
954 B 214ms
214ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/get_social_counts.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

e9f2124e6cdf502fbfc3c01493cf9507089e969c0b88fbe42d64abfa52f80507

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
x-care2-host: web1
access-control-max-age: 1000
x-care2-haproxy-host: xlb1
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.thepetitionsite.com
cache-control: no-cache, must-revalidate
x-care2-site: sjc1
x-care2-haproxy-be: tps
content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
x-care2-haproxy-site: sjc1
access-control-allow-headers: Content-Type
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 8ms
7ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1456839169&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&ul=en-us&de=UTF-8&dt=Petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS%2C%20United%20States&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=ACCAgEAB~&jid=&gjid=&cid=1552990750.1662571274&tid=UA-41501525-1&_gid=254322425.1662571274&z=2014747600

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 08:06:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 33260
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 388957491260477 Show response
connect.facebook.net/signals/config/ 475 KB
140 KB 13ms
13ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/388957491260477?v=2.9.79&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2b053f73e9bbf60ced9d57a5661263d07b407eb790a5341a16e4d432e2f41965

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 143556
x-xss-protection: 0
pragma: public
x-fb-debug: tTqqcuJQ2ADPgMlKqt+fG/+DBhPxS4gBlDQL2eNizo83xU3PnSzJC8KeXxfsiD5PqL98eoaZyCHqPRS1865UrQ==
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:08 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 137005710.js Show response
bat.bing.com/p/action/ 1 KB
873 B 125ms
125ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137005710.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

3ffe787c4b76607e333d7a75a851b071ada2cf0d3a8ee0edac24428aaac87a1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 48ADA45AE50D4BE3B01C483B34D3CC3B Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:08Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Wed, 07 Sep 2022 17:21:07 GMT
content-length: 668

GET
H2 204 0
bat.bing.com/action/ 0
121 B 35ms
34ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=137005710&Ver=2&mid=9c2569ad-168f-4a82-9a4f-4c6c03e907ec&sid=799b83f02ed111ed99016b564925ef75&vid=799bc9702ed111edb42a251e46559c95&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Petition%3A%20PETITION%20TO%20AUDIT,%20EVALUATE,%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY,%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS,%20United%20States&p=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&r=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&lt=1725&evt=pageLoad&sv=1&rn=837879

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14F15415CC3F4429B9D803D5C26F7C59 Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:08Z
date: Wed, 07 Sep 2022 17:21:07 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
16 KB 64ms
63ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1064448610

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15690
x-xss-protection: 0
server: cafe
etag: 13194339052015637803
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 07 Sep 2022 17:21:08 GMT

GET
H2 200 main.55e552f9.js Show response
s.pinimg.com/ct/lib/ 53 KB
18 KB 135ms
135ms Script
application/javascript 2a02:26f0:4700:196::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.55e552f9.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:4700:196::1931 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ecf5185587dc584318775956d242115534ec7d928758081c0f9a1e3f97992508

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: gzip
x-cdn: akamai
etag: "84c1602180f73853dc1e35f7296bdf7d"
vary: Accept-Encoding, Origin
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18601
access-control-expose-headers: X-CDN

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1064448610/ 3 KB
2 KB 243ms
26ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1064448610/?random=1662571275767&cv=9&fst=1662571275767&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8v0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&ref=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&tiba=Petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE&auid=2103605519.1662571274&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67a4cc0e3f7e4299b8f72e0a32cf04ee3df6f6c3d139aec0eaebec44cb2f6514

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1224
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 137005710 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 351ms
142ms Script
application/x-javascript 2620:1ec:27::cafe:1389
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/137005710
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/137005710.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1389 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: a3c326034ec8d53490f196eedccc1db1cdeab10f1e2a843cfc11a3676910724f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
x-powered-by: ASP.NET
x-azure-ref: 0BNMYYwAAAACUAdfNu3nbT4OLrDu63Q7GU1RPRURHRTE4MDcANmNmYmVlZTAtNTAyNy00ODRiLTg5NjctNGEyOWFmNzdmMWUx
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d
content-length: 1543
expires: -1

GET
H3 200 sdk.js Show response
connect.facebook.net/de_DE/ 3 KB
2 KB 13ms
13ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed89a657ac79363c78908130c7ea74b0e782292fd3556a7e8723c897f64098d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: BLidqXLE7jyV4hdmBjQ8uw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1686
x-fb-rlafr: 0
x-fb-debug: 2Oez4kNROynKJ4Eay6SBlKgugBBVDNLpusOlkJJGU3ExZzqfmnQ8TphFK8dJFHln9Bn9Bt4XqrVM2PPX/N876A==
x-fb-content-md5: 130aa6688ef708b03c48b9e988849e5b
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:08 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "af24cfbcd3b90c5bfd7b2bb46d9e1418"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 07 Sep 2022 17:24:20 GMT

POST
H2 200 petitions_seen.php Show response
www.thepetitionsite.com/servlets/petitions/ 0
535 B 240ms
240ms XHR
text/html 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thepetitionsite.com/servlets/petitions/petitions_seen.php

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),

Reverse DNS

lb2-38-99-122-3.care2.com

Software

Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

content-security-policy: frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web2
date: Wed, 07 Sep 2022 17:21:08 GMT
content-type: text/html; charset=UTF-8
x-care2-site: sjc1
x-care2-haproxy-be: tps
x-care2-haproxy-site: sjc1
content-length: 0
x-care2-haproxy-host: xlb1

POST
H2 200 optinInfo Show response
www.thepetitionsite.com/ws/optins/ 653 B
680 B 342ms
341ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thepetitionsite.com/ws/optins/optinInfo
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: d47e2935b6e37b2e136510f37bfc70e727caccf65fdf1a81013760a094deb6dc

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web3
vary: Accept-Encoding
content-type: application/json
x-care2-site: sjc1
x-care2-haproxy-be: wstps
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1

POST
H2 204 matomo.php
matomo.care2.us/ 0
301 B 320ms
318ms Ping
text/plain 38.99.122.172
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://matomo.care2.us/matomo.php?action_name=Petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS%2C%20United%20States&idsite=5&rec=1&r=528607&h=17&m=21&s=16&url=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&urlref=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&_id=e23fb2b2bb67dc01&_idn=0&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=In5d23&pf_net=0&pf_srv=302&pf_tfr=6&pf_dm1=1392
Requested by: Host: matomo.care2.us
URL: https://matomo.care2.us/matomo.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.172 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: ip-38-99-122-172.care2.com
Software: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd / PHP/8.1.7
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thepetitionsite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=utf-8

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
server: Apache/2.4.54 (FreeBSD) PHP/8.1.7 OpenSSL/1.1.1o-freebsd
x-care2-host: matomo1
x-care2-haproxy-fe: fe_xindi_external
x-powered-by: PHP/8.1.7
access-control-allow-origin: https://www.thepetitionsite.com
access-control-allow-credentials: true
x-care2-haproxy-be: matomo
x-care2-site: iad1

GET
H2 200 /
www.google.com/pagead/1p-user-list/1064448610/ 42 B
548 B 22ms
21ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1064448610/?random=1662571275767&cv=9&fst=1662570000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&ref=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&tiba=Petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE&async=1&fmt=3&is_vtc=1&random=1249498199&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 17:21:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1064448610/ 42 B
548 B 23ms
22ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1064448610/?random=1662571275767&cv=9&fst=1662570000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa8v0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&ref=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&tiba=Petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE&async=1&fmt=3&is_vtc=1&random=1249498199&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.thepetitionsite.com
URL: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 17:21:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/de_DE/ 299 KB
85 KB 14ms
13ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/de_DE/sdk.js?hash=c28a96bee7da3626b357961e69a1f690

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6ec1df0320caf271bbb8cdbebdc6d03578bb864efb6bb058927822ac92a11927

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.thepetitionsite.com/
Origin: https://www.thepetitionsite.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: vFIhqqNIRFAM1/xrFbVpmA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 86758
x-fb-rlafr: 0
x-fb-debug: 1CG2Rapc6b6fOe7iOhJpy/Ik1qBjaJRR0PhGHRcZ62PcIKuRa5w8kGC1izLpiBa6rgPU9vYnquoD3m1+48nzcA==
x-fb-content-md5: 9cfd9addd5c44181f0887ec81216e01d
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 07 Sep 2022 17:21:08 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "fda79817575e2fe7b59611d54c14b27b"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 07 Sep 2023 16:36:38 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.40/ 54 KB
23 KB 140ms
140ms Script
application/javascript 2620:1ec:27::cafe:1389
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.40/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/137005710
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1389 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date: Wed, 07 Sep 2022 17:21:08 GMT
content-encoding: br
etag: "1d8bd4806fdad30"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 0BNMYYwAAAABaAkaaDujNQ6KVSEz7nnibU1RPRURHRTE4MDcANmNmYmVlZTAtNTAyNy00ODRiLTg5NjctNGEyOWFmNzdmMWUx
accept-ranges: bytes
content-length: 23442
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 132ms
110ms Fetch
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=482659988595053&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.thepetitionsite.com%2Fde-de%2Ftakeaction%2F398%2F447%2F926%2F&sdk=joey&wants_cookie_data=true

Requested by

Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: oyDRAR1T2vLeV1X3Oql5kP0bupMTPSQMATc17ymoil2nARbPQug7C6CIlSB32RFKLDtW7aXUX08CdU5Q4JC+zQ==
fb-s: unknown
date: Wed, 07 Sep 2022 17:21:09 GMT
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.thepetitionsite.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&RedC=c.clarity.ms&MXFR=246B188107EA64A0399B0A9903EA6AC6
https://c.clarity.ms/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&MUID=0BC39E0F674E6B40134A8C1766C56A73

42 B
367 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&MUID=0BC39E0F674E6B40134A8C1766C56A73
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 07 Sep 2022 17:21:08 GMT
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "de363c295b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 07 Sep 2022 17:21:08 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2376339B3C62404780274CBC830C5927 Ref B: FRA31EDGE0222 Ref C: 2022-09-07T17:21:09Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=B3CB7591ABB944ACBFC2DB0259882B21&MUID=0BC39E0F674E6B40134A8C1766C56A73
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 like.php Show response
www.facebook.com/v2.6/plugins/ Frame DA25 0
23 B 115ms
104ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.6/plugins/like.php?app_id=482659988595053&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a845aaf632fc4%26domain%3Dwww.thepetitionsite.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.thepetitionsite.com%252Ff3bc8abc46b4ffc%26relation%3Dparent.parent&container_width=1000&href=http%3A%2F%2Fwww.facebook.com%2FCare2&layout=button_count&locale=de_DE&sdk=joey&share=false&show_faces=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=c28a96bee7da3626b357961e69a1f690

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thepetitionsite.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html;charset=utf-8
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 07 Sep 2022 17:21:09 GMT
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-content-type-options: nosniff
x-fb-debug: qu1YBYn/w2Hvd0P9bn9JmlfFJMrb5UU+VC/fpIb+I6lDIRypBk4Rqoa4wEFxHcPzm2yebrynrWUz9I+ouG5HUw==
x-xss-protection: 0

GET
H/1.1 200
OK usage.gif
usage.trackjs.com/ 43 B
229 B 97ms
96ms Image
image/gif 158.69.52.117
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usage.trackjs.com/usage.gif?token=4a9bb5467d9b475fb055de8365a94001&correlationId=efa2d029-79e9-4311-8866-22d1120e9b9d&application=petitionsite-prod&x=c0682adf-ade8-47bc-b3b4-90da71fdee23&
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 158.69.52.117 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: prd-usage-3.tjsint.net
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thepetitionsite.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date: Wed, 07 Sep 2022 17:21:09 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 optinServed Show response
www.thepetitionsite.com/ws/optins/ 20 B
319 B 215ms
214ms XHR
application/json 38.99.122.3
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thepetitionsite.com/ws/optins/optinServed
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 38.99.122.3 San Jose, United States, ASN174 (COGENT-174, US),
Reverse DNS: lb2-38-99-122-3.care2.com
Software: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 /
Resource Hash: 912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Request headers

Accept: */*
Referer: https://www.thepetitionsite.com/de-de/takeaction/398/447/926/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 07 Sep 2022 17:21:09 GMT
content-encoding: gzip
server: Apache/2.4.41 (IUS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3
x-care2-host: web5
vary: Accept-Encoding
content-type: application/json
x-care2-site: sjc1
x-care2-haproxy-be: wstps
x-care2-haproxy-site: sjc1
x-care2-haproxy-host: xlb1

POST
H2 204 collect Show response
l.clarity.ms/ 0
180 B 465ms
94ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.thepetitionsite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://www.thepetitionsite.com
date: Wed, 07 Sep 2022 17:21:09 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H2 204 collect Show response
l.clarity.ms/ 0
25 B 466ms
283ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.thepetitionsite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://www.thepetitionsite.com
date: Wed, 07 Sep 2022 17:21:09 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H2 204 collect Show response
l.clarity.ms/ 0
48 B 93ms
92ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: dingo.care2.com
URL: https://dingo.care2.com/assets/js/petitionsite/sign.js?1662489218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.thepetitionsite.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin: https://www.thepetitionsite.com
date: Wed, 07 Sep 2022 17:21:11 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dingo.care2.com
URL: https://dingo.care2.com/assets/img/care2-logo-2018.svg

Domain: dingo.care2.com
URL: https://dingo.care2.com/assets/img/care2-logo-2018-white.svg

Domain: usage.trackjs.com
URL: https://usage.trackjs.com/usage.gif?token=4a9bb5467d9b475fb055de8365a94001&correlationId=58b6ed3f-910d-4cc2-8fb0-3438993395fc&application=petitionsite-prod&x=f1171228-fb87-43c1-83f2-5b12aab66ae7&

Domain: bat.bing.com
URL: https://bat.bing.com/p/action/137005710.js

Domain: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.55e552f9.js

Domain: connect.facebook.net
URL: https://connect.facebook.net/de_DE/sdk.js?hash=c28a96bee7da3626b357961e69a1f690

Domain: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Domain: matomo.care2.us
URL: https://matomo.care2.us/matomo.php?action_name=petition%3A%20PETITION%20TO%20AUDIT%2C%20EVALUATE%2C%20AND%20INVESTIGATE%20LOUDOUN%20COUNTY%2C%20VIRGINIA%27S%20ELECTRONIC%20REAL%20ESTATE%20AND%20TAX%20ASSESSMENT%20DATABASE%20SYSTEMS%20%E2%80%93%20RESTORING%20CONFIDENCE%20IN%20TITLE%20DEEDS%20AND%20STATE%20GOVERNMENT%20LAND%20RECORDS%2C%20United%20States&idsite=5&rec=1&r=828128&h=17&m=21&s=14&url=https%3A%2F%2Fwww.thepetitionsite.com%2Ftakeaction%2F398%2F447%2F926%2F&_id=e23fb2b2bb67dc01&_idn=1&_refts=0&send_image=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1600x1200&pv_id=2TefwS&pf_net=365&pf_srv=228&pf_tfr=159&pf_dm1=2311&pf_dm2=301

Domain: www.google.com
URL: https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41501525-1&cid=1552990750.1662571274&jid=514232753&_u=IGBAgEABAAAAAE~&z=1313066610

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-41501525-1&cid=1552990750.1662571274&jid=514232753&_u=IGBAgEABAAAAAE~&z=1313066610

Domain: bat.bing.com
URL: https://bat.bing.com/actionp/0?ti=137005710&Ver=2&mid=46b725ab-ec40-4b11-83e4-305970d5b1c8&sid=799b83f02ed111ed99016b564925ef75&vid=799bc9702ed111edb42a251e46559c95&vids=1&msclkid=N&evt=pageHide

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

27 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.thepetitionsite.com/de-de/takeaction/398/447/926	1969-12-31 23:59:59	Name: swimlane Value: 41
www.thepetitionsite.com/takeaction/398/447/926	1969-12-31 23:59:59	Name: swimlane Value: 271
www.thepetitionsite.com/	1969-12-31 23:59:59	Name: c2_user_state Value: bf99bd3827d7878c006f48df9e6ac996%3A0
.thepetitionsite.com/	1969-12-31 23:59:59	Name: c2_user_state Value: bf99bd3827d7878c006f48df9e6ac996%3A0
.bing.com/	1970-01-20 15:11:07	Name: MUID Value: 0BC39E0F674E6B40134A8C1766C56A73
tags.srv.stackadapt.com/	1970-01-20 14:35:07	Name: sa-user-id Value: s%3A0-86ca1fe4-7fe5-47b0-6775-56689bb482bb.BbprQ5rnZ9wSQMWT7kBO53EoAB0UpJ56qzB59WK5kX0
.srv.stackadapt.com/	1970-01-20 14:35:07	Name: sa-user-id-v2 Value: s%3Ahsof5H_lR7BndVZom7SCu1FfBSo.H092tbG4pi01G7DvwdIPfGRPv5et51D%2FutPY6MSmZ0s
.thepetitionsite.com/	1970-01-20 15:25:31	Name: _ga Value: GA1.2.1552990750.1662571274
.thepetitionsite.com/	1970-01-20 05:50:57	Name: _gid Value: GA1.2.254322425.1662571274
.thepetitionsite.com/	1970-01-20 05:49:31	Name: _gat Value: 1
.thepetitionsite.com/	1970-01-20 07:59:07	Name: _gcl_au Value: 1.1.2103605519.1662571274
www.thepetitionsite.com/	1970-01-20 15:15:26	Name: _pk_id.5.cf13 Value: e23fb2b2bb67dc01.1662571274.
www.thepetitionsite.com/	1970-01-20 05:49:33	Name: _pk_ses.5.cf13 Value: 1
www.thepetitionsite.com/	1970-01-20 14:35:07	Name: sa-user-id Value: s%253A0-86ca1fe4-7fe5-47b0-6775-56689bb482bb.BbprQ5rnZ9wSQMWT7kBO53EoAB0UpJ56qzB59WK5kX0
www.thepetitionsite.com/	1970-01-20 14:35:07	Name: sa-user-id-v2 Value: s%253A0-86ca1fe4-7fe5-47b0-6775-56689bb482bb%2524ip%252481.95.5.42.sABH3lZgrNT5%252BpPB3Tn%252B8pINpw5ZWHmJKcazI8Rz3Pg
www.thepetitionsite.com/	1969-12-31 23:59:59	Name: c2_session Value: {%22sessionID%22:%2283395ac7-ee9e-4ab0-9566-2f08bd306c68%22%2C%22sessionSequence%22:2%2C%22sessionTimestamp%22:1662571273}
.thepetitionsite.com/	1970-01-20 05:50:57	Name: _uetsid Value: 799b83f02ed111ed99016b564925ef75
.thepetitionsite.com/	1970-01-20 15:11:07	Name: _uetvid Value: 799bc9702ed111edb42a251e46559c95
www.thepetitionsite.com/	1970-01-20 05:50:57	Name: C2_CNOTICE Value: 1
.doubleclick.net/	1970-01-20 05:49:32	Name: test_cookie Value: CheckForPermission
www.clarity.ms/	1970-01-20 14:35:07	Name: CLID Value: e8aae7abe7fd449ca6265527e4a9d105.20220907.20230907
.thepetitionsite.com/	1970-01-20 14:35:07	Name: _clck Value: e1xkqe\|1\|f4o\|0
.c.bing.com/	1970-01-20 15:11:07	Name: SRM_B Value: 0BC39E0F674E6B40134A8C1766C56A73
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:11:07	Name: MUID Value: 0BC39E0F674E6B40134A8C1766C56A73
.c.clarity.ms/	1970-01-20 05:49:31	Name: ANONCHK Value: 0
.thepetitionsite.com/	1970-01-20 05:50:57	Name: _clsk Value: yu1yu\|1662571276878\|1\|1\|l.clarity.ms/collect

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
c.bing.com
c.clarity.ms
cdn.mouseflow.com
connect.facebook.net
dingo.care2.com
fonts.googleapis.com
googleads.g.doubleclick.net
l.clarity.ms
matomo.care2.us
s.pinimg.com
static.ads-twitter.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
usage.trackjs.com
www.care2.com
www.ccpmtrk.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.thepetitionsite.com
bat.bing.com
connect.facebook.net
dingo.care2.com
matomo.care2.us
s.pinimg.com
usage.trackjs.com
www.google.com
www.google.de
www.googleadservices.com
142.250.185.162
151.139.128.11
158.69.52.117
199.232.136.157
20.120.65.166
20.234.93.27
2620:1ec:27::cafe:1389
2620:1ec:c11::200
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2004
2a00:1450:4001:813::2003
2a00:1450:4001:813::200a
2a00:1450:4001:828::2008
2a00:1450:4001:82a::200e
2a00:1450:400c:c00::9c
2a02:26f0:4700:196::1931
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f11c:8083:face:b00c:0:25de
34.117.117.118
38.99.122.172
38.99.122.3
38.99.122.5
54.226.8.81
15536f4db775e2ac2bea9367bccf26bf8585a885d78ef4b5f43b2298d0fd756d
248c0244b350ec68880996aa6be6d7796274b49992d5fcbbefe251906aa4ea36
2a45935bc9cea6e64fab363642958a4c1327624d02c9f60d61b75b8bd4ea354c
2b053f73e9bbf60ced9d57a5661263d07b407eb790a5341a16e4d432e2f41965
2c07daa50797379625808bc81f8b30c3b6aa50c3fa1387b608165b923ec7bae4
2c315ae2e202f36ac0d4a87ee2b6470ec4cfebc88bc79f92a556fb4d4ade8429
2e40a41777c67d4033fc28c9ae8f84accce4f4085cb06887d7f760da4151101d
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
35a438a95fc0b30971cfb321740de83b5b7c6d417cfa2e937f3e2abf123bed93
3caa853646af7ff46f6f7097d691ed712e207fb9de4d7516f631712c6b0acaf6
3ffe787c4b76607e333d7a75a851b071ada2cf0d3a8ee0edac24428aaac87a1a
41b758f84ab2dd5da6f7ba488813d17410ebb48bc2074d304c26d63c5ece003d
4c555c077b6e95ca04b44ecb5ec7eb4d7bfc586cd3577384ef5b866224c59271
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5951438dd533bfc072aa250205ad3d618ac9add4b8f609a68d4608c7d3282434
5ae95e748ad12444cd760e245c02264cea3e8deb41fabd95f1e0784b81f72783
5afc363b68106631c9744da4953b7f123c67bb28f07e85c21e97d06c439a093a
647f014d36822ef7e0413ffbb65598ae0cb57fb798e635c63912c93d94eb356a
67a4cc0e3f7e4299b8f72e0a32cf04ee3df6f6c3d139aec0eaebec44cb2f6514
6ec1df0320caf271bbb8cdbebdc6d03578bb864efb6bb058927822ac92a11927
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
76e7ae895eb5b3768cfdd771ab8c6d570a45d284f5cfe2bc969fef5844649131
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
884035843157549f5bee22c8f61c07b05802d474d20ff9b892407ddbccbc3981
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
94b3042cf86ac8b5767d1e5af1d03b9dbd48b1713da83c47040b7201259770db
99362574b76fb5077d18e1ec1923f60a6fa377379c089e0fca4497a0d2b3a395
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3c326034ec8d53490f196eedccc1db1cdeab10f1e2a843cfc11a3676910724f
ac6605efd0c6d47ed37c02a6d3a764b1b155c0f01d8d4c4809cc36c507c8e27d
bb308a6598146ebc9dfb7d47e2f93c6df685295a7a1fe930114b8e1322e38f45
bbffae0d03e6d48b808856596e595ab718c08bbc4476e7323bfcff4a6f833260
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d47e2935b6e37b2e136510f37bfc70e727caccf65fdf1a81013760a094deb6dc
ddabf98600b2f65fb08b35df1c2fd5e61397fc79b5ccbe62c2bbbf5e9829fc82
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f2124e6cdf502fbfc3c01493cf9507089e969c0b88fbe42d64abfa52f80507
eb986ca3299b6a122159f7db29f04295ebaba7d2e329bfee83b64953284d3b9c
ecf5185587dc584318775956d242115534ec7d928758081c0f9a1e3f97992508
ed89a657ac79363c78908130c7ea74b0e782292fd3556a7e8723c897f64098d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11

www.thepetitionsite.com Open in urlscan Pro 38.99.122.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

84 %HTTPS

52 %IPv6

20 Domains

25 Subdomains

24 IPs

7 Countries

2500 kBTransfer

6470 kBSize

27 Cookies

14 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.thepetitionsite.com Open in urlscan Pro
38.99.122.3 Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

84 %
HTTPS

52 %
IPv6

20
Domains

25
Subdomains

24
IPs

7
Countries

2500 kB
Transfer

6470 kB
Size

27
Cookies

90 HTTP transactions
0 data transactions