138.68.148.191.sslip.io Open in urlscan Pro
138.68.148.191 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://138.68.148.191.sslip.io/
Submission: On June 03 via api (June 3rd 2024, 11:42:54 am UTC) from US — Scanned from GB

Summary HTTP 209 Redirects Links 63 Behaviour Indicators

Summary

This website contacted 61 IPs in 8 countries across 39 domains to perform 209 HTTP transactions. The main IP is 138.68.148.191, located in Slough, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is 138.68.148.191.sslip.io.
TLS certificate: Issued by R3 on June 3rd 2024. Valid for: 3 months.

This is the only time 138.68.148.191.sslip.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	138.68.148.191 138.68.148.191	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
59	104.16.132.24 104.16.132.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:10:... 2606:4700:10::6816:4bd8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.160.43.93 34.160.43.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	23.34.43.6 23.34.43.6	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:9000:223... 2600:9000:223c:ac00:8:2ae1:d740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:401... 2a00:1450:4013:c16::54	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
15	3.161.82.46 3.161.82.46	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	13.224.186.120 13.224.186.120	16509 (AMAZON-02) (AMAZON-02)
1	158.101.210.189 158.101.210.189	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2	192.104.182.109 192.104.182.109	10668 (LEE-ASN) (LEE-ASN)
3	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:3c5a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.149.155.241 34.149.155.241	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.217.18.6 172.217.18.6	15169 (GOOGLE) (GOOGLE)
2	63.32.235.18 63.32.235.18	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6811:f8cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.245.31.65 18.245.31.65	16509 (AMAZON-02) (AMAZON-02)
1	13.35.57.188 13.35.57.188	16509 (AMAZON-02) (AMAZON-02)
24	35.190.14.224 35.190.14.224	15169 (GOOGLE) (GOOGLE)
1	52.19.228.126 52.19.228.126	16509 (AMAZON-02) (AMAZON-02)
2	63.140.62.17 63.140.62.17	15224 (OMNITURE) (OMNITURE)
1 1	52.30.166.91 52.30.166.91	16509 (AMAZON-02) (AMAZON-02)
6	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9c	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	3.224.50.112 3.224.50.112	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	2a02:26f0:310... 2a02:26f0:3100::1735:2a3b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a04:4e42:8e::84 2a04:4e42:8e::84	54113 (FASTLY) (FASTLY)
1	3.161.75.65 3.161.75.65	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 2	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
2	18.244.18.27 18.244.18.27	16509 (AMAZON-02) (AMAZON-02)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.43.14 13.107.43.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.161.77.50 3.161.77.50	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.128.84 151.101.128.84	54113 (FASTLY) (FASTLY)
1	52.17.99.225 52.17.99.225	16509 (AMAZON-02) (AMAZON-02)
1	54.69.251.6 54.69.251.6	16509 (AMAZON-02) (AMAZON-02)
1	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
209	61

5 138.68.148.191 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

138.68.148.191.sslip.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 104.16.132.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:4bd8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.43.93 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.43.160.34.bc.googleusercontent.com

thestar.solutions.cdn.optable.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.34.43.6 (Ballerup Municipality, Denmark)

ASN16625 (AKAMAI-AS, US)
PTR: a23-34-43-6.deploy.static.akamaitechnologies.com

micro.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:ac00:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.viafoura.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4013:c16::54 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 3.161.82.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-82-46.fra56.r.cloudfront.net

resources.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.186.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-186-120.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.101.210.189 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

torstar.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.104.182.109 (United States)

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com

www.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3c5a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.155.241 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 241.155.149.34.bc.googleusercontent.com

thestar.cloud.optable.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.6 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.32.235.18 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-235-18.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f8cb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.31.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-65.fra56.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.35.57.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-57-188.fra60.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 35.190.14.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.14.190.35.bc.googleusercontent.com

query.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.228.126 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-228-126.eu-west-1.compute.amazonaws.com

torontostarnewspaperslimited.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.62.17 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-17.data.adobedc.net

s.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.166.91 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-166-91.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.50.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-50-112.compute-1.amazonaws.com

i.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3100::1735:2a3b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:8e::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.75.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-75-65.fra56.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

10230056.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.244.18.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-27.fra56.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.77.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-77-50.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.128.84 (San Francisco, United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.99.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.251.6 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-251-6.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.64.84 (San Francisco, United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
59	townnews.com bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 21365	837 KB
25	petametrics.com cdn.petametrics.com — Cisco Umbrella Rank: 17866 query.petametrics.com — Cisco Umbrella Rank: 18856	177 KB
19	thestar.com resources.thestar.com — Cisco Umbrella Rank: 244084 www.thestar.com — Cisco Umbrella Rank: 204707 s.thestar.com — Cisco Umbrella Rank: 286890	113 KB
11	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 205 ad.doubleclick.net — Cisco Umbrella Rank: 159 stats.g.doubleclick.net — Cisco Umbrella Rank: 89 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 10230056.fls.doubleclick.net — Cisco Umbrella Rank: 397171	174 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	842 KB
9	google.com accounts.google.com — Cisco Umbrella Rank: 20 news.google.com — Cisco Umbrella Rank: 6421 region1.analytics.google.com — Cisco Umbrella Rank: 3095 ampcid.google.com — Cisco Umbrella Rank: 3199 www.google.com — Cisco Umbrella Rank: 2	150 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 338 www.linkedin.com — Cisco Umbrella Rank: 619 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	4 KB
6	segment.com cdn.segment.com — Cisco Umbrella Rank: 1845	41 KB
5	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 103 5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 164	19 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 308 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 630 aax.amazon-adsystem.com — Cisco Umbrella Rank: 419	81 KB
5	sslip.io 138.68.148.191.sslip.io	119 KB
4	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 902	5 KB
4	btloader.com 1 redirects btloader.com — Cisco Umbrella Rank: 876 api.btloader.com — Cisco Umbrella Rank: 958	19 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 345	14 KB
3	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3755	190 B
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 243 torontostarnewspaperslimited.demdex.net — Cisco Umbrella Rank: 335383	2 KB
3	gstatic.com fonts.gstatic.com	118 KB
3	optable.co thestar.solutions.cdn.optable.co — Cisco Umbrella Rank: 400493 thestar.cloud.optable.co — Cisco Umbrella Rank: 324506	7 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 3249 p1.parsely.com — Cisco Umbrella Rank: 2383	27 KB
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 191	3 KB
2	reddit.com pixel-config.reddit.com alb.reddit.com — Cisco Umbrella Rank: 1376	761 B
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 911	22 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1160	13 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 771	4 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	21 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 914	1 KB
1	segment.io api.segment.io — Cisco Umbrella Rank: 1425	179 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 882	727 B
1	t.co t.co — Cisco Umbrella Rank: 717	376 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 803	17 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 801	15 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1317	517 B
1	viafoura.co api.viafoura.co Failed i.viafoura.co — Cisco Umbrella Rank: 13051	200 B
1	gscontxt.net torstar.gscontxt.net — Cisco Umbrella Rank: 318892	529 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	2 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 421	10 KB
1	viafoura.net cdn.viafoura.net — Cisco Umbrella Rank: 12872	16 KB
1	rubiconproject.com micro.rubiconproject.com — Cisco Umbrella Rank: 3302	46 KB
209	39

	Domain	Requested by
59	bloximages.chicago2.vip.townnews.com	138.68.148.191.sslip.io bloximages.chicago2.vip.townnews.com
24	query.petametrics.com	cdn.petametrics.com 138.68.148.191.sslip.io
15	resources.thestar.com	138.68.148.191.sslip.io resources.thestar.com
10	www.googletagmanager.com	138.68.148.191.sslip.io www.googletagmanager.com
6	cdn.segment.com	138.68.148.191.sslip.io cdn.segment.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	138.68.148.191.sslip.io	138.68.148.191.sslip.io
4	ct.pinterest.com	s.pinimg.com
4	news.google.com	138.68.148.191.sslip.io news.google.com
3	bat.bing.com	138.68.148.191.sslip.io bat.bing.com
3	www.google.co.uk	138.68.148.191.sslip.io
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	fonts.gstatic.com	fonts.googleapis.com
3	c.amazon-adsystem.com	138.68.148.191.sslip.io c.amazon-adsystem.com
3	securepubads.g.doubleclick.net	138.68.148.191.sslip.io securepubads.g.doubleclick.net
2	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
2	sb.scorecardresearch.com	138.68.148.191.sslip.io
2	10230056.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	s.pinimg.com	138.68.148.191.sslip.io s.pinimg.com
2	www.redditstatic.com	138.68.148.191.sslip.io www.redditstatic.com
2	region1.analytics.google.com	www.googletagmanager.com
2	s.thestar.com	resources.thestar.com 138.68.148.191.sslip.io
2	unpkg.com	1 redirects 138.68.148.191.sslip.io
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	dpm.demdex.net	resources.thestar.com 138.68.148.191.sslip.io
2	ad.doubleclick.net	138.68.148.191.sslip.io
2	ad-delivery.net	138.68.148.191.sslip.io
2	api.btloader.com	btloader.com
2	thestar.cloud.optable.co	thestar.solutions.cdn.optable.co
2	www.thestar.com	138.68.148.191.sslip.io
2	btloader.com	1 redirects 138.68.148.191.sslip.io
1	api.segment.io	cdn.segment.com
1	p1.parsely.com	138.68.148.191.sslip.io
1	www.google.com	138.68.148.191.sslip.io
1	cdn.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	px4.ads.linkedin.com	138.68.148.191.sslip.io
1	www.linkedin.com	1 redirects
1	analytics.twitter.com	138.68.148.191.sslip.io
1	t.co	138.68.148.191.sslip.io
1	alb.reddit.com	138.68.148.191.sslip.io
1	pixel-config.reddit.com	www.redditstatic.com
1	5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	d1z2jf7jlzjs58.cloudfront.net	138.68.148.191.sslip.io
1	snap.licdn.com	138.68.148.191.sslip.io
1	static.ads-twitter.com	138.68.148.191.sslip.io
1	i.viafoura.co	138.68.148.191.sslip.io
1	ampcid.google.com	www.google-analytics.com
1	cm.everesttech.net	1 redirects
1	torontostarnewspaperslimited.demdex.net	resources.thestar.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	cdn.petametrics.com	bloximages.chicago2.vip.townnews.com
1	torstar.gscontxt.net	138.68.148.191.sslip.io
1	fonts.googleapis.com	138.68.148.191.sslip.io
1	accounts.google.com	138.68.148.191.sslip.io
1	cdn.ampproject.org	138.68.148.191.sslip.io
1	cdn.viafoura.net	138.68.148.191.sslip.io
1	micro.rubiconproject.com	138.68.148.191.sslip.io
1	thestar.solutions.cdn.optable.co	138.68.148.191.sslip.io
0	api.viafoura.co Failed	cdn.viafoura.net
209	62

This site contains links to these domains. Also see Links.

Domain
torontostar.pressreader.com
www.northstarbets.ca
readerschoice.thestar.com
obituaries.thestar.com
diversions.thestar.com
www.thestar.com
www.tsoffers.ca
toriservices.newscyclecloud.com
careers.smartrecruiters.com
thestarepaper.pressreader.com
www.thestaradvisers.com
www.classroomconnection.ca
www.newspapers.com
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
apps.apple.com
play.google.com
www.microsoft.com
www.google.com
www.mozilla.org
notices.torstar.com

Subject Issuer	Validity	Valid
138.68.148.191.sslip.io R3	`2024-06-03` - `2024-09-01`	3 months	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS RSA CA G1	`2024-03-12` - `2025-04-12`	a year	crt.sh
thestar.solutions.cdn.optable.co WR3	`2024-05-23` - `2024-08-21`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-07` - `2025-04-03`	a year	crt.sh
viafoura.com Amazon RSA 2048 M02	`2023-08-08` - `2024-09-06`	a year	crt.sh
misc-sni.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.news.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.thestar.com Amazon RSA 2048 M02	`2024-04-28` - `2025-05-26`	a year	crt.sh
upload.video.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-12-30` - `2024-12-04`	a year	crt.sh
*.gscontxt.net DigiCert TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-12-09`	a year	crt.sh
thestar.com GTS CA 1P5	`2024-04-16` - `2024-07-15`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
cdn.petametrics.com R3	`2024-05-07` - `2024-08-05`	3 months	crt.sh
join.ca.optable.co R3	`2024-04-12` - `2024-07-11`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2024-04-05` - `2024-07-04`	3 months	crt.sh
ad-delivery.net GTS CA 1P5	`2024-05-17` - `2024-08-15`	3 months	crt.sh
*.doubleclick.net WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2024-01-21` - `2025-02-19`	a year	crt.sh
alt1-3ps.amazon-adsystem.com Amazon RSA 2048 M03	`2024-03-29` - `2025-04-28`	a year	crt.sh
*.liftigniter.com R3	`2024-04-18` - `2024-07-17`	3 months	crt.sh
s.thestar.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-24` - `2024-08-23`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
*.google.co.uk WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
*.google.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-05-01` - `2024-06-27`	2 months	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2023-12-11` - `2024-12-10`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-19` - `2024-09-17`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.parsely.com Amazon RSA 2048 M03	`2024-04-05` - `2025-05-04`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
tpc.googlesyndication.com WR2	`2024-05-13` - `2024-08-05`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://138.68.148.191.sslip.io/
Frame ID: 3B043E6E608C03828E1845A68686970E
Requests: 202 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=1717414967679&publicationId=thestar.com
Frame ID: 444070DF27A5738654DB8324D4D3B00C
Requests: 1 HTTP requests in this frame

Frame: https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0
Frame ID: 2E5906C65BA4DA514A607CC4A69200FE
Requests: 1 HTTP requests in this frame

Frame: https://5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 150B7D03CD1B3D542396AE435C7623C6
Requests: 1 HTTP requests in this frame

Frame: https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F
Frame ID: 6BA4B15B7B2448EB5588F68CA2CE2FBE
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: E1F9A789BE7C4CDC5D2AE1905273171E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 310A275AA4737FCA4AAA88465BCFC976
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Breaking News - Headlines & Top Stories | The Star

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

209
Requests

96 %
HTTPS

44 %
IPv6

39
Domains

62
Subdomains

61
IPs

8
Countries

2918 kB
Transfer

8439 kB
Size

42
Cookies

63 Outgoing links

These are links going to different origins than the main page.

URL: https://torontostar.pressreader.com/
Title: Today's paper

Search URL Search Domain Scan URL

URL: https://www.northstarbets.ca/page?key=ej0xMzUyNzc3NCZsPTEzNTI3NzcyJnA9MzQ2MQ%3D%3D&ut[%E2%80%A6]hStarBets__&utm_content=custom/tracking_sportsbettinglogo
Title: Betting

Search URL Search Domain Scan URL

URL: https://readerschoice.thestar.com/readerschoice-toronto/
Title: Readers’ Choice Awards

Search URL Search Domain Scan URL

URL: https://obituaries.thestar.com/
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/
Title: Fun & Games

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/comics.html
Title: Comics

Search URL Search Domain Scan URL

URL: https://www.thestar.com/subscribe/swg-ann/
Title: SALE: Only $3.33/month Subscribe Now

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/opinion/caddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just/article_364ace1e-d022-5548-9f5e-43d208739778.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/opinion/contributors/my-parents-moved-to-canada-to-give-me-a-better-life-do-i-need-to/article_e57cd666-1dcf-11ef-a1ad-8f025ccad7b9.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/ontario/mcmaster-prof-fired-over-exploitative-sexual-relations-with-students-university/article_aefabc54-c7b7-534d-8548-ce1a40c092f7.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/kate-middleton-might-not-appear-in-public-again-until-2025-heres-what-we-know/article_52e9b00e-1c2f-11ef-87bd-5725a9313c4f.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/europe/a-pair-enjoyed-pricey-meals-and-bolted-when-it-was-time-to-pay-their-dine/article_98cbed8f-5765-542a-9611-75e863f2eebd.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/canadians-interest-in-buying-evs-fades-as-barriers-concerns-remain-j-d-power/article_689b8629-54df-5bd3-863d-91c5cf614e3b.html?li_source=LI&li_medium=business

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/loblaw-testing-out-small-format-no-frills-grocery-stores/article_6d58f9dd-e9d6-596b-a401-071dc8486c6d.html?li_source=LI&li_medium=business
Title: Loblaw testing out small-format No Frills grocery stores

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/cbc-launching-14-new-free-streaming-channels-for-local-news-across-canada/article_109d081c-628a-574e-974c-8b7243ff5f94.html?li_source=LI&li_medium=business
Title: CBC launching 14 new free streaming channels for local news across Canada

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/personal-finance/be-prepared-when-using-your-credit-card-while-travelling-to-ensure-trip-goes-smoothly/article_7c70bacc-0e76-53b9-9021-f2b2c346d059.html?li_source=LI&li_medium=business
Title: Be prepared when using your credit card while travelling to ensure trip goes smoothly

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/nissan-canada-issues-do-not-drive-warning-for-48-000-vehicles-over-airbag-issue/article_8210551a-3239-578e-ba8a-99df452f15b7.html?li_source=LI&li_medium=business
Title: Nissan Canada issues do-not-drive warning for 48,000 vehicles over airbag issue

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/opinion/who-really-calls-the-shots-at-canadian-tire-meet-martha-billes-the-companys-silent-controlling/article_d27a1bc0-17a6-11ef-8fc6-531b4cd98285.html?li_source=LI&li_medium=business
Title: Who really calls the shots at Canadian Tire? Meet Martha Billes, the company's silent controlling shareholder

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/quebec/eight-people-including-four-children-injured-after-fiery-incident-near-montreal/article_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html?li_source=LI&li_medium=canada

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/p-e-i-hunger-strikers-hopeful-after-small-meals-and-government-meeting/article_8c82de35-2ecf-5d2c-b9cf-a44acf398963.html?li_source=LI&li_medium=canada
Title: P.E.I. hunger strikers hopeful after small meals and government meeting

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/alberta/alberta-municipality-appeals-regulators-decision-to-accept-coal-exploration/article_87eb84f3-4c35-54fe-9be1-e07d313d1f57.html?li_source=LI&li_medium=canada
Title: Alberta municipality appeals regulator's decision to accept coal exploration

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/british-columbia/ex-husband-of-b-c-woman-tatjana-stefanski-is-charged-with-her-murder/article_92a89298-a53e-567a-8424-89e7694ac928.html?li_source=LI&li_medium=canada
Title: Ex-husband of B.C. woman Tatjana Stefanski is charged with her murder

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/new-brunswick/slide-shared-by-n-b-premier-gross-misrepresentation-of-sexual-health-presentation/article_e78ac85e-d41a-5b22-843f-7de8b0215ae6.html?li_source=LI&li_medium=canada
Title: Slide shared by N.B. premier 'gross misrepresentation' of sexual health presentation

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/northern-lights-possible-over-canada-after-sunspot-behind-big-solar-storm-returns/article_2cfd4222-64b1-564a-9f05-69378e1da4aa.html?li_source=LI&li_medium=canada
Title: Northern lights possible over Canada after sunspot behind big solar storm returns

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/robert-pickton-one-of-canadas-most-notorious-serial-killers-has-died/article_bf48a802-19f7-11ef-9454-4fb821271176.html?li_source=LI&li_medium=canada
Title: Robert Pickton, one of Canada's most notorious serial killers, has died

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/provincial/doug-ford-unrepentant-after-furor-over-comments-suggesting-immigrants-were-behind-school-shooting-i-stick/article_69f80e0c-1f82-11ef-bd8c-47c214f48dc7.html?li_source=LI&li_medium=politics

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/can-trump-come-to-canada-now-that-hes-a-convicted-felon/article_3069da4d-0e59-50f1-8486-368872f727b3.html?li_source=LI&li_medium=politics
Title: Can Trump come to Canada now that he's a convicted felon?

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/a-cbsa-strike-could-soon-snarl-border-traffic-here-s-what-you-need-to-know/article_69fedbde-9d50-5ab3-a4e7-4d28505589d0.html?li_source=LI&li_medium=politics
Title: A CBSA strike could soon snarl border traffic. Here’s what you need to know

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/patrick-brown-still-carrying-significant-debt-from-failed-conservative-leadership-bid/article_a54f5f4a-1c63-11ef-87bf-17be262b92de.html?li_source=LI&li_medium=politics
Title: Patrick Brown still carrying significant debt from failed Conservative leadership bid

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/provincial/ontario-teachers-get-pay-raise-of-more-than-11-over-four-years/article_aa8a8de8-1deb-11ef-848b-b7453bf88d94.html?li_source=LI&li_medium=politics
Title: Ontario teachers get pay raise of more than 11% over four years

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/5-things-we-learned-from-a-new-book-about-justin-trudeau/article_25348084-1eb5-11ef-98e6-5fd45151f5c0.html?li_source=LI&li_medium=politics
Title: 5 things we learned from a new book about Justin Trudeau

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/united-states/cancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds/article_32b568cc-a834-5997-ae4d-90a3acc0a61f.html?li_source=LI&li_medium=world

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/europe/how-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal/article_856f082a-e24e-5510-9147-517dfdc0cf9c.html?li_source=LI&li_medium=world
Title: How a photographer used a stray flash to make star Greta Gerwig look ethereal

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/asia/south-korea-plans-to-nullify-peace-deal-to-punish-north-korea-over-trash-carrying-balloon/article_16c30583-107a-5a1e-ad26-7a3076b01edd.html?li_source=LI&li_medium=world
Title: South Korea plans to nullify peace deal to punish North Korea over trash-carrying balloon launches

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/americas/mexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies/article_61b3d431-e51f-5212-ab9a-e558e656c8ca.html?li_source=LI&li_medium=world
Title: Mexican officials again criticize volunteer searcher after she finds more bodies

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/united-states/black-leaders-call-out-trumps-criminal-justice-contradictions-as-he-rails-against-guilty-verdict/article_3f9a3201-b2db-5b50-bdf3-0a8f814b92cb.html?li_source=LI&li_medium=world
Title: Black leaders call out Trump's criminal justice contradictions as he rails against guilty verdict

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/united-states/malaysian-climber-who-died-in-a-cave-near-the-top-of-north-americas-tallest-mountain/article_3eb46439-baf4-58ef-ae40-97197a50ef80.html?li_source=LI&li_medium=world
Title: Malaysian climber who died in a cave near the top of North America's tallest mountain is identified

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/lanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life/article_48a50225-b488-5d65-b3a9-9c93d157fde4.html?li_source=LI&li_medium=sports
Title: Lanny McDonald brings Stanley Cup to Calgary police officer who helped save his life

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/oilers-slip-past-stars-2-1-advance-to-stanley-cup-final/article_9813dbeb-5a1b-52eb-b115-ca8cb56c5f6e.html?li_source=LI&li_medium=sports
Title: Oilers slip past Stars 2-1, advance to Stanley Cup final

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/could-canadas-stanley-cup-drought-end-oilers-knock-off-star-to-reach-final/article_fc75c3a4-2113-11ef-8e21-7b1899dedd99.html?li_source=LI&li_medium=sports
Title: Could Canada's Stanley Cup drought end? Oilers knock off Star to reach final

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/leafs/free-advice-for-the-maple-leafs-on-free-agents-trade-targets-and-bang-for-the/article_3ed00cf0-1f84-11ef-876c-0781df99e2fe.html?li_source=LI&li_medium=sports
Title: Free advice for the Maple Leafs on free agents, trade targets and bang for the buck

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/doug-smiths-sports-blog/raptors-mailbag-should-toronto-bring-back-jonas-valanciunas/article_abb4ec0a-201f-11ef-9ae6-670d4b13f3ba.html?li_source=LI&li_medium=sports
Title: Raptors mailbag: Should Toronto bring back Jonas Valanciunas?

Search URL Search Domain Scan URL

URL: https://www.thestar.com/entertainment/
Title: Entertainment

Search URL Search Domain Scan URL

URL: https://www.tsoffers.ca/
Title: Subscribe to Home Delivery

Search URL Search Domain Scan URL

URL: https://toriservices.newscyclecloud.com/cgi-bin/cmo_tor-c-cmdb-01.sh/custservice/web/login.html?SiteID=TS
Title: Manage Home Delivery Subscription

Search URL Search Domain Scan URL

URL: https://careers.smartrecruiters.com/Torstar/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://thestarepaper.pressreader.com/
Title: Star ePaper Edition

Search URL Search Domain Scan URL

URL: https://www.thestaradvisers.com/Portal/default.aspx
Title: Star Advisers

Search URL Search Domain Scan URL

URL: https://www.classroomconnection.ca/
Title: Classroom Connection

Search URL Search Domain Scan URL

URL: https://www.newspapers.com/?iid=619
Title: Newspapers.com Archives

Search URL Search Domain Scan URL

URL: https://www.facebook.com/torontostar
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/torontostar
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/TorontoStar
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thetorontostar/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://apps.apple.com/ca/app/thestar-com-iphone/id379481068

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.thestar.www&referrer=utm_source%3Dweb-driver%26utm_medium%3Ddriver%26utm_content%3Dfooter

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/edge
Title: Microsoft Edge

Search URL Search Domain Scan URL

URL: https://www.google.com/chrome/
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://www.mozilla.org/en-US/firefox/
Title: Firefox

Search URL Search Domain Scan URL

URL: https://notices.torstar.com/main_terms_of_use_daily_and_community_brands_EN/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://notices.torstar.com/privacy-policy/index.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://btloader.com/tag?o=5071905434894336&upapi=true&async=true HTTP 302
https://btloader.com/tag?o=5071905434894336&upapi=true

Request Chain 95

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@4.0.1/dist/web-vitals.iife.js

Request Chain 117

https://cm.everesttech.net/cm/dd?d_uuid=84876815189884441631803634826874961639 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl2sOAAAAGlF9AN-

Request Chain 148

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F HTTP 302
https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F

Request Chain 160

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1717414968494%26url%3Dhttps%253A%252F%252F138.68.148.191.sslip.io%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true&e_ipv6=AQKIGaobaLSmsQAAAY_d6L93AI53bYteYRAAx9bDe7HWjzlIB1H2Hg0cGfubsbzNGFBOBglv1g

209 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
138.68.148.191.sslip.io/ 544 KB
83 KB 1003ms
412ms Document
text/html 138.68.148.191
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

138.68.148.191 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.26.1 /

Resource Hash

353ad6b523f0c2c7af5f2c7ae08db3668197757f58c12bd31fb1ddd37281327e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 123
cache-control: public, max-age=60, s-maxage=30, must-revalidate, proxy-revalidate
content-encoding: gzip
content-length: 83663
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 03 Jun 2024 11:42:46 GMT
etag: W/be3fb100113c92717250b41d64f16f07
last-modified: Mon, 03 Jun 2024 11:40:42 GMT
link: <https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.ee95c0b6f1daceb31bf5ef84353968c6.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script
referrer-policy: strict-origin-when-cross-origin
server: nginx/1.26.1
strict-transport-security: max-age=31536000
vary: X-IPCountry, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-loop: 1
x-robots-tag: noarchive
x-tncms: 1.77.2; app15; 0.85s; 7.4M
x-ua-compatible: IE=edge
x-vcache: HIT
x-xrds-location: https://www.thestar.com/tncms/xrds/
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.d6d18fcf88750a16d256e72626e676a6.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 98 KB
38 KB 201ms
78ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6636811
cross-origin-resource-policy: cross-origin
content-length: 38456
last-modified: Wed, 07 Jul 2021 20:09:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"60e609f2-1882c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d59954a-LHR
expires: Thu, 13 Mar 2025 15:33:06 GMT

GET
H2 200 user.js Show response
138.68.148.191.sslip.io/shared-content/art/tncms/user/ 3 KB
2 KB 397ms
396ms Script
application/x-javascript 138.68.148.191
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://138.68.148.191.sslip.io/shared-content/art/tncms/user/user.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.68.148.191 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.26.1 /
Resource Hash: 32209e964449881b7f2a21086506deccc49063673c2cfff6288598f843fc81c4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2024 16:40:27 GMT
server: nginx/1.26.1
age: 173
etag: W/"6647887b-c46"
x-vcache: HIT
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1437
service-worker-allowed: /

GET
H2 200 bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 39 KB
13 KB 199ms
76ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 1032259
cross-origin-resource-policy: cross-origin
content-length: 12719
last-modified: Fri, 06 Sep 2019 14:16:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5d726a23-9bd8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d63954a-LHR
expires: Thu, 13 Mar 2025 16:43:08 GMT

GET
H2 200 common.08a61544f369cc43bf02e71b2d10d49f.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 33 KB
14 KB 193ms
71ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4908103eb097a575d25aecab0b105c51313e35ce211bb70d82ea0ce6e75ed2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6626176
cross-origin-resource-policy: cross-origin
content-length: 14189
last-modified: Wed, 21 Feb 2024 21:20:34 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66922-841f"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d5f954a-LHR
expires: Thu, 13 Mar 2025 18:00:39 GMT

GET
H2 200 tnt.ee95c0b6f1daceb31bf5ef84353968c6.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 11 KB
4 KB 182ms
59ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.ee95c0b6f1daceb31bf5ef84353968c6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b093bf8fe11ce768e5543697030a064da71b347431594daf7efb86f94a201c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6255125
cross-origin-resource-policy: cross-origin
content-length: 4260
last-modified: Wed, 21 Feb 2024 21:20:33 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66921-2d77"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d5b954a-LHR
expires: Thu, 13 Mar 2025 16:43:08 GMT

GET
H2 200 application.3c64d611e594b45dd35b935162e79d85.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 162ms
40ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92fe1cea3df8fc0e2a03f1c8d0099cb105c7d455ac8be20be165ce6bff558365

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336971
cross-origin-resource-policy: cross-origin
content-length: 1590
last-modified: Wed, 21 Feb 2024 21:20:33 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66921-1102"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d5e954a-LHR
expires: Thu, 13 Mar 2025 15:33:06 GMT

GET
H2 200 tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 2 KB
1020 B 180ms
58ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e21aad61783d6e6908e5631c43656c05a34a9c7f64eab44dcd7fc58562aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6153540
cross-origin-resource-policy: cross-origin
content-length: 910
last-modified: Wed, 21 Feb 2024 21:20:33 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66921-9b8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d5a954a-LHR
expires: Wed, 19 Mar 2025 10:19:50 GMT

GET
H2 200 bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 107 KB
21 KB 85ms
63ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 1032220
cross-origin-resource-policy: cross-origin
content-length: 21439
last-modified: Wed, 21 Feb 2024 21:20:32 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66920-1ac2e"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d4b954a-LHR
expires: Thu, 13 Mar 2025 19:21:08 GMT

GET
H2 200 layout.d9bf9fa5b377514df7224a864456e96d.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 154 KB
33 KB 67ms
45ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.d9bf9fa5b377514df7224a864456e96d.css

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f44f6526e35f8f2595a297c9e049e8efe9159f763c1d14832ada2d66931eebf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 1096826
cross-origin-resource-policy: cross-origin
content-length: 34092
last-modified: Thu, 16 May 2024 12:56:16 GMT
x-vcache: MISS
server: cloudflare
etag: W/"66460270-266b1"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d51954a-LHR
expires: Wed, 21 May 2025 19:01:09 GMT

GET
H2 200 oovvuu.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 588 B
418 B 64ms
43ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/oovvuu.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55c6983606eae184b6c555ec5ed37a79f5038a478645e778921e618d74ed7f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410637
cross-origin-resource-policy: cross-origin
content-length: 271
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-24c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d4e954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 flex-utility-text-promo.945a2efac4892ce469180c513f411107.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 531 B
398 B 65ms
44ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-utility-text-promo.945a2efac4892ce469180c513f411107.css

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770dcaf045c045c66d6903b436c5b8c6f5d5a466fb3f17b3ba8f778f756b7621

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 4222384
cross-origin-resource-policy: cross-origin
content-length: 263
last-modified: Wed, 21 Feb 2024 21:20:37 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66925-213"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d55954a-LHR
expires: Thu, 13 Mar 2025 19:21:47 GMT

GET
H2 200 flex-utility-promo-designer.a27bf5e332f0dd667184ad38b7bf1638.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 8 KB
2 KB 62ms
41ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1139a764a2eae949ca1358aa7a387a7d6812f277016c070e28279f2639da412

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336971
cross-origin-resource-policy: cross-origin
content-length: 1823
last-modified: Mon, 27 Nov 2023 14:35:16 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6564a924-2021"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d52954a-LHR
expires: Thu, 28 Nov 2024 08:46:30 GMT

GET
H2 200 access.d7adebba498598b0ec2c.js Show response
138.68.148.191.sslip.io/shared-content/art/tncms/api/ 70 KB
29 KB 498ms
498ms Script
application/x-javascript 138.68.148.191
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://138.68.148.191.sslip.io/shared-content/art/tncms/api/access.d7adebba498598b0ec2c.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.68.148.191 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.26.1 /
Resource Hash: 8e683a0ae8fc37aeae8fd20643faef0341fe5cf01c30f25f41d6bad28b1a8365

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Origin: https://138.68.148.191.sslip.io
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
last-modified: Tue, 02 Apr 2024 13:48:15 GMT
server: nginx/1.26.1
age: 39
etag: W/"660c0c9f-1164b"
x-vcache: HIT
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 29242
service-worker-allowed: /

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://btloader.com/tag?o=5071905434894336&upapi=true&async=true
https://btloader.com/tag?o=5071905434894336&upapi=true

55 KB
18 KB

45ms
44ms

Script
application/javascript

2606:4700:10::6816:4bd8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:4bd8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 712a01097d932adf1f36ed11c7a17481836f51760f5eff854ed69838fe0eb261

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 03 Jun 2024 11:23:29 GMT
server: cloudflare
age: 1005
etag: "dd94d61e29c6c1f15172ce89f356885e"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 88df6bfb7dc660fe-LHR
content-length: 18710

Redirect headers

date: Mon, 03 Jun 2024 11:42:47 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 1005
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8
location: /tag?o=5071905434894336&upapi=true
cache-control: public, max-age=3600, must-revalidate
cf-ray: 88df6bfaed1060fe-LHR

GET
H2 200 thestar-sdk.js Show response
thestar.solutions.cdn.optable.co/public-assets/ 20 KB
7 KB 152ms
32ms Script
text/javascript 34.160.43.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://thestar.solutions.cdn.optable.co/public-assets/thestar-sdk.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.160.43.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

93.43.160.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

922419daf0f7f53cca9234ef4f41bffaafb484020e655eae333ee4ba2af6a76a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 10:43:19 GMT
content-encoding: gzip
via: 1.1 google
strict-transport-security: max-age=31536000; includeSubDomains
age: 3568
x-guploader-uploadid: ABPtcPoIdTkxiNJgAxNrO37yyFyi13NcCUJq6aHxxJ4_AYRJaO9R3F3I70LIyQ-B5JH1WtR1tNs
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6656
last-modified: Mon, 12 Feb 2024 18:46:14 GMT
server: UploadServer
etag: "f103a28383efce0a517cfe2a769e445e"
x-goog-generation: 1707763574283265
x-goog-hash: crc32c=JtGrOg==, md5=8QOig4PvzgpRfP4qdp5EXg==
content-type: text/javascript
cache-control: public,max-age=86400,no-transform
x-goog-stored-content-length: 6656
accept-ranges: bytes

GET
H2 200 edition-selector.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 8 KB
2 KB 45ms
36ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/edition-selector.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7f817d35152e6280e12fa0a2895ec47b65085df83867b00d766f9a0e5595a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 2252
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-2076"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa2958954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 footer.nav.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 2 KB
776 B 66ms
56ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/footer.nav.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57c6c8ef16f19b7a2e015a857f3f43bc4997fb5044f8dd62644329ba4a8420dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 639
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-999"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa3981954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 257ms
100ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a306aa02bb724d339bc6a81e4d586684dd31b78570b70453bfd4e372b414b4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29927
x-xss-protection: 0
server: cafe
etag: 777 / 19877 / m202405230101 / config-hash: 2143780330807424416
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 18488.js Show response
micro.rubiconproject.com/prebid/dynamic/ 147 KB
46 KB 217ms
62ms Script
text/javascript 23.34.43.6
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://micro.rubiconproject.com/prebid/dynamic/18488.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.43.6 Ballerup Municipality, Denmark, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-34-43-6.deploy.static.akamaitechnologies.com
Software: Apache/2.4.37 (rocky) OpenSSL/1.1.1k /
Resource Hash: 868363ef2870b0754aff551f47a8058255af7768783bbc152711cd4552fb7f0f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
server: Apache/2.4.37 (rocky) OpenSSL/1.1.1k
vary: accept-encoding, referer
edge-cache-tag: prod-prebid-No.Wrapper.js
content-type: text/javascript;charset=UTF-8
cache-control: public, must-revalidate, max-age=14400
content-length: 47219
expires: Tue, 04 Jun 2024 07:01:37 GMT

GET
H2 200 liftigniter.min.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 14 KB
5 KB 65ms
57ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/liftigniter.min.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

980c8780366c4be3d8e14ac0a98833e357313bd0c55e9cec1b5f16deec75c049

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 4958
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-37b0"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa3984954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 promo_popup.min.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 4 KB
1 KB 61ms
54ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/promo_popup.min.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4da85bac641eea7ae93b38d3cd9b7e2b18668c77b15e521bd3e285f054269703

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 1196
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-e89"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa3985954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 207 B
311 B 86ms
75ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64d2ce701b1f0b1d910bff7f252ae7a53d5f90cf3efb970163811c757b889d57

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6621398
cross-origin-resource-policy: cross-origin
content-length: 176
last-modified: Thu, 09 Nov 2023 15:29:55 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf3-cf"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf72d62954a-LHR
expires: Wed, 27 Nov 2024 08:42:36 GMT

GET
H2 200 tracking.js Show response
138.68.148.191.sslip.io/shared-content/art/tncms/ 3 KB
1 KB 396ms
396ms Script
application/x-javascript 138.68.148.191
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://138.68.148.191.sslip.io/shared-content/art/tncms/tracking.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.68.148.191 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.26.1 /
Resource Hash: aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2024 16:40:27 GMT
server: nginx/1.26.1
age: 47
etag: W/"6647887b-a3a"
x-vcache: HIT
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1157
service-worker-allowed: /

GET
H2 200 save.asset.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 2 KB
757 B 58ms
51ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/save.asset.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ac86cfcd875307be77577d580d25f3e0868dfeebd12080b3fe1044c378dbb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 674
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-721"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa3987954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 index.js Show response
cdn.viafoura.net/entry/ 45 KB
16 KB 249ms
75ms Script
text/javascript 2600:9000:223c:ac00:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/entry/index.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:ac00:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 88261b7c724b5c29c6a81574124a7574a6d5f635b8c896a878bea31ac981dc1f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: PeA.tKAInfCoqZzUu3qiU6I9_UAyIKhu
content-encoding: br
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
date: Mon, 03 Jun 2024 11:40:32 GMT
x-amz-cf-pop: FRA56-P2
age: 136
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 31 May 2024 14:33:27 GMT
server: AmazonS3
etag: W/"b4d0c29e0cc4c66212db1fe11b23ee31"
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public,max-age=600,s-max-age=60
x-amz-cf-id: vbJoyo77EuVrDcq1R0QfAmu3XSe6RNv8bAgFS4Wv1zVHDOlaEnwMdg==

GET
H2 200 fontawesome.568f3d1ab17b33ce05854081baadadac.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 268 KB
110 KB 58ms
52ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.568f3d1ab17b33ce05854081baadadac.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7976a9dfe57f9ba6972420500782258da674fcc523c2def08bb6a84ce275c4b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336972
cross-origin-resource-policy: cross-origin
content-length: 112383
last-modified: Wed, 21 Feb 2024 21:20:34 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66922-43130"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa3988954a-LHR
expires: Thu, 13 Mar 2025 15:33:07 GMT

GET
H2 200 amp-iframe-0.1.js Show response
cdn.ampproject.org/v0/ 25 KB
10 KB 252ms
71ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-iframe-0.1.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b7927b9ccc259810a26f503f30646f92bf2e281cdc2eb8df9c8768d68882bea

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8938
x-xss-protection: 0
server: sffe
etag: "94c0cd2b7e062185"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 218 KB
83 KB 210ms
75ms Script
application/javascript 2a00:1450:4013:c16::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c16::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52e428aef55740e64045fb6a3f511441da64cdb75deeba07d3a56a030b7a4a2b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HIxghA_aQTfW6_3t6ErWTQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-security-policy: script-src 'report-sample' 'nonce-HIxghA_aQTfW6_3t6ErWTQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 209 KB
60 KB 215ms
52ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5099957bf1788de97d11c451694e29ee1519ca2d5a0532aa92304bbfe29e6ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:37:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 319
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61286
x-xss-protection: 0
last-modified: Thu, 30 May 2024 13:28:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 03 Jun 2024 12:27:28 GMT

GET
H2 200 launch-9387fe3a1e9f.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/ 345 KB
81 KB 241ms
60ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bb9eef3b114f21d8a84bd35487bc3c59fb5ee8f015cbd67fb763df8aa9901475

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:23 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:29 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"5916e5b5752101077129a53477e35d5c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 445
x-amz-cf-id: n9stn9Pzhgz5aE3vpD8qyIIm33LUws0rwkdH_N14aaKC2pKLBU1_Lw==

GET
H2 200 css2
fonts.googleapis.com/ 37 KB
2 KB 204ms
50ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=STIX+Two+Text:ital,wght@0,500;0,600;0,700;1,500;1,600;1,700&family=Frank+Ruhl+Libre:wght@300;400;500;600;700;800;900&family=Merriweather+Sans:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a76ff167d7d530e0a4d45c331ac37dd1ad59b0c32b1a80e3906cb50d88e0f3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 11:42:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 navigation.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 10 KB
2 KB 45ms
35ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/navigation.css?_dc=1717003973

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d063ab8701f5932753a12e9b302d8345ed7ba488f2f3ca6d46912fb60ce2815

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 2468
last-modified: Wed, 29 May 2024 17:32:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c5-28b1"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be17954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 pages.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 198 B
250 B 52ms
42ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/pages.css?_dc=1717003973

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4353442b296c53f51d82efc2617406d68cc278bd08c2ce4ca96daa9fcc2c77e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 168
last-modified: Wed, 29 May 2024 17:32:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c5-c6"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be18954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 blocks.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 5 KB
2 KB 49ms
39ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/blocks.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02d4a3e3bc55fb2c10464afa89e283d1d017f6a309634709009f0e3ec5455e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 1482
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-12e6"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be19954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 utilities.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 628 B
574 B 42ms
34ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/utilities.css?_dc=1717003973

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68684d4e091795123c7797a602e056cac24a3355a95b3b198e4fbd65822afcd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 396
last-modified: Wed, 29 May 2024 17:32:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c5-274"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1a954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 global.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 36 KB
8 KB 51ms
43ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182b024ffa27372ce654411ff8660c4a97eba6b63b54d08562405df2b869d181

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 8063
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-8fd9"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1b954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 stn.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 3 KB
881 B 43ms
35ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/stn.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

595550d27cabf0dad36e8ddae06a223716e7067ff08607b60e91adab5e06c748

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 776
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-ded"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1c954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 storypacks.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 52 KB
7 KB 48ms
41ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/storypacks.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d72995ef7e52dafc770a56457038f77d59a619a426132bfe914ba3ba4f683640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 6725
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-cfe5"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1d954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 utilities.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 33 KB
8 KB 44ms
37ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/utilities.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a866c7b8780ff568ad1101e05e95522bf49ee02dcd0a3cc06bc3ca7c5bf108a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 8397
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-82a8"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1e954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 user-controls.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 6 KB
2 KB 47ms
40ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/user-controls.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80abdc7301a85f3723a06e115899beb85170026b040c44834b954be0d2f2af3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 1734
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-1839"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be1f954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 icons.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 13 KB
1 KB 46ms
40ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ebc1e62c024fc610ffd18df157488dfa4321fc8db7222d9db66e92e1afe7b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 1201
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-3369"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be20954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 staronly.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 223 B
257 B 44ms
38ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/staronly.css?_dc=1717003973

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190e1101cde57367a86dd7f3df29194cf2b78968948c793f424d5f144897b9b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 175
last-modified: Wed, 29 May 2024 17:32:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c5-df"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be21954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 site.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/site/resources/styles/ 339 B
382 B 50ms
45ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/site/resources/styles/site.css?_dc=1671043982

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5348904074ca7f09e3078c2afcabad0f0c9cafcfc751566e93d90ceaa75b887

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336972
cross-origin-resource-policy: cross-origin
content-length: 218
last-modified: Wed, 14 Dec 2022 18:53:02 GMT
x-vcache: MISS
server: cloudflare
etag: W/"639a1b8e-153"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be22954a-LHR
expires: Thu, 28 Nov 2024 08:06:00 GMT

GET
H2 200 tracker.js Show response
138.68.148.191.sslip.io/shared-content/art/stats/common/ 9 KB
3 KB 408ms
404ms Script
application/x-javascript 138.68.148.191
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://138.68.148.191.sslip.io/shared-content/art/stats/common/tracker.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.68.148.191 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.26.1 /
Resource Hash: d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
last-modified: Tue, 09 Apr 2024 20:00:11 GMT
server: nginx/1.26.1
age: 36
etag: W/"66159e4b-2200"
x-vcache: HIT
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 3224
service-worker-allowed: /

GET
H2 200 31c48758-8d44-11ed-8c30-0bcb8697ec11.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 1 KB
1 KB 46ms
42ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/31c48758-8d44-11ed-8c30-0bcb8697ec11.png

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bba9687afeda017cbf549538f5433e397e901a3b452306988a7999db6f1a8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6626177
cf-polished: origFmt=png, origSize=1362
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="31c48758-8d44-11ed-8c30-0bcb8697ec11.webp"
content-length: 1086
cf-bgj: imgq:85,h2pri
last-modified: Thu, 05 Jan 2023 21:59:15 GMT
server: cloudflare
x-vcache: MISS
etag: "63b74833-552"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf7be23954a-LHR
expires: Thu, 13 Mar 2025 19:09:08 GMT

GET
H2 200 665a02ded55b1.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/90/090945ef-79b8-58bd-8548-2b0b58f7edd4/ 195 KB
195 KB 50ms
45ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/90/090945ef-79b8-58bd-8548-2b0b58f7edd4/665a02ded55b1.image.jpg?crop=1662%2C1108%2C0%2C69&resize=1200%2C800&order=crop%2Cresize

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

921e1fad091c3f14fb5809581ff557c471ced29ef7d94b206ffd0022c3867d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 6574
cf-polished: origSize=209015, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Fri, 31 May 2024 17:03:30 GMT
server: cloudflare
x-vcache: MISS
etag: "b60e82613c92ed91889fa2b01dbdeea4"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6bf7be25954a-LHR
expires: Tue, 03 Jun 2025 09:10:05 GMT

GET
H2 200 6659ebdc6695b.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/9/e0/9e07db02-24a2-5077-a7cc-126f666936cb/ 42 KB
42 KB 41ms
41ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/9/e0/9e07db02-24a2-5077-a7cc-126f666936cb/6659ebdc6695b.image.jpg?crop=1762%2C1175%2C0%2C0&resize=1200%2C800&order=crop%2Cresize

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2e5c48981d7dbaa37c503097f81fcfb7b7541a3be895188822a03ee69e40a0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 4598
cf-polished: qual=85, origFmt=jpeg, origSize=62718
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="6659ebdc6695b.webp"
cf-bgj: imgq:85,h2pri
last-modified: Fri, 31 May 2024 15:25:18 GMT
server: cloudflare
x-vcache: MISS
etag: "3ae7f6963f31258f0923ba23e358cce1"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6bf7fe7d954a-LHR
expires: Tue, 03 Jun 2025 10:03:34 GMT

GET
H2 200 2faeee7c-8d44-11ed-8c18-eb5483a10695.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 1 KB
1 KB 34ms
34ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/2faeee7c-8d44-11ed-8c18-eb5483a10695.png

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2ab34321ef0a61378759396e72284c4ee6c055bf11521b655d1e5b5a435a8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336972
cf-polished: origFmt=png, origSize=1545
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="2faeee7c-8d44-11ed-8c18-eb5483a10695.webp"
content-length: 1228
cf-bgj: imgq:85,h2pri
last-modified: Thu, 05 Jan 2023 21:59:11 GMT
server: cloudflare
x-vcache: MISS
etag: "63b7482f-609"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf81ea6954a-LHR
expires: Fri, 21 Mar 2025 19:04:21 GMT

GET
H2 200 subscription-landing.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 11 KB
3 KB 38ms
38ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/subscription-landing.css?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16b7cf55fbd080eaa0a59da54b8dc90b9ecfb37e0e456186c753c9291deddc59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410357
cross-origin-resource-policy: cross-origin
content-length: 2607
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-2c4b"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf83ed5954a-LHR
expires: Thu, 29 May 2025 17:38:02 GMT

GET
H2 200 newsletter-helper.min.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 363 B
409 B 43ms
43ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/newsletter-helper.min.js?_dc=1717003972

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

457e85861044e6c6ed188aee506092571f5ba71759bbc1de4340ece02b69194e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 278
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-16b"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf85efb954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 tnt.ads.core.ee10a41bfea60001b9edb7ab35e5c9e1.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 14 KB
5 KB 37ms
37ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.core.ee10a41bfea60001b9edb7ab35e5c9e1.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7458edd9b7b53f7b32c80f4856a8a0d1c4b7557c589f7c6b860c30a43829ac3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6540083
cross-origin-resource-policy: cross-origin
content-length: 5096
last-modified: Wed, 13 Mar 2024 21:59:57 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65f221dd-3662"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf87f32954a-LHR
expires: Wed, 19 Mar 2025 19:01:16 GMT

GET
H2 200 sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 4 KB
2 KB 37ms
37ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47220c4c850d2a71293522af7071da5706951e1cecc6dddce7bc78343f48de1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6632822
cross-origin-resource-policy: cross-origin
content-length: 1501
last-modified: Wed, 21 Feb 2024 21:20:34 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66922-1010"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf89f4d954a-LHR
expires: Thu, 13 Mar 2025 16:43:08 GMT

GET
H2 200 tnt.regions.b44801b45845a81b995eeaad12f4f276.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 36ms
36ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.regions.b44801b45845a81b995eeaad12f4f276.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c4711683ed6f2d79b7aebeb5f9d00be743a943159bdb57faf129412ed1de94c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336580
cross-origin-resource-policy: cross-origin
content-length: 1548
last-modified: Wed, 21 Feb 2024 21:20:33 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65d66921-1021"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bf8bf80954a-LHR
expires: Thu, 13 Mar 2025 18:01:38 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 252 KB
85 KB 227ms
79ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

53638132fa04681e4f77df4cedfb9aa00cd0025246cc7286265d9c609ffe5043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86272
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 305 KB
76 KB 230ms
59ms Script
application/javascript 13.224.186.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.186.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-186-120.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38ddbe47a6c50552223935c9c5553c3cb17292cfc08b33d4d2c40c45baf2174c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:11:30 GMT
content-encoding: gzip
via: 1.1 9a97e41242551c9a56be1311e4d3db70.cloudfront.net (CloudFront), 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
last-modified: Tue, 28 May 2024 21:30:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P10, FRA2-C1
age: 1878
x-amz-server-side-encryption: AES256
etag: W/"7e37c61c24c4f874b286570f1eebc0ea"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: VelDvqQr6wT2dP81KsgzvZ9EeOFctRK5FuN-wlkyWQaYsHjdQoOePQ==

GET
H2 200 channels.cgi Show response
torstar.gscontxt.net/main/ 480 B
529 B 237ms
84ms Script
application/javascript 158.101.210.189
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://torstar.gscontxt.net/main/channels.cgi?url=https%3A%2F%2F138.68.148.191.sslip.io%2F
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 158.101.210.189 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: d29cd91a00c3f1589cac5df5a20ad432adffee83efc469d59bcc5ebec2dc3383

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-length: 480
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 282 KB
97 KB 78ms
67ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WRSZQF8&gtm_auth=74eL4wQLYRNQ18AwQITlNA&gtm_preview=env-1&gtm_cookies_win=x

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7aed7c338310d559ce64cb0fd4a92e02ffabd673f0ab6c9608619f8da0bb0195

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98894
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracker.gif
www.thestar.com/shared-content/art/stats/common/ 0
146 B 505ms
215ms Image
image/gif 192.104.182.109
LEE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thestar.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=17174149673915050160012001511150568977&tnms_dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&tnms_upage=1&tnms_do=www.thestar.com&tnms_uri=/&tnms_ref=&rt=1717414967393
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
last-modified: Thu, 16 Oct 2008 20:11:25 GMT
x-vcache: MISS
age: 0
etag: "48f79fed-0"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 0

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Toronto_Star_logo.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/publication-logos/ 6 KB
2 KB 39ms
38ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/publication-logos/Toronto_Star_logo.svg?_dc=1717003971

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadfdde0a0aea4dd6e3bfb60868f546b2e30db7f8d5b3549af99915a8e7294f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410638
cross-origin-resource-policy: cross-origin
content-length: 2372
last-modified: Wed, 29 May 2024 17:32:51 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c3-16bb"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa69df954a-LHR
expires: Thu, 29 May 2025 17:37:55 GMT

GET
H2 200 guest.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 662 B
487 B 63ms
63ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/guest.svg

Requested by

Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1717003972

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0acff355a123d849b520cf5a94fba9e18840b78a57f67e7ff984ad7272821d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1717003972
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6632822
cross-origin-resource-policy: cross-origin
content-length: 382
last-modified: Wed, 06 Mar 2024 18:33:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65e8b710-296"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa7a09954a-LHR
expires: Thu, 13 Mar 2025 16:43:11 GMT

GET
H2 200 nbetting.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/ 6 KB
6 KB 51ms
51ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/nbetting.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2c767ec61f3ecd854a3b3aab3ed23168707aa1fc9cee0009643a72362d6bfdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1717003972
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 1083460
cf-polished: origFmt=png, origSize=11103
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="nbetting.webp"
content-length: 6086
cf-bgj: imgq:85,h2pri
last-modified: Wed, 20 Mar 2024 18:06:40 GMT
server: cloudflare
x-vcache: MISS
etag: "65fb25b0-2b5f"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa7a0a954a-LHR
expires: Sun, 23 Mar 2025 14:28:38 GMT

GET
H2 200 chevron.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 347 B
380 B 61ms
60ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/chevron.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cefee4c660d3fc32a9c8957e4e5a464fde600f95d50d64e533e9c2b73d7ad2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1717003972
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6621388
cross-origin-resource-policy: cross-origin
content-length: 246
last-modified: Wed, 29 Nov 2023 18:32:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"656783b6-15b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa7a0c954a-LHR
expires: Fri, 29 Nov 2024 00:01:00 GMT

GET
H2 200 warning-updated.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 383 B
379 B 55ms
55ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/warning-updated.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39af5bc38f03afb9bbcacadacdf8ce2adc5f6745217ef8868696c6cb38e2bfe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1717003972
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6494541
cross-origin-resource-policy: cross-origin
content-length: 267
last-modified: Wed, 06 Mar 2024 18:33:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65e8b710-17f"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfa7a0e954a-LHR
expires: Thu, 13 Mar 2025 15:33:07 GMT

GET
H2 200 2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2
fonts.gstatic.com/s/merriweathersans/v26/ 37 KB
38 KB 225ms
80ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v26/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=STIX+Two+Text:ital,wght@0,500;0,600;0,700;1,500;1,600;1,700&family=Frank+Ruhl+Libre:wght@300;400;500;600;700;800;900&family=Merriweather+Sans:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a4a852dedcc7e3b6bb2c6acffac1a82a31828a00749ce2a8c2d6dd5f268dd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://138.68.148.191.sslip.io
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 02:04:13 GMT
x-content-type-options: nosniff
age: 207514
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38268
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:13:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Jun 2025 02:04:13 GMT

GET
H2 200 j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2
fonts.gstatic.com/s/frankruhllibre/v21/ 43 KB
44 KB 194ms
50ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/frankruhllibre/v21/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

523e12ec4882988ae8c43f71e35ea24fccd8560997c349a0a24c27c6682573fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://138.68.148.191.sslip.io
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 00:05:52 GMT
x-content-type-options: nosniff
age: 214615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44372
x-xss-protection: 0
last-modified: Thu, 11 Apr 2024 18:31:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Jun 2025 00:05:52 GMT

GET
H2 200 35125f18-9d19-11ed-89ed-6bd2c50512f3.df23b75e40b7f37db85d68b552a71c24.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/3/51/25f/ 8 KB
8 KB 36ms
34ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/3/51/25f/35125f18-9d19-11ed-89ed-6bd2c50512f3.df23b75e40b7f37db85d68b552a71c24.png?_dc=1683290000

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67ccbb5495d7f07b89c2a17f177d096d74eef2dcb95949b1c33ff9702bcea703

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 243997
cf-polished: origFmt=png, origSize=12126
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="35125f18-9d19-11ed-89ed-6bd2c50512f3.webp"
content-length: 7990
cf-bgj: imgq:85,h2pri
last-modified: Fri, 05 May 2023 12:33:20 GMT
server: cloudflare
x-vcache: MISS
etag: "6454f790-2f5e"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfaba4c954a-LHR
expires: Fri, 16 May 2025 16:28:33 GMT

GET
H2 200 e24668f2-a0d2-11ed-b59a-3b3ceac34805.694c69ad99a4b716ea237400a76aee83.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/e/24/668/ 7 KB
7 KB 47ms
46ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/e/24/668/e24668f2-a0d2-11ed-b59a-3b3ceac34805.694c69ad99a4b716ea237400a76aee83.png?_dc=1683231300

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2afc9c9a110ac94d64bae0e712762d6fb409e7470c68f3278676aa68e616f3e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6319626
cf-polished: origFmt=png, origSize=10609
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="e24668f2-a0d2-11ed-b59a-3b3ceac34805.webp"
content-length: 6942
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 May 2023 20:15:00 GMT
server: cloudflare
x-vcache: MISS
etag: "64541244-2971"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfaca5e954a-LHR
expires: Wed, 19 Mar 2025 09:15:43 GMT

GET
H2 200 9c9fa7d8-b8cd-11ed-ba3d-87ef1421dbae.8083a260b84fef8ff1f0edeff4983fcf.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/9/c9/fa7/ 7 KB
7 KB 48ms
47ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/9/c9/fa7/9c9fa7d8-b8cd-11ed-ba3d-87ef1421dbae.8083a260b84fef8ff1f0edeff4983fcf.png?_dc=1686689943

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

565f07e2f1e69f69195c5bf95d5668bb110a38683ae051202b3a6db87b7ed516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 980981
cf-polished: origFmt=png, origSize=11541
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="9c9fa7d8-b8cd-11ed-ba3d-87ef1421dbae.webp"
content-length: 7236
cf-bgj: imgq:85,h2pri
last-modified: Tue, 13 Jun 2023 20:59:03 GMT
server: cloudflare
x-vcache: MISS
etag: "6488d897-2d15"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfaca60954a-LHR
expires: Fri, 02 May 2025 19:10:03 GMT

GET
H2 200 7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.a0b13c4b7a02e09c478fe74111026137.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/7/cf/c38/ 7 KB
8 KB 54ms
53ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/7/cf/c38/7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.a0b13c4b7a02e09c478fe74111026137.png?_dc=1683205896

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

597cf1adbafca51f41aedfbdc509c2e15e81382778e096b1398c66cda6865f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6336972
cf-polished: origFmt=png, origSize=11530
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.webp"
content-length: 7428
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 May 2023 13:11:36 GMT
server: cloudflare
x-vcache: MISS
etag: "6453af08-2d0a"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfaca63954a-LHR
expires: Thu, 13 Mar 2025 17:28:13 GMT

GET
H2 200 2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2
fonts.gstatic.com/s/merriweathersans/v26/ 37 KB
37 KB 170ms
68ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v26/2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2736d55a4da2c1d7e1cec02b86d6432aabe15a41f5f86803b5fa5fbe3cae8a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://138.68.148.191.sslip.io
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 01 Jun 2024 00:33:55 GMT
x-content-type-options: nosniff
age: 212932
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37848
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:30:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Jun 2025 00:33:55 GMT

GET
H2 200 7noslr035pfb0mvo-nbc.js Show response
cdn.petametrics.com/ 178 KB
50 KB 178ms
43ms Script
application/javascript 2606:4700:10::6816:3c5a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Requested by: Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/liftigniter.min.js?_dc=1717003972
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3c5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26277fa000346ace59e9242a6892ea29d35b10db60b517b082661c9efadfddc3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
x-amz-version-id: 78t.NCwJOREusHBZCxHDdEFVCcBH4DKV
cf-cache-status: HIT
x-amz-cf-pop: FRA2-C2
age: 5739788
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 29 Mar 2024 01:16:33 GMT
server: cloudflare
etag: W/"1cbe166cba853610d4cfa52d563e83ab"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200, s-maxage=31536000
cf-ray: 88df6bfc9c756382-LHR
x-amz-cf-id: dh76CVizoPaJVJ46G-T_ZMr90FDVCJMgChQiVW16rM0aQ8EcXItc3A==

GET
H2 200 665d9089e10fc.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/4/ba/4ba06088-46e9-5688-85b7-e9b981387cfc/ 25 KB
25 KB 46ms
46ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/4/ba/4ba06088-46e9-5688-85b7-e9b981387cfc/665d9089e10fc.image.jpg?crop=1763%2C1175%2C0%2C0&resize=400%2C267&order=crop%2Cresize

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

933eb56d46a5af1ba475b96065772b838deb8668526b72ebc80790e4314dbe39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 6385
cf-polished: origSize=26902, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 Jun 2024 09:44:46 GMT
server: cloudflare
x-vcache: MISS
etag: "c31ba3f314b421f69f09bcc51486931b"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6bfb5b5a954a-LHR
expires: Tue, 03 Jun 2025 09:49:25 GMT

OPTIONS
H2 403 init
thestar.cloud.optable.co/prod-thestar-com/ Frame 0
0 243ms
113ms Preflight 34.149.155.241
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.155.241 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 241.155.149.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://138.68.148.191.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 03 Jun 2024 11:42:47 GMT
via: 1.1 google

POST init
thestar.cloud.optable.co/prod-thestar-com/ 0
0

POST v2
api.viafoura.co/v2/138.68.148.191.sslip.io/bootstrap/ 0
0

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 18 KB
5 KB 40ms
39ms Stylesheet
text/css 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:12:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1846
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5195
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 21:19:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 03 Jun 2024 12:02:01 GMT

GET
H2 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 47ms
47ms Other
image/svg+xml 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:32:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 638
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 03 Jun 2024 12:22:09 GMT

GET
H2 200 serviceiframe
news.google.com/swg/ui/v1/ Frame 4440 0
0 248ms
115ms Document
text/html 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=1717414967679&publicationId=thestar.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jpsn-pCPIbSR-m4xsEIx7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments.google.com https://payments.sandbox.google.com https://sandbox.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-jpsn-pCPIbSR-m4xsEIx7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://payments.google.com https://payments.sandbox.google.com https://sandbox.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Mon, 03 Jun 2024 11:42:47 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/swg/_/SubscribewithgoogleClientUi/web-reports?context=eJzjStDikmLw1JBicDa_xRT35xZT1OlHTE0rnzK1APG3Q8-YfgDx9uLnTBJfXzKpAbFT-gzWACD2qZ_BGgXErTfPsU4G4qR_51kLgLj98wXWqUC8Kugi6xogFuLh2H7j2yY2gQ8rLm5gVjJKyi-MLy5NKk4uykxKLc8syUjPz0_PSU3OyUzNKylOLSpLLYo3MjAyMTA1MtczMI4vMAAARupGHA"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/ 452 KB
141 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae1d946d7305119960251e362f5bf0ca500511b0f438cf0183e9af1c5ed86684

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 13:41:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 79290
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 144540
x-xss-protection: 0
server: cafe
etag: 7094345049347505924
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 02 Jun 2025 13:41:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 77 B
86 B 231ms
82ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=138.68.148.191.sslip.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0a9d3fcf52a1b7a8ff5f9a292b5a2feefe0f2bd45a1d439cee4c7dc2bbcde92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
x-xss-protection: 0
expires: Mon, 03 Jun 2024 11:42:47 GMT

POST
H2 204 unknown_domains Show response
api.btloader.com/events/ 0
128 B 234ms
127ms XHR
text/plain 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/events/unknown_domains?upapi=true&tid=z1gUXCdV&cv=2.1.45-3-gc22fd9c
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true&async=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:47 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 204 state Show response
api.btloader.com/mw/ 0
39 B 248ms
143ms Fetch 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true&async=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
938 B 159ms
41ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2264077
x-guploader-uploadid: ADPycdsRF6_T2RhBWiSSA7GUKtTqtprOqmok-6_CTqFJbtylEm1K8NvN3me9Y8CBqM-JQWmLy7SrCWtvnpKuj5DofCDx
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obZc%2F5t4IPflO00u0Q69BY0t7GLDqOiHIVXV0W345NKBKQmPOelDYp%2BqAjcJLHLFlG2Xmc0%2B%2BXh%2FkImoNOqPrLftxvpYLVjUXL4rIleaTKBTJ6e%2Bw%2B%2FyT8V4ZpJPZeCb%2FPIYJblOR3K9T4eDOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 88df6bfd1fde633d-LHR
expires: Tue, 04 Jun 2024 11:42:47 GMT

GET
H3 200 favicon.ico
ad.doubleclick.net/ 1 KB
130 B 172ms
40ms Image
image/x-icon 172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 10:22:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4846
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 04 Jun 2024 10:22:01 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
345 B 158ms
42ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.4930875347248165
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2264077
x-guploader-uploadid: ADPycdsRF6_T2RhBWiSSA7GUKtTqtprOqmok-6_CTqFJbtylEm1K8NvN3me9Y8CBqM-JQWmLy7SrCWtvnpKuj5DofCDx
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2OEdyrTYYr%2F6492fa5t0IjHRGo7IOsK8%2FpIXYE7TBUdyYvZixuv50J7QUeOnlL3mafGRCUAkIe68aUO1thPNzSXdRb7VKb0y1fMYS4%2BeEoDb%2BGGOdjB0SmyJSGM9Vhe%2F2IGWCFdFD%2B%2BdfA0OHw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 88df6bfd1fdf633d-LHR
expires: Tue, 04 Jun 2024 11:42:47 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 387 B
935 B 226ms
61ms XHR
application/json 63.32.235.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&d_nsid=0&ts=1717414967742

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.32.235.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-235-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

764a854687f364d9209fee39c7cdc142f7c160462a4e697d5261ca6f50437c29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v061-00df4207c.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: M8BXrtzWTCo=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 325
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 35 KB
13 KB 41ms
40ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:24 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:17 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"964f8cb588092ac645368e7307eb73ac"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: OvfpLQpugKOb6FQO-czURAnE2N_3X3SkdDJMmxbT_sQJFMmIAWPbAw==

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ 3 KB
2 KB 59ms
59ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:24 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:17 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"9cf185793291692f744c78c75da01dd8"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: vUXNxBTcMFz-vFPbQeUUKPuU5xbu73qV_g6tahjeBd1XejmsMJt70Q==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 198ms
52ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 03 Jun 2024 11:41:03 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 104
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 03 Jun 2024 13:41:03 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 202 KB
71 KB 65ms
63ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f7f7217e607d2991b2e5988302754355c34679675b113e5e451c9f81a4328b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72532
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 269 KB
77 KB 90ms
89ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

818d2cdb8b993b3c8b4c34e7ea6151c3f4efe4281eee57caeb3f5e9d452ce12a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78877
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 RCe31d958a84ec4c04b367b2d100ad60ea-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 440 B
814 B 40ms
40ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RCe31d958a84ec4c04b367b2d100ad60ea-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d28bf550977b2be0583913e8aa97cd4315502804ceda5f29943bca8dd77b5813

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:24 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 444
etag: "8f64c890f06c05eab46d0a4c7a80d8ce"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 440
x-amz-cf-id: x2G2epjUiV6a8saQHFCny8wQfwSYuBPZHCYJhZXWlVj2y8dHZ2c2GQ==

GET targeting
thestar.cloud.optable.co/prod-thestar-com/v2/ 0
0

OPTIONS
H2 403 targeting
thestar.cloud.optable.co/prod-thestar-com/v2/ Frame 0
0 111ms
110ms Preflight 34.149.155.241
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.155.241 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 241.155.149.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://138.68.148.191.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 03 Jun 2024 11:42:47 GMT
via: 1.1 google

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@4.0.1/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@4.0.1/dist/web-vitals.iife.js

7 KB
3 KB

44ms
44ms

Script
application/javascript

2606:4700::6811:f8cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@4.0.1/dist/web-vitals.iife.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Server

2606:4700::6811:f8cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca9f20823ffa1266144cc2c6af10f9fe097305ace8fb845dd48ee045e81b235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1066057
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HYF5VZX5E5QFKWV8N909XMER-lhr
server: cloudflare
etag: "1be8-Asejo4oSGPcpOI3xecqzNKSnPdQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88df6bfe7998240d-LHR

Redirect headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
fly-request-id: 01HZEYCY8MH3JNDC1VY1KZWX6T-lhr
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 146
server: cloudflare
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@4.0.1/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 88df6bfe08ed240d-LHR

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 298 KB
101 KB 74ms
73ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WRSZQF8&gtm_auth=74eL4wQLYRNQ18AwQITlNA&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18206ef2760ea0f8bdf4664498fa15c851d79cd3121e2583dc165b3d2f50fb6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103024
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 03 Jun 2024 11:42:47 GMT

GET
H2 200 5028 Show response
config.aps.amazon-adsystem.com/configs/ 531 B
807 B 224ms
70ms Script
application/javascript 18.245.31.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/5028
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.31.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-31-65.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 4e2204e68760e4f840d4bd42290c5390615e4d7f600923155937e3389579e2bc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:17:51 GMT
via: 1.1 7b85fc567b776c0d31c5ac07cc6c2ae6.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P8
age: 1497
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 531
x-amz-cf-id: 8hv1-6OosBgbIN7fYUFdwaplx9Vet1veCkTyK5wURGImA_LbIJ8yIA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 599 B
954 B 144ms
143ms XHR
application/json 13.224.186.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=5028&u=https%3A%2F%2F138.68.148.191.sslip.io
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.186.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-186-120.fra2.r.cloudfront.net
Software: Server /
Resource Hash: c7e791cd90e0a1f79ac0639e79e74527567696f3d5420566415c7234123f432e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 599
x-amz-cf-id: QoT9ZMS-rbOMEX2KpT_x4KjYhAYKRqVWGOc5azHCXrX2da1O_1ej7w==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 600ms
453ms XHR
application/javascript 13.224.186.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.186.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-186-120.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:49 GMT
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
content-encoding: gzip
via: 1.1 ba5b5e2e7fd98c4a472633bc4c1d4480.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: CFO6KUVjdPfpvIlihxiGyxSeUDqk5L7AchIMueeufR2DYMVZRDYCgA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
362 B 336ms
158ms XHR
text/javascript 13.35.57.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=5028&u=https%3A%2F%2F138.68.148.191.sslip.io%2F&pid=QHbNQyAbgMLbS&cb=0&ws=1600x1200&v=24.521.1732&t=2000&slots=%5B%7B%22sd%22%3A%22ad-2827824%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%2C%7B%22sd%22%3A%22ad-2827002%22%2C%22s%22%3A%5B%222x1%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%2C%7B%22sd%22%3A%22ad-2827005%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D&_c=1
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.57.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-57-188.fra60.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 fe1df26b55e8c12763613686df86f7f2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA60-P10
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://138.68.148.191.sslip.io
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: B0UFpWxI0JNFkIowoFrsPlnXzJh-k32fn0Xq64ZL0LJSvf4ar_epug==

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 151 KB
21 KB 537ms
418ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 64f63916d74c00afe65ac75cb34a1b33c06f250ae80ad4421a06cbe080c9e5ec

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 156 KB
23 KB 513ms
394ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: e32bc13b3e4f0568bb50f59accaa28371bba1f54950e84169b1d571557bab84b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 152 KB
20 KB 536ms
406ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 3b7bd0afb2293dbcb1936e97acc34ff39d71db9a31d78c8bbc978ffffa787ed3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 151 KB
19 KB 521ms
402ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 1b30f0c3cb662b52368a53ba31765952f5a9aec3613d4cd57b8d0da0cf3842d3

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 155 KB
22 KB 487ms
369ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 5a849a0a4ae8f60164ab3a78e78653e81ae224260694c24f71c3d343c6f716d4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 160 KB
22 KB 484ms
366ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=477059
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6e704905975bd4cf9eab9d4806ad73ee37adf9421addd108436b3094bde58617

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H2 200 RCed27a3f57323436b92eb7cf880ba0e4c-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 1 KB
1000 B 43ms
42ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RCed27a3f57323436b92eb7cf880ba0e4c-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: af8919069a891771e1fef808d691297be73a1b317a10faf96a13af84fda31f7d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:16 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"d23534a66cfeafbbaf60f4f7b31ddfef"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: e3ZEn8to1jKyfiIVIEhYVcclYCvrtrMwYbOOK9z5NcYdIp_WcI4exw==

GET
H2 200 RC8f19e36a01cd415e8a2a45e5ee3bdba5-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 1 KB
947 B 43ms
42ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC8f19e36a01cd415e8a2a45e5ee3bdba5-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f2ba4f1a2e7247d4598ee816ac1a53bca03cc6fcc6636bd15087264e6d2cc791

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:16 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"8f706347a8bc9b2d127f62bcb2fe9d38"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: v2S4vxM3nOGDHP9V7Y8qxCipGHmeYFr9n9OtUXPRab0QAIWs7xrvKw==

GET
H2 200 RC515a7a54232349c99209125c12aeac5e-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 1002 B
961 B 43ms
43ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC515a7a54232349c99209125c12aeac5e-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1b4ebbebbc583a15a08b12ba968bf1d03475a39c28940dee975a74a0381d08fe

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"b3de18ca2a864ed4f406d55a87f49ebd"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: PqF4ObMzjf9R5VvaKOGeelrXO7huCuFldkPCL6shFwwMYYY3leMZ2A==

GET
H2 200 RC657e982761c0467a8a0e37fab3a342c7-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 962 B
1 KB 60ms
60ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC657e982761c0467a8a0e37fab3a342c7-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6f9756179380c58899c845278f361af931be8948bc635d9f1f0c34ed372ec08

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 444
etag: "d646fb1f65c02b82a6925c27190de714"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 962
x-amz-cf-id: DyA2T_3KUyZe--xpkputpnlJ_ogARXNVjIE0fr6R7Ehv_n_I4IWNVg==

GET
H2 200 RC8756835d526e4509a8103b4d82187540-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 1 KB
911 B 60ms
60ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC8756835d526e4509a8103b4d82187540-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a3c3bd9d9469e98ac15f87f84eace7c24303948673b40972f81774367fad089e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:16 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"8223839858176ce839cfce0a7c4e64c9"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: oLv63DgV4GaFxOCtnLCjhw6ZEdwL3ENv0WkYMAqP8pDeIK-ntABnKQ==

GET
H2 200 RC574e2adefc094be2ad693972d68d4edb-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 965 B
1 KB 60ms
60ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC574e2adefc094be2ad693972d68d4edb-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5006a5f4ebf15da960606619f8ca082bacab49aee12d1eba501730ce4c32c599

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 444
etag: "58b0405bef3f7445ccc0edc907f2956c"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 965
x-amz-cf-id: G_7WRWIfnZjBQ1VLHBoLsxSdPbxpOsJ95Ur0R4-lysdeXKe6dXtbng==

GET
H2 200 RC4f42903c8a204c008a9b48e05e831a5f-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 953 B
1 KB 61ms
61ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC4f42903c8a204c008a9b48e05e831a5f-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 711e0b710928008e30a1d944e63108e5441e709c9442af6e1a50045a59c1b9e2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 444
etag: "6b233b51eaa33a7d8309f6e1646e36f1"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 953
x-amz-cf-id: pB8I1lxfavjnf7Yo0VkqHwRqauaG34u0ySwSND5_vj4pCmLwHKBzzQ==

GET
H2 200 RC784d83fde90043148b6585239c3c84a8-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 4 KB
1 KB 59ms
59ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC784d83fde90043148b6585239c3c84a8-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a443c04c6041b16f5fb8c37f47691453a55466407834c790be99606ff281aad1

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:16 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"77cc55a3ac830fa6907587ff44624740"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 444
x-amz-cf-id: 3YPvka3domGK3fBop5mG7LpZeAqR4eg1AkpjriLt3Ip-q0vdLXPHVw==

GET
H2 200 dest5.html
torontostarnewspaperslimited.demdex.net/ Frame 2E59 0
0 198ms
47ms Document
text/html 52.19.228.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.19.228.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-228-126.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 03 Jun 2024 11:42:48 GMT
dcs: dcs-prod-irl1-2-v061-0b218a75e.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 9 May 2024 12:26:43 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: WdRIclRrQsQ=

GET
H2 200 id Show response
s.thestar.com/ 48 B
464 B 265ms
113ms XHR
application/x-javascript 63.140.62.17
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.thestar.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&mid=84868314243114659931804475849565988077&ts=1717414968025

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

ad4c15f9db190ab5354af8cbc0cfa69f1ade43738e36b2de8a7a4071b1a1764a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://138.68.148.191.sslip.io
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H2

200

ibs:dpid=411&dpuuid=Zl2sOAAAAGlF9AN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=84876815189884441631803634826874961639
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl2sOAAAAGlF9AN-

42 B
717 B

43ms
43ms

Image
image/gif

63.32.235.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl2sOAAAAGlF9AN-

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Server

63.32.235.18 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-235-18.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v061-0b1e3d3ac.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: z6laq36rTlU=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zl2sOAAAAGlF9AN-
Date: Mon, 03 Jun 2024 11:42:48 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 6659fcd670c51.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/f/5e/f5e25d94-1f6b-11ef-9305-676b4d121dfa/ 2 KB
3 KB 38ms
37ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/f/5e/f5e25d94-1f6b-11ef-9305-676b4d121dfa/6659fcd670c51.image.jpg?resize=150%2C100

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db268188af417f5bc2e8ff4a1d4e13b09a78440de98473b194848fd968901043

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 6386
cf-polished: qual=85, origFmt=jpeg, origSize=6298
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="6659fcd670c51.webp"
content-length: 2482
cf-bgj: imgq:85,h2pri
last-modified: Fri, 31 May 2024 16:37:42 GMT
server: cloudflare
x-vcache: MISS
etag: "8dade1225f839e5a65f82bd1e3de3cad"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6bfe6fec954a-LHR
expires: Tue, 03 Jun 2025 02:02:45 GMT

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 103 KB
28 KB 221ms
61ms Script
text/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7c58d825e642307da8aad2562a7a39a8103fa06f97141c6f1b5b57154b128949

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Y_TBOidUsNhh8GPIkoFTWhrjyJzqHpod
content-encoding: br
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
date: Mon, 03 Jun 2024 11:41:44 GMT
x-amz-cf-pop: FRA6-C1
age: 65
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 31 May 2024 21:16:49 GMT
server: AmazonS3
etag: W/"db16dc6c043a013a784479e047f05f1b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: warj91DmQCenKooz_yHbwGd5nOok_voplYkgEF9ZNOHN2jIYQF4Xuw==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 287 KB
97 KB 69ms
68ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6978d0cdbc807840e1fc616ceace05d68334ce61ebcaefc5cf9acf73fd18600f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99574
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 03 Jun 2024 11:42:48 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 222ms
62ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6FZFMVVWVN&gtm=45je45t0v873043922z89101115636za200zb9101115636&_p=1717414967357&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=2130055902.1717414968&ul=en-gb&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1717414968&sct=1&seg=0&dl=https%3A%2F%2F138.68.148.191.sslip.io%2F&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&en=page_view&_fv=1&_nsi=1&_ss=1&ep.Page_Type=home&ep.Site_Type=core%20site&ep.Breakpoint=desktop&ep.Orientation=landscape&ep.Logged_In_Status=&ep.Asset_Alias=&ep.Source=web&ep.Primary_Category=home&ep.Author=&ep.Published_Date=&ep.User_Agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36&ep.Owner=&ep.Primary_Publication=&ep.Asset_Id=&up.Torstar_User_ID=&up.Entitlement_Status=&tfd=2359
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
250 B 186ms
52ms Ping
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6FZFMVVWVN&cid=2130055902.1717414968&gtm=45je45t0v873043922z89101115636za200zb9101115636&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 206ms
63ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6FZFMVVWVN&cid=2130055902.1717414968&gtm=45je45t0v873043922z89101115636za200zb9101115636&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=1325490887

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 3 B
373 B 241ms
70ms XHR
application/json 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://138.68.148.191.sslip.io
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 ingest
i.viafoura.co/v3/138.68.148.191.sslip.io/ 67 B
200 B 426ms
131ms Image
image/png 3.224.50.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.viafoura.co/v3/138.68.148.191.sslip.io/ingest?t=%7B%22view%22%3A%7B%22domain%22%3A%22138.68.148.191.sslip.io%22%2C%22pageViews%22%3A1%2C%22outgoing%22%3A10%2C%22sessionStart%22%3A1717414968%2C%22isRecirculation%22%3Afalse%2C%22uniqueId%22%3A%22caf6e750-6d40-4456-b1c1-803dad2909ad%22%2C%22firstVisit%22%3A1717414968%2C%22previousVisit%22%3A1717414968%2C%22currentVisit%22%3A1717414968%2C%22visitCount%22%3A1%2C%22referrerStart%22%3A1717414968%2C%22refVisitCount%22%3A1%2C%22ref%22%3A%7B%22medium%22%3A%22direct%22%2C%22source%22%3A%22%22%2C%22sharer_uuid%22%3A%22%22%2C%22terms%22%3A%22%22%7D%7D%2C%22meta%22%3A%7B%22domain%22%3A%22138.68.148.191.sslip.io%22%2C%22pageImage%22%3A%22https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fthestar.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Ff84403b8-7d76-11ee-9d02-a72a4951957f.png%3Fresize%3D600%252C600%22%2C%22ref%22%3A%7B%7D%2C%22vf%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.thestar.com%2F%22%2C%22path%22%3A%22%2F%22%2C%22title%22%3A%22Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star%22%2C%22page_type%22%3A%22section%22%2C%22page_description%22%3A%22thestar.com%20is%20Canada%E2%80%99s%20largest%20online%20news%20site.%20Live%20news%2C%20investigations%2C%20politics%2C%20sports%20and%20the%20heartbeat%20of%20Toronto%2C%20Canada%27s%20largest%20city.%22%2C%22topics%22%3A%5B%22toronto%20star%22%5D%2C%22amp%22%3Afalse%2C%22thirdparty_enabled%22%3Afalse%2C%22container_id%22%3A%22%22%7D%2C%22ua%22%3A%7B%22nl%22%3A%22en-GB%22%2C%22nu%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F125.0.0.0%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%2C%22sd%22%3A24%2C%22vp%22%3A%221600x1200%22%2C%22dt%22%3A%22Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star%22%2C%22de%22%3A%22UTF-8%22%2C%22dl%22%3A%22en%22%7D%2C%22rq%22%3A%22c940e5f1-efd4-4210-8167-7f75ff339c2b%22%2C%22w%22%3A%5B%5D%2C%22event_type%22%3A%22analytics.view_lite%22%7D
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.224.50.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-224-50-112.compute-1.amazonaws.com
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-type: image/png
date: Mon, 03 Jun 2024 11:42:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 67
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 69ms
69ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14fb80295b6ccc50cd5fcb2e6add7a8e69d442f760b20dd010962960ba70aece

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86048
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:48 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 71ms
71ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b1262596e44018dc1685c16934c14e75b94f7c91f7445132311be0d255387467

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86054
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:48 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
73 KB 87ms
87ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2c6d2dbbe8524d6e1da776ce5a628742fb5b2d3847883d938d9b89d6f5bf08e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74945
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:48 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
73 KB 88ms
88ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93c978c0e4d6597dc192f43e889796eb6eb0cbb8dbec8419e22ebd71a78be2c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74923
x-xss-protection: 0
last-modified: Mon, 03 Jun 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 03 Jun 2024 11:42:48 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 192ms
49ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220023-FRA

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 139ms
28ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 22 May 2024 17:01:28 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "16b7761205515ddc0668c12c434e8f00"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12104

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 47 KB
17 KB 219ms
57ms Script
application/javascript 2a02:26f0:3100::1735:2a3b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:2a3b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 06 May 2024 17:20:18 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=80777
accept-ranges: bytes
content-length: 16683

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 213ms
53ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 03 Jun 2024 11:42:47 GMT
last-modified: Thu, 29 Feb 2024 19:58:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 663DABCCF70E45D2A32DCCA47AF80C7E Ref B: LTSEDGE0817 Ref C: 2024-06-03T11:42:48Z
etag: "01b4e9c496bda1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13261

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 5 KB
2 KB 239ms
57ms Script
application/javascript 2a04:4e42:8e::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
x-cdn: fastly
etag: "c292daff66d2a9db8fb67b7807bf3c7b"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
alt-svc: h3=":443";ma=600
content-length: 1881

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 930 B
1 KB 250ms
57ms Script
application/javascript 3.161.75.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.75.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-75-65.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 03 Jun 2024 02:51:04 GMT
Via: 1.1 18a0c3f5e09e58d51d2e5d6f596d202e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P10
Age: 31904
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 930
Pragma: public
Last-Modified: Wed, 06 May 2020 20:19:48 GMT
Server: nginx
ETag: "5eb31be4-3a2"
Content-Type: application/javascript
Cache-Control: max-age=86400, public
Accept-Ranges: bytes
X-Amz-Cf-Id: h3IPO8aSaYcoaz1OBzoAlHuJ_1WQ9cSNzQKcw-GnUdrV2rMbOeSm-Q==
Expires: Tue, 04 Jun 2024 02:51:04 GMT

GET
H2 200 RC5ac9a1d70048415e9d593b52d8006a28-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 756 B
1 KB 40ms
40ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC5ac9a1d70048415e9d593b52d8006a28-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d19e397a972031773c835af153dfaaae6708a2a05d5b018ca905398a3e24c7f6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:25 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 443
etag: "feb00d65d5101130217e2fe7fc356670"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 756
x-amz-cf-id: rVDWP5T8lSQgC2ajHX4vQPnsEoMyNEKQ5OuA-dEH16Lc02s0bue59A==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 38ms
35ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4T2EB147B8&gtm=45je45t0v887101457z8861227858za200zb873043922&_p=1717414967357&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=2130055902.1717414968&ul=en-gb&sr=1600x1200&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&dl=https%3A%2F%2F138.68.148.191.sslip.io%2F&sid=1717414968&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.canonical_url=https%3A%2F%2Fwww.thestar.com%2F&epn.townnews_crm_group_id=848&ep.generator=BLOX&ep.generator_version=1.77.2&tfd=2486
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 34ms
31ms Ping
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4T2EB147B8&cid=2130055902.1717414968&gtm=45je45t0v887101457z8861227858za200zb873043922&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 77ms
77ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4T2EB147B8&cid=2130055902.1717414968&gtm=45je45t0v887101457z8861227858za200zb873043922&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&z=742056268

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC4f9c62d000e34caa80fd79bd1869ad3e-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 14 KB
3 KB 45ms
40ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RC4f9c62d000e34caa80fd79bd1869ad3e-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3577b4b88a881592ac527d73680b806b5e58abc7cd5b5416cf3a34695926c015

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:26 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Mon, 03 Jun 2024 11:33:15 GMT
server: AmazonS3
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
etag: W/"14d0ad181fc44b6d594d4e62c2996731"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 443
x-amz-cf-id: Giz4Smc0vFrRpYfuomBJkGt1rgTFnoc5MQRuxdbiPI7eeOxl8ePHdg==

GET
H2 200 RCfdefc67c0ed94b76af30fac1dfc1ce8b-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/ 621 B
995 B 45ms
41ms Script
text/javascript 3.161.82.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/d0e3585098ed/RCfdefc67c0ed94b76af30fac1dfc1ce8b-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.82.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-82-46.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f5aa94a7becd0d69123d55072d709bc6fa79b8f44ed4723f1e1eaff535f6a8d2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:35:26 GMT
x-amz-version-id: null
via: 1.1 2a1069adbc6a1208306ee3de10fe9952.cloudfront.net (CloudFront)
last-modified: Mon, 03 Jun 2024 11:33:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P10
age: 443
etag: "5ef8cc4677066f9037a4dcf15a47bb79"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 621
x-amz-cf-id: IpQ93JS5nCnztnMNnw0ujSysBk0gepld84wvKlqqt7I-zD_LVCRwtw==

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/ 3 KB
1 KB 278ms
50ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/?random=1717414968296&cv=11&fst=1717414968296&bg=ffffff&guid=ON&async=1&gtm=45be45t0v867836103za200zb72758733&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&hn=www.googleadservices.com&frm=0&tiba=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&npa=0&pscdl=noapi&auid=550265181.1717414968&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-698108511

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9747658e47aee56d403f2a54b6a725bd3cb59dd44185661463dc00c7dde3e330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1461
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ 1 KB
279 B 380ms
197ms Fetch
text/plain 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=484750683087711&correlator=3709239572966208&eid=31083339%2C31084074%2C31079525%2C31078668&output=ldjh&gdfp_req=1&vrg=202405230101&ptt=17&impl=fifs&ltd_cs=1&iu_parts=58580620%2Cthestar.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%2C2x1%2C300x600%7C300x250&ifi=1&sfv=1-0-40&eri=1&sc=1&arp=1&abxe=1&dt=1717414968341&lmt=1717414842&adxs=436%2C799%2C1055&adys=21%2C145%2C1020&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyJXaW4zMiIsIjEwLjAuMCIsIng4NiIsIiIsIjEyNS4wLjY0MjIuMTEyIixudWxsLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMjUuMC42NDIyLjExMiJdLFsiQ2hyb21pdW0iLCIxMjUuMC42NDIyLjExMiJdLFsiTm90LkEvQnJhbmQiLCIyNC4wLjAuMCJdXSwwXQ..&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&vis=1&psz=728x-1%7C1600x-1%7C300x600&msz=728x-1%7C1600x-1%7C300x600&fws=516%2C516%2C4&ohw=1600%2C1600%2C1600&nt=1&psd=WzIsbnVsbCxudWxsLDNd&dlt=1717414966769&idt=1169&prev_scp=pos%3D1%26amznbid%3D2%26amznp%3D2%7Cpos%3Dimpact-top%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26amznbid%3D2%26amznp%3D2&cust_params=browser%3DChrome%26k%3Dtoronto%2520star%26page%3Dhomepage%252Capp-editorial%26environment%3Dprod%26cutpoint%3Dlarge%26amznbid%3D0%26amznp%3D0%26gs_channels%3Dpr_ts_pl_nws_lctns_cnd_ntnl%252Cpr_personal_injury%252Cts_pl_nws_lctns_cnd_ntnl%252Cgb_safe%252Cgs_news_and_weather%252Cgs_news%252Cgs_busfin%252Cgs_health%252Cgs_home%252Cgv_death_injury%252Cts_pl_nws_lctns_cnd_prvncl%252Cgs_auto%252Cgt_negative%252Cgs_politics%252Cgs_home_property%252Cgs_sport%252Cgv_crime%252Cts_bz_ndstry_gnrl%252Cgs_busfin_business%252Cts_sprts_tlvsd_gnrl%252Cts_sprts_tlvsd_smmr_lympcs%252Cgs_busfin_indus%252Cgs_politics_issues_policy%252Cgs_politics_misc%252Cts_pl_vt_prpnsty_cnd_lbrl&adks=4245816087%2C3334131667%2C3682374077&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cea576f3ddb21972a5e1d788b5224ba6769d85143ef644fe04d6245e1053e4e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 250
x-xss-protection: 0
google-lineitem-id: -2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 150B 0
0 3263ms
62ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jun 2024 11:42:51 GMT
expires: Mon, 03 Jun 2024 11:42:51 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
213 B 55ms
49ms XHR
text/plain 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=296197299&t=pageview&_s=1&dl=https%3A%2F%2F138.68.148.191.sslip.io%2F&dp=%2F&ul=en-gb&de=UTF-8&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgUABAAQCACAAI~&jid=426040498&gjid=348702285&cid=2130055902.1717414968&tid=UA-54716522-7&_gid=1461145722.1717414968&_slc=1&gtm=45He45t0n71PDQV3Nv72758733za200&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=200&cd9=No&cd10=No&cd12=No&cd13=https%3A%2F%2Fwww.thestar.com%2F&cd15=3.155.0&cd16=No&cd17=Page%20View&cm1=851&gcd=13l3l3l3l1&dma=0&z=1659256293

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 45ms
40ms XHR
text/plain 2a00:1450:400c:c07::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-54716522-7&cid=2130055902.1717414968&jid=426040498&gjid=348702285&_gid=1461145722.1717414968&_u=YCDAgUABAAQCAGAAI~&z=1370118583

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 03 Jun 2024 11:42:48 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://138.68.148.191.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 10 KB
2 KB 414ms
57ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf7757eb072d08d857634fe0a4997f9efe4d0c20b614f72858a0d61fe090743c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: OMBMX.CTyyxMTiHSNr3DUMVjRYfhTR4L
content-encoding: gzip
via: 1.1 49140b838a62cd29e30f20e39a82dad0.cloudfront.net (CloudFront)
date: Mon, 03 Jun 2024 10:17:22 GMT
x-amz-cf-pop: FRA6-C1
age: 5127
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 14 May 2024 16:41:32 GMT
server: AmazonS3
etag: W/"0074e8875be5983630541f9e8c04547d"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: svOBcKF49djEaBcvClHLJF3aYr_Hm3WXGjz84P8z9km8Y5Md-SCnAA==

GET
H2

200

activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0...
10230056.fls.doubleclick.net/ Frame 6BA4
Redirect Chain

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B12...
https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;u...

0
0

94ms
93ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10230056&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 378
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jun 2024 11:42:48 GMT
expires: Mon, 03 Jun 2024 11:42:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 03 Jun 2024 11:42:48 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2Gjqmtv4YDFSfJOwIdq6kB-g;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;register_conversion=1;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CC...
ad.doubleclick.net/ 0
23 B 80ms
80ms Image
image/png 172.217.18.6
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;register_conversion=1;src=10230056;type=ret01;cat=land01;ord=7996588455083;npa=0;auiddc=550265181.1717414968;ps=1;pcor=596305514;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0za200zb72758733;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2F138.68.148.191.sslip.io%2F?

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"9976363967821675541"}],"aggregatable_trigger_data":[{"filters":[{"14":["10135065"]}],"key_piece":"0xa5c4191534ebf123","source_keys":["12","13","14","15","16","17","18","19","20","21","628802320","628802321","628802322","628802323","634938292","634938293","634938294","634938295"]},{"key_piece":"0x597b73aa993df8f1","not_filters":{"14":["10135065"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628802320","628802321","628802322","628802323","634938292","634938293","634938294","634938295"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628802320":38,"628802321":38,"628802322":38,"628802323":3739,"634938292":46,"634938293":46,"634938294":46,"634938295":4540},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"7435933709796124308","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"source_type":["event"]},{"14":["10135065"],"24":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"23":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"25":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"26":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"27":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"28":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"9976363967821675541","filters":[{"14":["10135065"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"9976363967821675541","filters":[{"source_type":["event"]},{"23":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"9976363967821675541","filters":[{"24":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"9976363967821675541","filters":[{"25":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"9976363967821675541","filters":[{"26":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"9976363967821675541","filters":[{"27":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"9976363967821675541","filters":[{"28":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"9976363967821675541","filters":[{"29":["10135065"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"9976363967821675541","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["10230056"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_kcsr8bo/ 3 B
124 B 184ms
51ms XHR
application/json 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_kcsr8bo/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_kcsr8bo_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 159ms
52ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_kcsr8bo_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 98

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 165ms
51ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1717414968470&id=t2_kcsr8bo&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=f855d139-ab61-43e1-b815-821750926a7f&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_8d515a58&dpm=&dpcc=&dprc=
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 218ms
58ms Script
text/javascript 18.244.18.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-27.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 04:32:19 GMT
content-encoding: gzip
via: 1.1 553c17cdbfc8c5ba81390077b0e5d2d4.cloudfront.net (CloudFront)
last-modified: Fri, 03 May 2024 13:20:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P11
age: 25830
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=86400
x-amz-cf-id: XElsD8wdtM31M74wR2qpqtq8CVnIPat_fmwZhqabg8iKyoH-OwpT3A==

GET
H2 200 s96480779813045
s.thestar.com/b/ss/torontodnnlocal/1/JS-2.26.0-LDQM/ 43 B
201 B 37ms
37ms Image
image/gif 63.140.62.17
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.thestar.com/b/ss/torontodnnlocal/1/JS-2.26.0-LDQM/s96480779813045?AQB=1&ndh=1&pf=1&t=3%2F5%2F2024%2012%3A42%3A48%201%20-60&mid=84868314243114659931804475849565988077&aamlh=6&ce=UTF-8&ns=torstardigital&cdp=2&fpCookieDomainPeriods=2&pageName=thestar%7Chome&g=https%3A%2F%2F138.68.148.191.sslip.io%2F&cc=CAD&ch=home&server=thestar.com&events=event72&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&h1=D%3D%2B%22thestar%7C%22%2Bh2&c2=home&h2=home&c4=D%3Dg&v4=D%3Dg&c9=breaking%20news%20-%20headlines%20%26%20top%20stories%20%7C%20the%20star&v15=landscape&v16=standard-web-experience&c18=no&c19=D%3Dserver&c24=desktop&c26=not-specified&v29=https%3A%2F%2Fwww.thestar.com%2F&c43=toronto&v49=D%3DpageName&c51=no-adblock-detected&c55=D%3Dmid&c56=no&c57=home&c70=D%3Dserver&v79=no&v80=no&v83=no&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&AQE=1

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 04 Jun 2024 11:42:48 GMT
server: jag
etag: 3688120560845848576-4618619008864724241
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Sun, 02 Jun 2024 11:42:48 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 287ms
144ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=0a6f08f1-ed47-4475-9f19-4b072a64cd1d&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9553271-5415-454c-844a-521f958af34c&tw_document_href=https%3A%2F%2F138.68.148.191.sslip.io%2F&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.30

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 113
date: Mon, 03 Jun 2024 11:42:47 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 333441d3b95dab93
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 022fc016c053b65d88a80ce425308bc34d4e618b566261d0d8b455fc83f7b4ac
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
727 B 331ms
208ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=0a6f08f1-ed47-4475-9f19-4b072a64cd1d&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d9553271-5415-454c-844a-521f958af34c&tw_document_href=https%3A%2F%2F138.68.148.191.sslip.io%2F&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.30

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-response-time: 179
date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 1b8db8dc87e739fd
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 5c734a5fabc2fb1688191bd6d54f2f8a87304a3e794667a48a9cbedc3c83e975
content-length: 43

GET
H2 204 13008914.js Show response
bat.bing.com/p/action/ 0
117 B 40ms
40ms Script
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/13008914.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 03 Jun 2024 11:42:48 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2F8FCADB8F744D35BBC01551F19CD90D Ref B: LTSEDGE0817 Ref C: 2024-06-03T11:42:48Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 97ms
96ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=13008914&Ver=2&mid=9a3cd95c-f91b-443b-ad93-2db5c9de36a2&sid=66cb1790219e11ef8ebd9570f2e44117&vid=66cb3b90219e11efb0c1f11b8f1c2c63&vids=1&msclkid=N&pi=918639831&lg=en-GB&sw=1600&sh=1200&sc=24&tl=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&kw=toronto%20star&p=https%3A%2F%2F138.68.148.191.sslip.io%2F&r=&lt=1789&evt=pageLoad&sv=1&rn=783015

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 03 Jun 2024 11:42:48 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BDB749CE0FCE46EF977E8FA5D8BA20CA Ref B: LTSEDGE0817 Ref C: 2024-06-03T11:42:48Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
816 B 253ms
132ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept: *
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:47 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6C125EFC12E54FB6916B7DE376FA603C Ref B: LON04EDGE0918 Ref C: 2024-06-03T11:42:48Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYZ+tUjutja7TqQnJ7z+Q==
x-fs-uuid: 000619fad523bad8daed3a909c9ef3f9

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1717414968494%26url%3Dhttps%253A%252F%252F138.68.148.191.sslip.i...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true&e_ipv6=AQKIGaobaLSmsQAAAY_d6L93AI53bYteYRAAx...

0
267 B

408ms
229ms

Image
application/javascript

13.107.43.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true&e_ipv6=AQKIGaobaLSmsQAAAY_d6L93AI53bYteYRAAx9bDe7HWjzlIB1H2Hg0cGfubsbzNGFBOBglv1g
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Server: 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9DCFE934C9E24F9691AB51ED3832A8D5 Ref B: VIEEDGE2521 Ref C: 2024-06-03T11:42:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZ+tUxvlS8zyDr+6s6Aw==

Redirect headers

date: Mon, 03 Jun 2024 11:42:48 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6F908F838C254389B0DFDF1ACB78CAE6 Ref B: LON04EDGE0721 Ref C: 2024-06-03T11:42:49Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1717414968494&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&cookiesTest=true&liSync=true&e_ipv6=AQKIGaobaLSmsQAAAY_d6L93AI53bYteYRAAx9bDe7HWjzlIB1H2Hg0cGfubsbzNGFBOBglv1g
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYZ+tUruDv2nv66ane0zg==

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 231ms
133ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2775&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=5&jsfv=nbc&ts=1717414968614&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=544&w=Recommended&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fopinion%2Fcontributors%2Fmy-parents-moved-to-canada-to-give-me-a-better-life-do-i-need-to%2Farticle_e57cd666-1dcf-11ef-a1ad-8f025ccad7b9.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fontario%2Fmcmaster-prof-fired-over-exploitative-sexual-relations-with-students-university%2Farticle_aefabc54-c7b7-534d-8548-ce1a40c092f7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fkate-middleton-might-not-appear-in-public-again-until-2025-heres-what-we-know%2Farticle_52e9b00e-1c2f-11ef-87bd-5725a9313c4f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pair-enjoyed-pricey-meals-and-bolted-when-it-was-time-to-pay-their-dine%2Farticle_98cbed8f-5765-542a-9611-75e863f2eebd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fpierre-poilievre-hints-hed-like-to-strip-canadians-of-some-rights-theres-something-to-think%2Farticle_c51ab03c-12d0-11ef-b329-43ddde563cce.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%5D&usedJS=31200649&totalJS=36828785&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 234ms
137ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2801&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=5&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=Recommended&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fopinion%2Fcontributors%2Fmy-parents-moved-to-canada-to-give-me-a-better-life-do-i-need-to%2Farticle_e57cd666-1dcf-11ef-a1ad-8f025ccad7b9.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fontario%2Fmcmaster-prof-fired-over-exploitative-sexual-relations-with-students-university%2Farticle_aefabc54-c7b7-534d-8548-ce1a40c092f7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fkate-middleton-might-not-appear-in-public-again-until-2025-heres-what-we-know%2Farticle_52e9b00e-1c2f-11ef-87bd-5725a9313c4f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pair-enjoyed-pricey-meals-and-bolted-when-it-was-time-to-pay-their-dine%2Farticle_98cbed8f-5765-542a-9611-75e863f2eebd.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fopinion%2Fcontributors%2Fmy-parents-moved-to-canada-to-give-me-a-better-life-do-i-need-to%2Farticle_e57cd666-1dcf-11ef-a1ad-8f025ccad7b9.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fontario%2Fmcmaster-prof-fired-over-exploitative-sexual-relations-with-students-university%2Farticle_aefabc54-c7b7-534d-8548-ce1a40c092f7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fkate-middleton-might-not-appear-in-public-again-until-2025-heres-what-we-know%2Farticle_52e9b00e-1c2f-11ef-87bd-5725a9313c4f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pair-enjoyed-pricey-meals-and-bolted-when-it-was-time-to-pay-their-dine%2Farticle_98cbed8f-5765-542a-9611-75e863f2eebd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fpierre-poilievre-hints-hed-like-to-strip-canadians-of-some-rights-theres-something-to-think%2Farticle_c51ab03c-12d0-11ef-b329-43ddde563cce.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 254ms
157ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2802&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=5&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=Recommended&source=LI&st=2801&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fopinion%2Fcontributors%2Fmy-parents-moved-to-canada-to-give-me-a-better-life-do-i-need-to%2Farticle_e57cd666-1dcf-11ef-a1ad-8f025ccad7b9.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fontario%2Fmcmaster-prof-fired-over-exploitative-sexual-relations-with-students-university%2Farticle_aefabc54-c7b7-534d-8548-ce1a40c092f7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fkate-middleton-might-not-appear-in-public-again-until-2025-heres-what-we-know%2Farticle_52e9b00e-1c2f-11ef-87bd-5725a9313c4f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pair-enjoyed-pricey-meals-and-bolted-when-it-was-time-to-pay-their-dine%2Farticle_98cbed8f-5765-542a-9611-75e863f2eebd.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 256ms
159ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2807&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=12&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=577&w=business&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcanadians-interest-in-buying-evs-fades-as-barriers-concerns-remain-j-d-power%2Farticle_689b8629-54df-5bd3-863d-91c5cf614e3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Floblaw-testing-out-small-format-no-frills-grocery-stores%2Farticle_6d58f9dd-e9d6-596b-a401-071dc8486c6d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcbc-launching-14-new-free-streaming-channels-for-local-news-across-canada%2Farticle_109d081c-628a-574e-974c-8b7243ff5f94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fbe-prepared-when-using-your-credit-card-while-travelling-to-ensure-trip-goes-smoothly%2Farticle_7c70bacc-0e76-53b9-9021-f2b2c346d059.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fnissan-canada-issues-do-not-drive-warning-for-48-000-vehicles-over-airbag-issue%2Farticle_8210551a-3239-578e-ba8a-99df452f15b7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fwho-really-calls-the-shots-at-canadian-tire-meet-martha-billes-the-companys-silent-controlling%2Farticle_d27a1bc0-17a6-11ef-8fc6-531b4cd98285.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fhigh-frequency-trains-bring-big-promises-to-riders-but-big-risks-for-via-rail%2Farticle_f9e5c11f-9ff2-5823-8a5b-d279454d46c2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fa-growing-number-of-small-businesses-owners-say-they-cant-fight-amazon-and-other-big%2Farticle_8dcf52dc-1310-11ef-ac4d-d3d80a0659f8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fliberal-mp-calls-out-pbo-for-error-in-carbon-price-analysis-asks-for-correction%2Farticle_1d6d72e9-114b-5897-b03c-45dab0580924.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fwestjet-planning-new-fare-category-for-travellers-willing-to-forgo-carry-on-bag%2Farticle_7a1c2414-f2da-52c0-8948-72eb8f9abb40.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fdeadline-to-register-for-22m-td-bank-class-action-settlement-is-monday-heres-how-much%2Farticle_b01f7f78-f296-11ee-9aed-abc63af5d9c4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fthe-real-reason-the-bank-of-canada-wants-to-hold-off-cutting-rates-as-long%2Farticle_132f30c2-f77e-11ee-8d45-8f9137905375.html%22%5D&usedJS=31200649&totalJS=36828785&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 356ms
260ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2812&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=12&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=business&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcanadians-interest-in-buying-evs-fades-as-barriers-concerns-remain-j-d-power%2Farticle_689b8629-54df-5bd3-863d-91c5cf614e3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Floblaw-testing-out-small-format-no-frills-grocery-stores%2Farticle_6d58f9dd-e9d6-596b-a401-071dc8486c6d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcbc-launching-14-new-free-streaming-channels-for-local-news-across-canada%2Farticle_109d081c-628a-574e-974c-8b7243ff5f94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fbe-prepared-when-using-your-credit-card-while-travelling-to-ensure-trip-goes-smoothly%2Farticle_7c70bacc-0e76-53b9-9021-f2b2c346d059.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fnissan-canada-issues-do-not-drive-warning-for-48-000-vehicles-over-airbag-issue%2Farticle_8210551a-3239-578e-ba8a-99df452f15b7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fwho-really-calls-the-shots-at-canadian-tire-meet-martha-billes-the-companys-silent-controlling%2Farticle_d27a1bc0-17a6-11ef-8fc6-531b4cd98285.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcanadians-interest-in-buying-evs-fades-as-barriers-concerns-remain-j-d-power%2Farticle_689b8629-54df-5bd3-863d-91c5cf614e3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Floblaw-testing-out-small-format-no-frills-grocery-stores%2Farticle_6d58f9dd-e9d6-596b-a401-071dc8486c6d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcbc-launching-14-new-free-streaming-channels-for-local-news-across-canada%2Farticle_109d081c-628a-574e-974c-8b7243ff5f94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fbe-prepared-when-using-your-credit-card-while-travelling-to-ensure-trip-goes-smoothly%2Farticle_7c70bacc-0e76-53b9-9021-f2b2c346d059.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fnissan-canada-issues-do-not-drive-warning-for-48-000-vehicles-over-airbag-issue%2Farticle_8210551a-3239-578e-ba8a-99df452f15b7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fwho-really-calls-the-shots-at-canadian-tire-meet-martha-billes-the-companys-silent-controlling%2Farticle_d27a1bc0-17a6-11ef-8fc6-531b4cd98285.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fhigh-frequency-trains-bring-big-promises-to-riders-but-big-risks-for-via-rail%2Farticle_f9e5c11f-9ff2-5823-8a5b-d279454d46c2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fa-growing-number-of-small-businesses-owners-say-they-cant-fight-amazon-and-other-big%2Farticle_8dcf52dc-1310-11ef-ac4d-d3d80a0659f8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fliberal-mp-calls-out-pbo-for-error-in-carbon-price-analysis-asks-for-correction%2Farticle_1d6d72e9-114b-5897-b03c-45dab0580924.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fwestjet-planning-new-fare-category-for-travellers-willing-to-forgo-carry-on-bag%2Farticle_7a1c2414-f2da-52c0-8948-72eb8f9abb40.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fdeadline-to-register-for-22m-td-bank-class-action-settlement-is-monday-heres-how-much%2Farticle_b01f7f78-f296-11ee-9aed-abc63af5d9c4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fthe-real-reason-the-bank-of-canada-wants-to-hold-off-cutting-rates-as-long%2Farticle_132f30c2-f77e-11ee-8d45-8f9137905375.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 342ms
246ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2812&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=12&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=business&source=LI&st=2812&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcanadians-interest-in-buying-evs-fades-as-barriers-concerns-remain-j-d-power%2Farticle_689b8629-54df-5bd3-863d-91c5cf614e3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Floblaw-testing-out-small-format-no-frills-grocery-stores%2Farticle_6d58f9dd-e9d6-596b-a401-071dc8486c6d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fcbc-launching-14-new-free-streaming-channels-for-local-news-across-canada%2Farticle_109d081c-628a-574e-974c-8b7243ff5f94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fbe-prepared-when-using-your-credit-card-while-travelling-to-ensure-trip-goes-smoothly%2Farticle_7c70bacc-0e76-53b9-9021-f2b2c346d059.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fnissan-canada-issues-do-not-drive-warning-for-48-000-vehicles-over-airbag-issue%2Farticle_8210551a-3239-578e-ba8a-99df452f15b7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fopinion%2Fwho-really-calls-the-shots-at-canadian-tire-meet-martha-billes-the-companys-silent-controlling%2Farticle_d27a1bc0-17a6-11ef-8fc6-531b4cd98285.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 355ms
259ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2815&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=15&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=586&w=canada&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fp-e-i-hunger-strikers-hopeful-after-small-meals-and-government-meeting%2Farticle_8c82de35-2ecf-5d2c-b9cf-a44acf398963.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Falberta%2Falberta-municipality-appeals-regulators-decision-to-accept-coal-exploration%2Farticle_87eb84f3-4c35-54fe-9be1-e07d313d1f57.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fex-husband-of-b-c-woman-tatjana-stefanski-is-charged-with-her-murder%2Farticle_92a89298-a53e-567a-8424-89e7694ac928.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnew-brunswick%2Fslide-shared-by-n-b-premier-gross-misrepresentation-of-sexual-health-presentation%2Farticle_e78ac85e-d41a-5b22-843f-7de8b0215ae6.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnorthern-lights-possible-over-canada-after-sunspot-behind-big-solar-storm-returns%2Farticle_2cfd4222-64b1-564a-9f05-69378e1da4aa.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Frobert-pickton-one-of-canadas-most-notorious-serial-killers-has-died%2Farticle_bf48a802-19f7-11ef-9454-4fb821271176.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fiio-investigating-mans-death-after-officer-shooting-in-mackenzie-b-c%2Farticle_4e1da8c0-46e7-5dc9-9a74-bae2d5d53fa4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fb-c-man-pleads-guilty-to-manslaughter-in-death-of-wife-naomi-onotera-in-2021%2Farticle_d2ccafd0-7c47-5634-8091-9efd2b020d29.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Fpolice-halt-pro-palestinian-encampment-at-quebecs-citys-universit-laval%2Farticle_0bc33fdc-441e-5ff0-9bf4-f1714381a27e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fwant-better-work-life-balance-these-ontario-cities-offer-the-best-livability-in-canada-new%2Farticle_faf97786-176e-11ef-b814-cf05ea3d2fc2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fits-astronomical-over-1-000-lyme-disease-spreading-ticks-reported-across-ontario-as-tick-borne%2Farticle_a3ffb89a-1cf1-11ef-9c3a-e3629c1cc0a4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Ffive-feet-nothing-picktons-safety-likely-behind-quebec-move-says-ex-prison-judge%2Farticle_379c46e7-73df-5efb-ba2e-9ea31d8a9349.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcabinet-minister-in-camouflage-with-gun-nearly-caused-security-alert-at-legislature%2Farticle_0f3063c8-73a5-5ac7-aa0b-3a8313566903.html%22%5D&usedJS=31200649&totalJS=36828785&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 341ms
246ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2822&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=15&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=canada&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fp-e-i-hunger-strikers-hopeful-after-small-meals-and-government-meeting%2Farticle_8c82de35-2ecf-5d2c-b9cf-a44acf398963.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Falberta%2Falberta-municipality-appeals-regulators-decision-to-accept-coal-exploration%2Farticle_87eb84f3-4c35-54fe-9be1-e07d313d1f57.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fex-husband-of-b-c-woman-tatjana-stefanski-is-charged-with-her-murder%2Farticle_92a89298-a53e-567a-8424-89e7694ac928.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnew-brunswick%2Fslide-shared-by-n-b-premier-gross-misrepresentation-of-sexual-health-presentation%2Farticle_e78ac85e-d41a-5b22-843f-7de8b0215ae6.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnorthern-lights-possible-over-canada-after-sunspot-behind-big-solar-storm-returns%2Farticle_2cfd4222-64b1-564a-9f05-69378e1da4aa.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Frobert-pickton-one-of-canadas-most-notorious-serial-killers-has-died%2Farticle_bf48a802-19f7-11ef-9454-4fb821271176.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fp-e-i-hunger-strikers-hopeful-after-small-meals-and-government-meeting%2Farticle_8c82de35-2ecf-5d2c-b9cf-a44acf398963.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Falberta%2Falberta-municipality-appeals-regulators-decision-to-accept-coal-exploration%2Farticle_87eb84f3-4c35-54fe-9be1-e07d313d1f57.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fex-husband-of-b-c-woman-tatjana-stefanski-is-charged-with-her-murder%2Farticle_92a89298-a53e-567a-8424-89e7694ac928.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnew-brunswick%2Fslide-shared-by-n-b-premier-gross-misrepresentation-of-sexual-health-presentation%2Farticle_e78ac85e-d41a-5b22-843f-7de8b0215ae6.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnorthern-lights-possible-over-canada-after-sunspot-behind-big-solar-storm-returns%2Farticle_2cfd4222-64b1-564a-9f05-69378e1da4aa.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Frobert-pickton-one-of-canadas-most-notorious-serial-killers-has-died%2Farticle_bf48a802-19f7-11ef-9454-4fb821271176.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fiio-investigating-mans-death-after-officer-shooting-in-mackenzie-b-c%2Farticle_4e1da8c0-46e7-5dc9-9a74-bae2d5d53fa4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fb-c-man-pleads-guilty-to-manslaughter-in-death-of-wife-naomi-onotera-in-2021%2Farticle_d2ccafd0-7c47-5634-8091-9efd2b020d29.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Fpolice-halt-pro-palestinian-encampment-at-quebecs-citys-universit-laval%2Farticle_0bc33fdc-441e-5ff0-9bf4-f1714381a27e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fwant-better-work-life-balance-these-ontario-cities-offer-the-best-livability-in-canada-new%2Farticle_faf97786-176e-11ef-b814-cf05ea3d2fc2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fits-astronomical-over-1-000-lyme-disease-spreading-ticks-reported-across-ontario-as-tick-borne%2Farticle_a3ffb89a-1cf1-11ef-9c3a-e3629c1cc0a4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Ffive-feet-nothing-picktons-safety-likely-behind-quebec-move-says-ex-prison-judge%2Farticle_379c46e7-73df-5efb-ba2e-9ea31d8a9349.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcabinet-minister-in-camouflage-with-gun-nearly-caused-security-alert-at-legislature%2Farticle_0f3063c8-73a5-5ac7-aa0b-3a8313566903.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 355ms
260ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2822&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=15&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=canada&source=LI&st=2822&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fquebec%2Feight-people-including-four-children-injured-after-fiery-incident-near-montreal%2Farticle_f7536ce6-be74-5a11-b864-6dbd42e1ff5a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fp-e-i-hunger-strikers-hopeful-after-small-meals-and-government-meeting%2Farticle_8c82de35-2ecf-5d2c-b9cf-a44acf398963.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Falberta%2Falberta-municipality-appeals-regulators-decision-to-accept-coal-exploration%2Farticle_87eb84f3-4c35-54fe-9be1-e07d313d1f57.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fex-husband-of-b-c-woman-tatjana-stefanski-is-charged-with-her-murder%2Farticle_92a89298-a53e-567a-8424-89e7694ac928.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnew-brunswick%2Fslide-shared-by-n-b-premier-gross-misrepresentation-of-sexual-health-presentation%2Farticle_e78ac85e-d41a-5b22-843f-7de8b0215ae6.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fnorthern-lights-possible-over-canada-after-sunspot-behind-big-solar-storm-returns%2Farticle_2cfd4222-64b1-564a-9f05-69378e1da4aa.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Frobert-pickton-one-of-canadas-most-notorious-serial-killers-has-died%2Farticle_bf48a802-19f7-11ef-9454-4fb821271176.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 344ms
249ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2825&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=18&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=596&w=politics&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-unrepentant-after-furor-over-comments-suggesting-immigrants-were-behind-school-shooting-i-stick%2Farticle_69f80e0c-1f82-11ef-bd8c-47c214f48dc7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcan-trump-come-to-canada-now-that-hes-a-convicted-felon%2Farticle_3069da4d-0e59-50f1-8486-368872f727b3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fa-cbsa-strike-could-soon-snarl-border-traffic-here-s-what-you-need-to-know%2Farticle_69fedbde-9d50-5ab3-a4e7-4d28505589d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fpatrick-brown-still-carrying-significant-debt-from-failed-conservative-leadership-bid%2Farticle_a54f5f4a-1c63-11ef-87bf-17be262b92de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fontario-teachers-get-pay-raise-of-more-than-11-over-four-years%2Farticle_aa8a8de8-1deb-11ef-848b-b7453bf88d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fone-of-the-biggest-mistakes-of-his-political-career-new-book-details-what-happened-when%2Farticle_63f5d300-1789-11ef-a243-4b87b251a019.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Ffive-things-you-didnt-know-about-pierre-poilievre%2Farticle_9e621e3e-17ae-11ef-8cfd-07a0245b0f9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fshe-was-seen-as-a-rising-star-for-pierre-poilievres-conservatives-now-shes-dropped-out%2Farticle_6537edc8-0e3f-11ef-9c36-43731889860f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fconservative-leader-pierre-poilievres-housing-plan-defeated-in-house-of-commons%2Farticle_07756008-3cd9-57e8-9f43-0841b6af1fe8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-claims-his-225m-beer-store-deal-will-be-a-money-maker-heres-why%2Farticle_5c35f690-1dce-11ef-8503-471ad8006d00.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fstephen-maher-started-writing-his-book-with-a-cheerier-view-of-the-prime-minister-now%2Farticle_6c927956-1eae-11ef-9639-6f338280e2dd.html%22%5D&usedJS=32156827&totalJS=37743595&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 261ms
166ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2831&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=18&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=politics&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-unrepentant-after-furor-over-comments-suggesting-immigrants-were-behind-school-shooting-i-stick%2Farticle_69f80e0c-1f82-11ef-bd8c-47c214f48dc7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcan-trump-come-to-canada-now-that-hes-a-convicted-felon%2Farticle_3069da4d-0e59-50f1-8486-368872f727b3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fa-cbsa-strike-could-soon-snarl-border-traffic-here-s-what-you-need-to-know%2Farticle_69fedbde-9d50-5ab3-a4e7-4d28505589d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fpatrick-brown-still-carrying-significant-debt-from-failed-conservative-leadership-bid%2Farticle_a54f5f4a-1c63-11ef-87bf-17be262b92de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fontario-teachers-get-pay-raise-of-more-than-11-over-four-years%2Farticle_aa8a8de8-1deb-11ef-848b-b7453bf88d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-unrepentant-after-furor-over-comments-suggesting-immigrants-were-behind-school-shooting-i-stick%2Farticle_69f80e0c-1f82-11ef-bd8c-47c214f48dc7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcan-trump-come-to-canada-now-that-hes-a-convicted-felon%2Farticle_3069da4d-0e59-50f1-8486-368872f727b3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fa-cbsa-strike-could-soon-snarl-border-traffic-here-s-what-you-need-to-know%2Farticle_69fedbde-9d50-5ab3-a4e7-4d28505589d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fpatrick-brown-still-carrying-significant-debt-from-failed-conservative-leadership-bid%2Farticle_a54f5f4a-1c63-11ef-87bf-17be262b92de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fontario-teachers-get-pay-raise-of-more-than-11-over-four-years%2Farticle_aa8a8de8-1deb-11ef-848b-b7453bf88d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fone-of-the-biggest-mistakes-of-his-political-career-new-book-details-what-happened-when%2Farticle_63f5d300-1789-11ef-a243-4b87b251a019.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Ffive-things-you-didnt-know-about-pierre-poilievre%2Farticle_9e621e3e-17ae-11ef-8cfd-07a0245b0f9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fshe-was-seen-as-a-rising-star-for-pierre-poilievres-conservatives-now-shes-dropped-out%2Farticle_6537edc8-0e3f-11ef-9c36-43731889860f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fconservative-leader-pierre-poilievres-housing-plan-defeated-in-house-of-commons%2Farticle_07756008-3cd9-57e8-9f43-0841b6af1fe8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-claims-his-225m-beer-store-deal-will-be-a-money-maker-heres-why%2Farticle_5c35f690-1dce-11ef-8503-471ad8006d00.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fstephen-maher-started-writing-his-book-with-a-cheerier-view-of-the-prime-minister-now%2Farticle_6c927956-1eae-11ef-9639-6f338280e2dd.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 344ms
250ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2831&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=18&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=politics&source=LI&st=2831&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fdoug-ford-unrepentant-after-furor-over-comments-suggesting-immigrants-were-behind-school-shooting-i-stick%2Farticle_69f80e0c-1f82-11ef-bd8c-47c214f48dc7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcan-trump-come-to-canada-now-that-hes-a-convicted-felon%2Farticle_3069da4d-0e59-50f1-8486-368872f727b3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fa-cbsa-strike-could-soon-snarl-border-traffic-here-s-what-you-need-to-know%2Farticle_69fedbde-9d50-5ab3-a4e7-4d28505589d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fpatrick-brown-still-carrying-significant-debt-from-failed-conservative-leadership-bid%2Farticle_a54f5f4a-1c63-11ef-87bf-17be262b92de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fontario-teachers-get-pay-raise-of-more-than-11-over-four-years%2Farticle_aa8a8de8-1deb-11ef-848b-b7453bf88d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2F5-things-we-learned-from-a-new-book-about-justin-trudeau%2Farticle_25348084-1eb5-11ef-98e6-5fd45151f5c0.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 264ms
170ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2833&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=21&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=604&w=world&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fsouth-korea-plans-to-nullify-peace-deal-to-punish-north-korea-over-trash-carrying-balloon%2Farticle_16c30583-107a-5a1e-ad26-7a3076b01edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fblack-leaders-call-out-trumps-criminal-justice-contradictions-as-he-rails-against-guilty-verdict%2Farticle_3f9a3201-b2db-5b50-bdf3-0a8f814b92cb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmalaysian-climber-who-died-in-a-cave-near-the-top-of-north-americas-tallest-mountain%2Farticle_3eb46439-baf4-58ef-ae40-97197a50ef80.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-mans-body-recovered-from-waters-off-a-greek-beach-with-barbell-attached%2Farticle_1f691cc8-971e-52f0-95b5-3edda246f255.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fsoldiers-of-remembrance-retrace-the-d-day-path-in-france-but-how-long-will-the%2Farticle_10546344-1d9f-11ef-bc06-5352a69afaea.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhour-by-hour-a-brief-timeline-of-the-allies-june-6-1944-d-day-invasion%2Farticle_ff3fde54-9874-57e3-9cba-4e28cda8eedd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fchad-daybell-sentenced-to-death-for-killing-wife-and-girlfriend-s-two-children-in-jury%2Farticle_9d92ea55-3cf0-5d2a-a8c3-2967f99a0c8e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fformer-red-sox-pitcher-arrested-in-florida-in-an-underage-sex-sting-sheriff-says%2Farticle_15f05db2-0037-5947-9db2-5223b25d5ed5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fdonald-trump-s-attorney-was-shocked-the-former-president-took-the-verdict-with-solemnness%2Farticle_46719f5f-b021-5e26-b3c4-0fc56a24896b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Ftop-russian-military-officials-are-being-arrested-why-is-it-happening%2Farticle_527ef03a-c228-5af2-82d4-d709d5e9593b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fman-insults-judge-who-sentenced-him-to-12-years-in-prison-for-attacking-police-during%2Farticle_0ebc9a9a-726c-5ee5-876f-64282072d00f.html%22%5D&usedJS=32156827&totalJS=37743595&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 342ms
249ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2841&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=21&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=world&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fsouth-korea-plans-to-nullify-peace-deal-to-punish-north-korea-over-trash-carrying-balloon%2Farticle_16c30583-107a-5a1e-ad26-7a3076b01edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fblack-leaders-call-out-trumps-criminal-justice-contradictions-as-he-rails-against-guilty-verdict%2Farticle_3f9a3201-b2db-5b50-bdf3-0a8f814b92cb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmalaysian-climber-who-died-in-a-cave-near-the-top-of-north-americas-tallest-mountain%2Farticle_3eb46439-baf4-58ef-ae40-97197a50ef80.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fsouth-korea-plans-to-nullify-peace-deal-to-punish-north-korea-over-trash-carrying-balloon%2Farticle_16c30583-107a-5a1e-ad26-7a3076b01edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fblack-leaders-call-out-trumps-criminal-justice-contradictions-as-he-rails-against-guilty-verdict%2Farticle_3f9a3201-b2db-5b50-bdf3-0a8f814b92cb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmalaysian-climber-who-died-in-a-cave-near-the-top-of-north-americas-tallest-mountain%2Farticle_3eb46439-baf4-58ef-ae40-97197a50ef80.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-mans-body-recovered-from-waters-off-a-greek-beach-with-barbell-attached%2Farticle_1f691cc8-971e-52f0-95b5-3edda246f255.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fsoldiers-of-remembrance-retrace-the-d-day-path-in-france-but-how-long-will-the%2Farticle_10546344-1d9f-11ef-bc06-5352a69afaea.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhour-by-hour-a-brief-timeline-of-the-allies-june-6-1944-d-day-invasion%2Farticle_ff3fde54-9874-57e3-9cba-4e28cda8eedd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fchad-daybell-sentenced-to-death-for-killing-wife-and-girlfriend-s-two-children-in-jury%2Farticle_9d92ea55-3cf0-5d2a-a8c3-2967f99a0c8e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fformer-red-sox-pitcher-arrested-in-florida-in-an-underage-sex-sting-sheriff-says%2Farticle_15f05db2-0037-5947-9db2-5223b25d5ed5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fdonald-trump-s-attorney-was-shocked-the-former-president-took-the-verdict-with-solemnness%2Farticle_46719f5f-b021-5e26-b3c4-0fc56a24896b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Ftop-russian-military-officials-are-being-arrested-why-is-it-happening%2Farticle_527ef03a-c228-5af2-82d4-d709d5e9593b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fman-insults-judge-who-sentenced-him-to-12-years-in-prison-for-attacking-police-during%2Farticle_0ebc9a9a-726c-5ee5-876f-64282072d00f.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 249ms
156ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2841&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=21&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=world&source=LI&st=2841&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fcancer-patients-often-do-better-with-less-intensive-treatment-new-research-finds%2Farticle_32b568cc-a834-5997-ae4d-90a3acc0a61f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fhow-a-photographer-used-a-stray-flash-to-make-star-greta-gerwig-look-ethereal%2Farticle_856f082a-e24e-5510-9147-517dfdc0cf9c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fsouth-korea-plans-to-nullify-peace-deal-to-punish-north-korea-over-trash-carrying-balloon%2Farticle_16c30583-107a-5a1e-ad26-7a3076b01edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Famericas%2Fmexican-officials-again-criticize-volunteer-searcher-after-she-finds-more-bodies%2Farticle_61b3d431-e51f-5212-ab9a-e558e656c8ca.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fblack-leaders-call-out-trumps-criminal-justice-contradictions-as-he-rails-against-guilty-verdict%2Farticle_3f9a3201-b2db-5b50-bdf3-0a8f814b92cb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmalaysian-climber-who-died-in-a-cave-near-the-top-of-north-americas-tallest-mountain%2Farticle_3eb46439-baf4-58ef-ae40-97197a50ef80.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 352ms
258ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2844&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=24&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&fst=1717414967991&fstr=2229&pt=0&cl=615&w=sports&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Foilers-slip-past-stars-2-1-advance-to-stanley-cup-final%2Farticle_9813dbeb-5a1b-52eb-b115-ca8cb56c5f6e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcould-canadas-stanley-cup-drought-end-oilers-knock-off-star-to-reach-final%2Farticle_fc75c3a4-2113-11ef-8e21-7b1899dedd99.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Ffree-advice-for-the-maple-leafs-on-free-agents-trade-targets-and-bang-for-the%2Farticle_3ed00cf0-1f84-11ef-876c-0781df99e2fe.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fdoug-smiths-sports-blog%2Fraptors-mailbag-should-toronto-bring-back-jonas-valanciunas%2Farticle_abb4ec0a-201f-11ef-9ae6-670d4b13f3ba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fdavis-schneider-hits-an-at-long-last-ball-to-give-blue-jays-a-14-inning%2Farticle_13b5ec8a-1b90-11ef-996b-fbcc38fb2f24.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fgolf%2Fgrayson-murrays-death-is-a-reminder-of-the-fragility-hiding-behind-golfs-festivities%2Farticle_2be45856-1f6d-11ef-b86d-6b6ee1fa0a34.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fbaseballs-supposed-to-be-fun-the-story-behind-the-return-of-the-blue-jays-home%2Farticle_71c6867e-1dbe-11ef-86d7-4b3deca62791.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fdown-goes-alek-manoah-exposing-a-fatal-flaw-in-the-blue-jays-game-plan%2Farticle_fe7eb15e-1b98-11ef-9034-cba90efd9463.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fbasketball%2Fone-nba-club-voted-against-toronto-getting-a-wnba-expansion-team-guess-who%2Farticle_96fe8d0a-192d-11ef-87bc-07fa8418d826.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fwhy-one-maple-leafs-prospect-will-be-re-entering-the-nhl-draft-after-a-breakout%2Farticle_552f86d6-1eb9-11ef-a69d-6b26739818c1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fgolf%2Fgrayson-murray-dies-at-age-30-a-day-after-withdrawing-from-colonial-pga-tour-says%2Farticle_9d706c04-3e80-5961-a49c-cafcf4cc4840.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fbaseball%2Flongtime-umpire-ngel-hern-ndez-retires-immediately%2Farticle_ac5fe1c6-010d-502f-9ee8-2933eb5f7962.html%22%5D&usedJS=32156827&totalJS=37743595&jsLimit=4294705152&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 218ms
126ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2850&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=24&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=sports&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Foilers-slip-past-stars-2-1-advance-to-stanley-cup-final%2Farticle_9813dbeb-5a1b-52eb-b115-ca8cb56c5f6e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcould-canadas-stanley-cup-drought-end-oilers-knock-off-star-to-reach-final%2Farticle_fc75c3a4-2113-11ef-8e21-7b1899dedd99.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Ffree-advice-for-the-maple-leafs-on-free-agents-trade-targets-and-bang-for-the%2Farticle_3ed00cf0-1f84-11ef-876c-0781df99e2fe.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fdoug-smiths-sports-blog%2Fraptors-mailbag-should-toronto-bring-back-jonas-valanciunas%2Farticle_abb4ec0a-201f-11ef-9ae6-670d4b13f3ba.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Foilers-slip-past-stars-2-1-advance-to-stanley-cup-final%2Farticle_9813dbeb-5a1b-52eb-b115-ca8cb56c5f6e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcould-canadas-stanley-cup-drought-end-oilers-knock-off-star-to-reach-final%2Farticle_fc75c3a4-2113-11ef-8e21-7b1899dedd99.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Ffree-advice-for-the-maple-leafs-on-free-agents-trade-targets-and-bang-for-the%2Farticle_3ed00cf0-1f84-11ef-876c-0781df99e2fe.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fdoug-smiths-sports-blog%2Fraptors-mailbag-should-toronto-bring-back-jonas-valanciunas%2Farticle_abb4ec0a-201f-11ef-9ae6-670d4b13f3ba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fdavis-schneider-hits-an-at-long-last-ball-to-give-blue-jays-a-14-inning%2Farticle_13b5ec8a-1b90-11ef-996b-fbcc38fb2f24.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fgolf%2Fgrayson-murrays-death-is-a-reminder-of-the-fragility-hiding-behind-golfs-festivities%2Farticle_2be45856-1f6d-11ef-b86d-6b6ee1fa0a34.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fbaseballs-supposed-to-be-fun-the-story-behind-the-return-of-the-blue-jays-home%2Farticle_71c6867e-1dbe-11ef-86d7-4b3deca62791.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fdown-goes-alek-manoah-exposing-a-fatal-flaw-in-the-blue-jays-game-plan%2Farticle_fe7eb15e-1b98-11ef-9034-cba90efd9463.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fbasketball%2Fone-nba-club-voted-against-toronto-getting-a-wnba-expansion-team-guess-who%2Farticle_96fe8d0a-192d-11ef-87bc-07fa8418d826.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fwhy-one-maple-leafs-prospect-will-be-re-entering-the-nhl-draft-after-a-breakout%2Farticle_552f86d6-1eb9-11ef-a69d-6b26739818c1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fgolf%2Fgrayson-murray-dies-at-age-30-a-day-after-withdrawing-from-colonial-pga-tour-says%2Farticle_9d706c04-3e80-5961-a49c-cafcf4cc4840.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fbaseball%2Flongtime-umpire-ngel-hern-ndez-retires-immediately%2Farticle_ac5fe1c6-010d-502f-9ee8-2933eb5f7962.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/ 35 B
49 B 216ms
124ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/6babb00a-1986-493f-fc9d-2174448f9bde/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=2850&blst=1784&ist=2224&iet=2227&bdst=1784&bdet=2062&bcttt=24&jsfv=nbc&ts=1717414968616&jsk=7noslr035pfb0mvo&jsv=20240328&cu=https%3A%2F%2F138.68.148.191.sslip.io%2F&uid=6babb00a-1986-493f-fc9d-2174448f9bde&sid=860d441f-1286-47de-f7ea-69163f0c4e08&pvid=464e8478-bac4-4d00-e9d2-dd403f9cabc4&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F125.0.0.0+Safari%2F537.36&l=en-GB&os=Win32&cet=4g&crtt=100&cdl=10&saveData=false&ctyp=unknown&tzo=-60&w=sports&source=LI&st=2850&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fopinion%2Fcaddie-chaos-sees-random-fan-carrying-pros-bag-at-the-canadian-open-and-thats-just%2Farticle_364ace1e-d022-5548-9f5e-43d208739778.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Flanny-mcdonald-brings-stanley-cup-to-calgary-police-officer-who-helped-save-his-life%2Farticle_48a50225-b488-5d65-b3a9-9c93d157fde4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Foilers-slip-past-stars-2-1-advance-to-stanley-cup-final%2Farticle_9813dbeb-5a1b-52eb-b115-ca8cb56c5f6e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcould-canadas-stanley-cup-drought-end-oilers-knock-off-star-to-reach-final%2Farticle_fc75c3a4-2113-11ef-8e21-7b1899dedd99.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Ffree-advice-for-the-maple-leafs-on-free-agents-trade-targets-and-bang-for-the%2Farticle_3ed00cf0-1f84-11ef-876c-0781df99e2fe.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fdoug-smiths-sports-blog%2Fraptors-mailbag-should-toronto-bring-back-jonas-valanciunas%2Farticle_abb4ec0a-201f-11ef-9ae6-670d4b13f3ba.html%22%5D&sdk=bc-pixel
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 665d0910d7b10.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/98/2985ac79-56e7-569d-a857-f17b078201fb/ 34 KB
34 KB 38ms
36ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/98/2985ac79-56e7-569d-a857-f17b078201fb/665d0910d7b10.image.jpg?resize=540%2C405

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3ab60f733d9ada980aed0c9c08511963093903d3578c20e5f2ec4e64c629ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 35800
cf-polished: origSize=36523, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 Jun 2024 00:06:41 GMT
server: cloudflare
x-vcache: MISS
etag: "43d969bb9dc0ed7c951b9ed627b912a5"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c020d71954a-LHR
expires: Tue, 03 Jun 2025 00:13:07 GMT

GET
H2 200 665d793360848.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/6/ce/6ce4aa47-6135-5555-b355-bf702a72085e/ 30 KB
30 KB 41ms
40ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/6/ce/6ce4aa47-6135-5555-b355-bf702a72085e/665d793360848.image.jpg?resize=540%2C360

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2affba26740782e54029439071f0842e819c367afdcade8d9929dadcb8a2ba9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 8796
cf-polished: qual=85, origFmt=jpeg, origSize=33473
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="665d793360848.webp"
content-length: 30410
cf-bgj: imgq:85,h2pri
last-modified: Mon, 03 Jun 2024 08:05:07 GMT
server: cloudflare
x-vcache: MISS
etag: "de52a8b90771565c1476e650611ec8d7"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6c020d73954a-LHR
expires: Tue, 03 Jun 2025 08:50:56 GMT

GET
H2 200 6657937c30f88.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/9c/a9c7a6a8-f697-5395-8de3-8f42b6ef247c/ 63 KB
64 KB 39ms
37ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/9c/a9c7a6a8-f697-5395-8de3-8f42b6ef247c/6657937c30f88.image.jpg?crop=624%2C624%2C405%2C509&resize=540%2C540&order=crop%2Cresize

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

143362e75091477f15bce5d04840d079bfe988e6315af538575880c50be40d30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 108934
cf-polished: origSize=68078, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Wed, 29 May 2024 20:43:42 GMT
server: cloudflare
x-vcache: MISS
etag: "90b1d2c81bc7d81d10a29df8aa57bec9"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c020d74954a-LHR
expires: Sun, 01 Jun 2025 09:26:21 GMT

GET
H2 200 665614a97c4f7.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/6/74/6740ce3d-a214-5159-b5ea-0b3445daf488/ 39 KB
39 KB 39ms
38ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/6/74/6740ce3d-a214-5159-b5ea-0b3445daf488/665614a97c4f7.image.jpg?resize=540%2C504

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9749681f7100c77e5c9394e29da30b923e792566136b6d822f8a606eb3e7fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 463173
cf-polished: qual=85, origFmt=jpeg, origSize=41195
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="665614a97c4f7.webp"
cf-bgj: imgq:85,h2pri
last-modified: Tue, 28 May 2024 17:30:19 GMT
server: cloudflare
x-vcache: MISS
etag: "71d3d5f15d29309ea75df7a2dd7b9241"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c020d75954a-LHR
expires: Wed, 28 May 2025 18:11:46 GMT

GET
H2 200 66548e75041a5.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/d/58/d5894c9a-4e79-5dd0-bfae-ebc7c9abec62/ 13 KB
14 KB 46ms
45ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/d/58/d5894c9a-4e79-5dd0-bfae-ebc7c9abec62/66548e75041a5.image.jpg?resize=540%2C360

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf8b528d548f6f2b9967c2b778acf23ea787b04414a50d7754a901baf17fc1ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 583051
cf-polished: qual=85, origFmt=jpeg, origSize=16802
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="66548e75041a5.webp"
cf-bgj: imgq:85,h2pri
last-modified: Mon, 27 May 2024 13:45:28 GMT
server: cloudflare
x-vcache: MISS
etag: "88b915dacb23b8810dcf3309bbf8440a"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c020d76954a-LHR
expires: Tue, 27 May 2025 15:21:14 GMT

GET
H2 200 6658cb8bc6c74.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/e/21/e21e168c-8531-54b0-a674-188ff809164b/ 42 KB
42 KB 58ms
57ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/e/21/e21e168c-8531-54b0-a674-188ff809164b/6658cb8bc6c74.image.jpg?resize=540%2C327

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad26aeabeeb547bbc60f1903f4c6318be0dae67948ae3cb8f12945423ae75e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 313967
cf-polished: degrade=85, origSize=44862, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Thu, 30 May 2024 18:55:08 GMT
server: cloudflare
x-vcache: MISS
etag: "e11f0fb38e5d925e2de5a95e9da090dd"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c021d90954a-LHR
expires: Fri, 30 May 2025 19:13:47 GMT

GET
H2 200 d1957cb4-184a-11ef-a9de-bb1f31d86678.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 12 KB
12 KB 35ms
34ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/d1957cb4-184a-11ef-a9de-bb1f31d86678.jpg?resize=300%2C184

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9816b2a7b6d777068df321dacb45fb58995efd730917b237821a680e8bd7d5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 600883
cf-polished: origSize=12124, status=webp_bigger
cross-origin-resource-policy: cross-origin
content-length: 11945
cf-bgj: imgq:85,h2pri
last-modified: Wed, 22 May 2024 14:51:49 GMT
server: cloudflare
x-vcache: MISS
etag: "4002431f82fa1cb87f7581ce6b305afe"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6c022da3954a-LHR
expires: Tue, 27 May 2025 12:47:48 GMT

GET
H2 200 main.2bdc3040.js Show response
s.pinimg.com/ct/lib/ 69 KB
20 KB 43ms
41ms Script
application/javascript 2a04:4e42:8e::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:8e::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: br
x-cdn: fastly
etag: "12a8f2d3ddbe2363a4a569b085d70d28"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=1209600
alt-svc: h3=":443";ma=600
content-length: 19942

GET
H2 200 p.js Show response
cdn.parsely.com/keys/thestar.com/ 76 KB
27 KB 222ms
66ms Script
application/javascript 3.161.77.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/thestar.com/p.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.77.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-77-50.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: fe7ca5b465b338f88ef1f4db8dcbd5df9055f9bc3cd48d4b81c138298a848743

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: public
date: Mon, 03 Jun 2024 06:43:34 GMT
content-encoding: gzip
via: 1.1 950827d16996e598fc854bddb58b3ff0.cloudfront.net (CloudFront)
last-modified: Wed, 15 May 2024 18:51:35 GMT
server: nginx
x-amz-cf-pop: FRA56-P10
age: 17954
etag: W/"66450437-13027"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: 7JxtR7qXnyPprzBBt-21VdDLTNAoP19mEfpj0JscZeP22ZGP0UQpow==
expires: Tue, 04 Jun 2024 06:43:34 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/698108511/ 42 B
64 B 202ms
50ms Image
image/gif 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698108511/?random=1717414968296&cv=11&fst=1717412400000&bg=ffffff&guid=ON&async=1&gtm=45be45t0v867836103za200zb72758733&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&hn=www.googleadservices.com&frm=0&tiba=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&npa=0&pscdl=noapi&auid=550265181.1717414968&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLDOMw0b9RTEppn9R4_G9gyMRr2g6TyA&random=2797438211&rmt_tld=0&ipr=y

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.co.uk/pagead/1p-user-list/698108511/ 42 B
64 B 48ms
48ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/698108511/?random=1717414968296&cv=11&fst=1717412400000&bg=ffffff&guid=ON&async=1&gtm=45be45t0v867836103za200zb72758733&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&hn=www.googleadservices.com&frm=0&tiba=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&npa=0&pscdl=noapi&auid=550265181.1717414968&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLDOMw0b9RTEppn9R4_G9gyMRr2g6TyA&random=2797438211&rmt_tld=1&ipr=y

Requested by

Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
227 B 82ms
82ms Image
text/plain 18.244.18.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1717414968692&ns_c=UTF-8&c7=https%3A%2F%2F138.68.148.191.sslip.io%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&c9=
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.244.18.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-244-18-27.fra56.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
via: 1.1 553c17cdbfc8c5ba81390077b0e5d2d4.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA56-P11
x-amz-cf-id: bSfKKrRl0hzfjDKtVZ0Z8jZQ6kjqqQIGrLXh6KMvOz_s5RK5-b-JNQ==
x-cache: Miss from cloudfront

GET
H2 200 / Show response
ct.pinterest.com/user/ 326 B
634 B 163ms
48ms XHR
application/json 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2612846434758&cb=1717414968722&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7c3ffee5bcd22c88b35273b0e47553373564c519031afac4fdd45cea71107e4f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:48 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 0
alt-svc: h3=":443";ma=600
x-pinterest-rid: 1811990003257783
content-length: 185
pin-unauth: dWlkPU5EUm1Zak5qWlRJdFpXTmlOaTAwWXpoa0xXSTFNMll0WWpSaE1tTXhaamhsT0RnMQ
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://138.68.148.191.sslip.io
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: 0acf2821fed5456b690322e537fbd16e9a4bf075
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
0 162ms
49ms Fetch
image/gif 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/v3/?tid=2612846434758&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2F138.68.148.191.sslip.io%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.112%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1717414968724
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 03 Jun 2024 11:42:48 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: https://138.68.148.191.sslip.io
pinterest-version: 0acf2821fed5456b690322e537fbd16e9a4bf075
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
alt-svc: h3=":443";ma=600
x-pinterest-rid: 8890383832201132
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 870.bundle.6e2976b75e60ab2b2bf8.js Show response
cdn.segment.com/analytics-next/bundles/ 17 KB
5 KB 43ms
42ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/870.bundle.6e2976b75e60ab2b2bf8.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 29 Oct 2023 03:39:32 GMT
x-amz-version-id: TPYvVMnNT74sqYayA8qHjUy1pSzwsfCf
content-encoding: br
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 18864197
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Sun, 29 Oct 2023 00:03:00 GMT
server: AmazonS3
etag: W/"69ff6d99504e355f116e0d507f3dcf2b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: 7KNByhSeLI7kotu3y14epoVTHDa3ZTrc9vMCG5BUXe4WraGDnUaKog==

GET
H2 200 tsub-middleware.bundle.77315eced46c5ae4c052.js Show response
cdn.segment.com/analytics-next/bundles/ 568 B
1 KB 59ms
59ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/tsub-middleware.bundle.77315eced46c5ae4c052.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 21 Feb 2024 08:47:20 GMT
x-amz-version-id: QI3N8C0LW9js3jT5cEYkHFV9Sk9Eg88i
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 8909729
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 568
last-modified: Wed, 21 Feb 2024 01:25:11 GMT
server: AmazonS3
etag: "2e2a6826c25f4a2f22f0112c0e467584"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: Fk4ps-_cJg_9YqVPBUeKJgLZ62wACEMn_qDPvp2A_AJd8fLAj9EJKQ==

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 239ms
36ms Image
image/gif 52.17.99.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1717414968911&plid=968034c2-0655-4ad8-a9e7-779fcb863c8f&idsite=thestar.com&url=https%3A%2F%2F138.68.148.191.sslip.io%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22plan%22%3A%22%22%2C%22janrain_uuid%22%3A%22%22%2C%22site_level_uuid%22%3A%22%22%2C%22hub_level_uuid%22%3A%22%22%2C%22adobe_mcid%22%3A%2284868314243114659931804475849565988077%22%2C%22word_count%22%3A%22%22%2C%22_scrollIncrement%22%3A0%2C%22_scrollMethod%22%3A%22pageview%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A11715%7D&sid=1&surl=https%3A%2F%2F138.68.148.191.sslip.io%2F&sref=&sts=1717414968905&slts=0&title=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&date=Mon+Jun+03+2024+12%3A42%3A48+GMT%2B0100+(British+Summer+Time)&action=pageview&js=1&pvid=e1ed6de5-7111-4309-96e9-3dd7237a11ec&u=pid%3D17ebd3f2-119e-4bd5-aa84-00bcd49befa1
Requested by: Host: 138.68.148.191.sslip.io
URL: https://138.68.148.191.sslip.io/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.99.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Mon, 03 Jun 2024 11:42:49 GMT
Cache-Control: no-cache
Last-Modified: Monday, 03-Jun-2024 11:42:49 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 44ms
44ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 15 Apr 2024 15:05:40 GMT
x-amz-version-id: 1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding: br
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 4221429
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Apr 2024 21:39:45 GMT
server: AmazonS3
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: ANXWuSA469A0yLhrWJN0YUVRYjBWUIkssfPN8zqruOPwboiGPUYhvg==

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 42ms
42ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 13 Feb 2024 21:44:05 GMT
x-amz-version-id: GdbKd8UgUP5EXZpDaTRDFeJkJbyj8x6E
content-encoding: br
via: 1.1 8e04f5d6c745b231c10fce7c2aa9c70e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 9554324
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 13 Feb 2024 18:05:05 GMT
server: AmazonS3
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: W4zk65wRj11ZCUaGwIiwGpJZJghghb19hGG0vdDLlw9aQFAb8e_MDQ==

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
179 B 631ms
201ms Fetch
application/json 54.69.251.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.251.6 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-251-6.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://138.68.148.191.sslip.io
date: Mon, 03 Jun 2024 11:42:49 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
203 B 163ms
163ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: *
Referer: https://138.68.148.191.sslip.io/
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:49 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 62D58D7469824FE9A3DC4A3636D7B6B7 Ref B: LON04EDGE0721 Ref C: 2024-06-03T11:42:49Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://138.68.148.191.sslip.io
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYZ+tU0qLqjcPNCL+jEkA==

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 86ms
85ms XHR
application/json 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202405230101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7d393de9b931eef7c46b9ca0704082660771d46390ea9346b6f1cbf171d4566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:51 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12632
x-xss-protection: 0

GET
H2 200 token_create.js Show response
ct.pinterest.com/static/ct/ 4 KB
4 KB 27ms
25ms Script
application/javascript 151.101.128.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/static/ct/token_create.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.128.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:51 GMT
x-cdn: fastly
age: 5924
etag: "19c94b308deaf8fbf050b4fca2fa21b7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
timing-allow-origin: https://ct.pinterest.com
alt-svc: h3=":443";ma=600
content-length: 4103

GET
H2 200 ct.html
ct.pinterest.com/ Frame E1F9 0
0 159ms
54ms Document
text/html 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Mon, 03 Jun 2024 11:42:51 GMT
pinterest-version: 0acf2821fed5456b690322e537fbd16e9a4bf075
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1237297584265717

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 260ms
109ms Script
text/javascript 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202405230101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 03 Jun 2024 11:42:51 GMT

GET
H2 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 310A 0
0 168ms
40ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-GB,en;q=0.9;q=0.9
Referer: https://138.68.148.191.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
age: 165692
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 01 Jun 2024 13:41:20 GMT
expires: Sun, 01 Jun 2025 13:41:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 favicon.ico
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/favicons/thestar/ 1 KB
437 B 47ms
47ms Other
image/x-icon 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/favicons/thestar/favicon.ico?_dc=1717003972

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0db6de4c7acdd82e35b39c6e7d8051759fe5c0ef38be0da452f8fed09fdd3e66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:52 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
age: 410641
cross-origin-resource-policy: cross-origin
last-modified: Wed, 29 May 2024 17:32:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"665766c4-47e"
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 88df6c185ee9954a-LHR
expires: Thu, 29 May 2025 17:37:58 GMT

GET
H2 200 icon.ico
www.thestar.com/content/tncms/site/ 1 KB
1 KB 112ms
112ms Other
image/x-icon 192.104.182.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thestar.com/content/tncms/site/icon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: 0db6de4c7acdd82e35b39c6e7d8051759fe5c0ef38be0da452f8fed09fdd3e66

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 07:31:54 GMT
last-modified: Wed, 13 Sep 2023 15:20:10 GMT
x-vcache: HIT
age: 15057
etag: "6501d32a-47e"
content-type: image/x-icon
cache-control: public, max-age=43200
accept-ranges: bytes
content-length: 1150

GET
H2 200 favicon-32x32.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/favicons/thestar/ 466 B
619 B 49ms
49ms Other
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/favicons/thestar/favicon-32x32.png?_dc=1717003972

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

696759df6e599a9bad9f1fa5aee0f4b35b23cda2721a547fda62fe8447d695d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://138.68.148.191.sslip.io/
Accept-Language: en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 11:42:52 GMT
strict-transport-security: max-age=31536000
cf-cache-status: HIT
age: 410641
cf-polished: origFmt=png, origSize=1378
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="favicon-32x32.webp"
content-length: 466
cf-bgj: imgq:85,h2pri
last-modified: Wed, 29 May 2024 17:32:52 GMT
server: cloudflare
x-vcache: MISS
etag: "665766c4-562"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 88df6c19583a954a-LHR
expires: Thu, 29 May 2025 17:37:58 GMT

GET sodar
pagead2.googlesyndication.com/pagead/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: thestar.cloud.optable.co
URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1

Domain: api.viafoura.co
URL: https://api.viafoura.co/v2/138.68.148.191.sslip.io/bootstrap/v2

Domain: thestar.cloud.optable.co
URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202405230101&jk=484750683087711&bg=!REelRwjNAAbEf60J5H87ADQBe5WfOPSpUPpfpV9kAtSQMeuaw_C1k6xdgNY2iDy9LFbd1JI7cBOqjjd3Tp5JkfZ5aS5OAgAAADhSAAAAA2gBB34ANSRRNdvY1ED7yCiQVy4RQi2o7o0MD6QynoCY60OG0ZRVcD8NVRwzT-ZxGwShHnS-GNqdJnKACgCKD9O6SkL-VEV6MNRd7WCvcUUg0GC5lcJeLN8GTX25UTEs3owAmc3n3JhsycvkyZvYTxFKdDuPE5LFpFrlQX0N7YU_tvDsaoRt-A9cKbT4VsapMJtAj53TUqS33Lt3lLhotRuna_0Epd4AvA7jUZvu74uVqWkciXUocqpJOPYjGgzpfDnP0MtpFgz1mQKvoD3xFYvUM4SJ_8GqLEwQTzFQJYJ41H4MfUs3RgT5-VtivJERPCwiTuomkLBLL8OGlxySQxiXxCCXX63g3POoSeb0Jn1EqWq4Gtt3tri8Q4-L0KAwC14f3alGkHKBM7HD291lB0bnkieFgsLbsc6bSFY8OR32w4aL9KZeQ-4vckHnPy9aY5I4pXv97_P15fgLabCchDWkM3GQvpLkM99k1LoUx4rXWmi5dcgPrKI6Ce6xgwIVVU52F35xRp0rKyOl--dpQPE31X9mxgNa041RQdUktqiVg-ZAsSWKZ5Mmrc-XBkrsBkiN1UTG1h47zlC5l7qjIKjOf543L2O_j1aqD8KIYs9w3JUOXn-P6Ek-_5IZgf-dkA_8FezjopeIjuSZ3E5CRwrih7MDprvYDiJz5xPK30RadaSSrN8r6gzby-zGeJC0YGCHUaoI0wyHVWh5g8jCgOI9LK0GE_VZlY6QM_YOSKNBpjGb7p9xdpinl6wkrCxVFPsPqk1xd5ue0v8_dbX9Tyb0zeHMb91KPnj6V6yB8CBvqg7EpuFOLst3GcGsIyY9f6a_CKw1xBJVIhYT73SocvxGcWkU2pzY1FbwtZwrmoUHW8Bq_paFjlF1r7uQbo87HK_2yQCXLTHaQqD5R0DKKamzDqAs1AvvecfBhhaJVPFEiEubOhGbSWOFglbmbI8B5udzmD3IBnWiPHllwT1QUskoanb6O_cQWOZ60uOmtAD-QAbOM6jRIXt5VBaJqKpA7SA80JjCaTVRsNZjjIAVcCOpjOcEbVZXKRxiOZThCvO2t1asfS661nTZ_OHrxj3gKBKGEkoWH6KHKe06lpHg-SyAyqenE4NMe6n3DRNKj0aZJxvZjjhDTGLP4qmDLqbHJ67cvwfmNzccIlStHCozWZf7PIRPwuw1da-g

Verdicts & Comments Add Verdict or Comment

169 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

42 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sslip.io/	1970-01-20 23:13:10	Name: _gcl_au Value: 1.1.550265181.1717414968
.demdex.net/	1970-01-21 01:22:46	Name: demdex Value: 84876815189884441631803634826874961639
138.68.148.191.sslip.io/	1969-12-31 23:59:59	Name: _igt Value: 860d441f-1286-47de-f7ea-69163f0c4e08
138.68.148.191.sslip.io/	1970-01-21 05:49:10	Name: _ig Value: 6babb00a-1986-493f-fc9d-2174448f9bde
.sslip.io/	1969-12-31 23:59:59	Name: AMCVS_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 1
.sslip.io/	1970-01-21 06:39:34	Name: _ga_6FZFMVVWVN Value: GS1.1.1717414968.1.0.1717414968.60.0.0
.sslip.io/	1970-01-20 21:03:35	Name: _vfz Value: 138%2E68%2E148%2E191%2Esslip%2Eio..1717414968.1.medium=direct\|source=\|sharer_uuid=\|terms=
.sslip.io/	1970-01-20 21:03:36	Name: _vfb Value: 138%2E68%2E148%2E191%2Esslip%2Eio..2.10.1717414968....
.sslip.io/	1970-01-21 05:49:10	Name: _vfa Value: 138%2E68%2E148%2E191%2Esslip%2Eio..952b8aca-6b7a-439f-b04e-d42e6436aa81.1717414968.1717414968.1717414968.1
.sslip.io/	1970-01-21 06:39:34	Name: _ga_4T2EB147B8 Value: GS1.1.1717414968.1.0.1717414968.60.0.0
.everesttech.net/	1970-01-21 05:49:10	Name: everest_g_v2 Value: g_surferid~Zl2sOAAAAGlF9AN-
.dpm.demdex.net/	1970-01-21 01:22:46	Name: dpm Value: 84876815189884441631803634826874961639
.sslip.io/	1970-01-21 06:39:34	Name: AMCV_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 179643557%7CMCIDTS%7C19878%7CMCMID%7C84868314243114659931804475849565988077%7CMCAAMLH-1718019768%7C6%7CMCAAMB-1718019768%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1717422168s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19885%7CvVersion%7C5.5.0
.sslip.io/	1970-01-20 21:03:38	Name: AMP_TOKEN Value: %24NOT_FOUND
.sslip.io/	1970-01-21 06:39:34	Name: _ga Value: GA1.2.2130055902.1717414968
.sslip.io/	1970-01-20 21:05:01	Name: _gid Value: GA1.2.1461145722.1717414968
.sslip.io/	1970-01-20 21:03:35	Name: _dc_gtm_UA-54716522-7 Value: 1
.sslip.io/	1970-01-20 23:13:10	Name: _rdt_uuid Value: 1717414968468.f855d139-ab61-43e1-b815-821750926a7f
.sslip.io/	1969-12-31 23:59:59	Name: s_cc Value: true
.sslip.io/	1970-01-20 21:05:01	Name: _uetsid Value: 66cb1790219e11ef8ebd9570f2e44117
.sslip.io/	1970-01-21 06:25:10	Name: _uetvid Value: 66cb3b90219e11efb0c1f11b8f1c2c63
.doubleclick.net/	1970-01-20 21:46:46	Name: ar_debug Value: 1
.bing.com/	1970-01-21 06:25:10	Name: MUID Value: 1BAED91577ED69A90129CD86761668DB
.t.co/	1970-01-21 06:39:34	Name: muc_ads Value: c1b4e234-1a53-4159-b3b7-72c4c0ca5051
.linkedin.com/	1970-01-20 23:13:10	Name: li_sugr Value: b60b7c77-63da-4299-9163-21ceeb83b758
.linkedin.com/	1970-01-21 05:49:10	Name: bcookie Value: "v=2&b9f01485-17a5-4661-87ee-ca7cae220e19"
.linkedin.com/	1970-01-20 21:05:01	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=3347:u=1:x=1:i=1717414968:t=1717501368:v=2:sig=AQHsGIeS-xCBQRqrvotPEyntFsrljQvb"
.twitter.com/	1970-01-21 06:39:34	Name: guest_id_marketing Value: v1%3A171741496867452128
.twitter.com/	1970-01-21 06:39:34	Name: guest_id_ads Value: v1%3A171741496867452128
.twitter.com/	1970-01-21 06:39:34	Name: personalization_id Value: "v1_zCvrms9+f1FZunZU3l25Hw=="
.twitter.com/	1970-01-21 06:39:34	Name: guest_id Value: v1%3A171741496867452128
.doubleclick.net/	1970-01-21 06:25:10	Name: IDE Value: AHWqTUnEOM4QV3Oj2Hbyjq8H-cD7gWHp3xGFYlLZ7KL-LYMkpy8oL_VrtEq5QJB947I
.doubleclick.net/	1970-01-21 01:22:46	Name: receive-cookie-deprecation Value: 1
.pinterest.com/	1970-01-21 05:49:10	Name: ar_debug Value: 1
.138.68.148.191.sslip.io/	1970-01-21 05:49:10	Name: _pin_unauth Value: dWlkPU5EUm1Zak5qWlRJdFpXTmlOaTAwWXpoa0xXSTFNMll0WWpSaE1tTXhaamhsT0RnMQ
.138.68.148.191.sslip.io/	1970-01-20 21:03:36	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://138.68.148.191.sslip.io/%22%2C%22sref%22:%22%22%2C%22sts%22:1717414968905%2C%22slts%22:0}
.138.68.148.191.sslip.io/	1970-01-21 06:32:58	Name: _parsely_visitor Value: {%22id%22:%22pid=17ebd3f2-119e-4bd5-aa84-00bcd49befa1%22%2C%22session_count%22:1%2C%22last_session_ts%22:1717414968905}
.linkedin.com/	1970-01-20 21:46:46	Name: UserMatchHistory Value: AQKcLXmZpIIvTQAAAY_d6L4tu1HLLNIGcbuMs5V8Xm6A9UAMd3JnEpsz-X3OWo5IUs5upJepIIjXEA
.linkedin.com/	1970-01-20 21:46:46	Name: AnalyticsSyncHistory Value: AQKLv_NE3O4lBAAAAY_d6L4t841T1E219xv_9t9ceUo6yrmgxv1x3Y7n9xatCGpdYluzMJWNqi0n4dYtzbDKeA
.sslip.io/	1970-01-21 05:49:10	Name: ajs_anonymous_id Value: 1cc149bb-a8d2-4f8c-be94-778976eceb5e
.www.linkedin.com/	1970-01-21 05:49:10	Name: bscookie Value: "v=1&20240603114249ff92f09c-deea-45c2-8e3b-40451996b592AQEsIr8kMNBhDb5b9CD9DGr-Bk18Mr1j"
.linkedin.com/	1970-01-21 01:22:46	Name: li_gc Value: MTswOzE3MTc0MTQ5Njk7MjswMjFCXbjoyNeYHedZi0a3y0EnrHBJtP5HmwqsEYSbJRBduw==

66 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://138.68.148.191.sslip.io/ Message: Access to fetch at 'https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1' from origin 'https://138.68.148.191.sslip.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://138.68.148.191.sslip.io/ Message: Access to fetch at 'https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1' from origin 'https://138.68.148.191.sslip.io' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://138.68.148.191.sslip.io/ Message: Access to fetch at 'https://api.viafoura.co/v2/138.68.148.191.sslip.io/bootstrap/v2' from origin 'https://138.68.148.191.sslip.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://api.viafoura.co/v2/138.68.148.191.sslip.io/bootstrap/v2 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://138.68.148.191.sslip.io/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10230056.fls.doubleclick.net
138.68.148.191.sslip.io
5634eaa5848478f789544d499e325b98.safeframe.googlesyndication.com
aax.amazon-adsystem.com
accounts.google.com
ad-delivery.net
ad.doubleclick.net
alb.reddit.com
ampcid.google.com
analytics.twitter.com
api.btloader.com
api.segment.io
api.viafoura.co
bat.bing.com
bloximages.chicago2.vip.townnews.com
btloader.com
c.amazon-adsystem.com
cdn.ampproject.org
cdn.parsely.com
cdn.petametrics.com
cdn.segment.com
cdn.viafoura.net
cm.everesttech.net
config.aps.amazon-adsystem.com
ct.pinterest.com
d1z2jf7jlzjs58.cloudfront.net
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
i.viafoura.co
micro.rubiconproject.com
news.google.com
p1.parsely.com
pagead2.googlesyndication.com
pixel-config.reddit.com
px.ads.linkedin.com
px4.ads.linkedin.com
query.petametrics.com
region1.analytics.google.com
resources.thestar.com
s.pinimg.com
s.thestar.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
thestar.cloud.optable.co
thestar.solutions.cdn.optable.co
torontostarnewspaperslimited.demdex.net
torstar.gscontxt.net
tpc.googlesyndication.com
unpkg.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.thestar.com
api.viafoura.co
pagead2.googlesyndication.com
thestar.cloud.optable.co
104.16.132.24
104.244.42.131
13.107.43.14
13.224.186.120
13.35.57.188
130.211.23.194
138.68.148.191
146.75.120.157
151.101.1.140
151.101.128.84
151.101.129.140
151.101.64.84
158.101.210.189
172.217.16.134
172.217.18.6
18.244.18.27
18.245.31.65
192.104.182.109
2001:4860:4802:34::36
23.34.43.6
2600:9000:223c:ac00:8:2ae1:d740:93a1
2606:4700:10::6816:3c5a
2606:4700:10::6816:4bd8
2606:4700:20::ac43:4513
2606:4700::6811:f8cb
2620:1ec:21::14
2620:1ec:c11::237
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::200a
2a00:1450:4001:813::200e
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:81d::2004
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::200e
2a00:1450:400c:c07::9c
2a00:1450:4013:c16::54
2a02:26f0:3100::1735:2a3b
2a04:4e42:600::396
2a04:4e42:8e::84
3.161.75.65
3.161.77.50
3.161.82.46
3.224.50.112
34.149.155.241
34.160.43.93
35.190.14.224
52.17.99.225
52.19.228.126
52.30.166.91
54.69.251.6
63.140.62.17
63.32.235.18
93.184.221.165
99.86.8.175
02d4a3e3bc55fb2c10464afa89e283d1d017f6a309634709009f0e3ec5455e26
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158
0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8
0a9d3fcf52a1b7a8ff5f9a292b5a2feefe0f2bd45a1d439cee4c7dc2bbcde92f
0acff355a123d849b520cf5a94fba9e18840b78a57f67e7ff984ad7272821d48
0db6de4c7acdd82e35b39c6e7d8051759fe5c0ef38be0da452f8fed09fdd3e66
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
143362e75091477f15bce5d04840d079bfe988e6315af538575880c50be40d30
14fb80295b6ccc50cd5fcb2e6add7a8e69d442f760b20dd010962960ba70aece
16b7cf55fbd080eaa0a59da54b8dc90b9ecfb37e0e456186c753c9291deddc59
18206ef2760ea0f8bdf4664498fa15c851d79cd3121e2583dc165b3d2f50fb6c
182b024ffa27372ce654411ff8660c4a97eba6b63b54d08562405df2b869d181
190e1101cde57367a86dd7f3df29194cf2b78968948c793f424d5f144897b9b7
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1b30f0c3cb662b52368a53ba31765952f5a9aec3613d4cd57b8d0da0cf3842d3
1b4ebbebbc583a15a08b12ba968bf1d03475a39c28940dee975a74a0381d08fe
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1ebc1e62c024fc610ffd18df157488dfa4321fc8db7222d9db66e92e1afe7b7b
26277fa000346ace59e9242a6892ea29d35b10db60b517b082661c9efadfddc3
2736d55a4da2c1d7e1cec02b86d6432aabe15a41f5f86803b5fa5fbe3cae8a64
2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36
296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd
2afc9c9a110ac94d64bae0e712762d6fb409e7470c68f3278676aa68e616f3e3
2affba26740782e54029439071f0842e819c367afdcade8d9929dadcb8a2ba9c
2c6d2dbbe8524d6e1da776ce5a628742fb5b2d3847883d938d9b89d6f5bf08e0
2ca9f20823ffa1266144cc2c6af10f9fe097305ace8fb845dd48ee045e81b235
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
32209e964449881b7f2a21086506deccc49063673c2cfff6288598f843fc81c4
32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565
353ad6b523f0c2c7af5f2c7ae08db3668197757f58c12bd31fb1ddd37281327e
3577b4b88a881592ac527d73680b806b5e58abc7cd5b5416cf3a34695926c015
38ddbe47a6c50552223935c9c5553c3cb17292cfc08b33d4d2c40c45baf2174c
39af5bc38f03afb9bbcacadacdf8ce2adc5f6745217ef8868696c6cb38e2bfe0
3b7927b9ccc259810a26f503f30646f92bf2e281cdc2eb8df9c8768d68882bea
3b7bd0afb2293dbcb1936e97acc34ff39d71db9a31d78c8bbc978ffffa787ed3
4353442b296c53f51d82efc2617406d68cc278bd08c2ce4ca96daa9fcc2c77e3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
457e85861044e6c6ed188aee506092571f5ba71759bbc1de4340ece02b69194e
47220c4c850d2a71293522af7071da5706951e1cecc6dddce7bc78343f48de1e
4908103eb097a575d25aecab0b105c51313e35ce211bb70d82ea0ce6e75ed2b3
4b093bf8fe11ce768e5543697030a064da71b347431594daf7efb86f94a201c0
4d063ab8701f5932753a12e9b302d8345ed7ba488f2f3ca6d46912fb60ce2815
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4da85bac641eea7ae93b38d3cd9b7e2b18668c77b15e521bd3e285f054269703
4e2204e68760e4f840d4bd42290c5390615e4d7f600923155937e3389579e2bc
5006a5f4ebf15da960606619f8ca082bacab49aee12d1eba501730ce4c32c599
5099957bf1788de97d11c451694e29ee1519ca2d5a0532aa92304bbfe29e6ad2
523e12ec4882988ae8c43f71e35ea24fccd8560997c349a0a24c27c6682573fb
52e428aef55740e64045fb6a3f511441da64cdb75deeba07d3a56a030b7a4a2b
53638132fa04681e4f77df4cedfb9aa00cd0025246cc7286265d9c609ffe5043
55c6983606eae184b6c555ec5ed37a79f5038a478645e778921e618d74ed7f1c
565f07e2f1e69f69195c5bf95d5668bb110a38683ae051202b3a6db87b7ed516
57c6c8ef16f19b7a2e015a857f3f43bc4997fb5044f8dd62644329ba4a8420dc
595550d27cabf0dad36e8ddae06a223716e7067ff08607b60e91adab5e06c748
597cf1adbafca51f41aedfbdc509c2e15e81382778e096b1398c66cda6865f2d
5a849a0a4ae8f60164ab3a78e78653e81ae224260694c24f71c3d343c6f716d4
5eee7eef8c43d97d6c92ce9000b3f2424647e58f985c2df5711690c8b95f1495
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
64d2ce701b1f0b1d910bff7f252ae7a53d5f90cf3efb970163811c757b889d57
64f63916d74c00afe65ac75cb34a1b33c06f250ae80ad4421a06cbe080c9e5ec
67ccbb5495d7f07b89c2a17f177d096d74eef2dcb95949b1c33ff9702bcea703
68684d4e091795123c7797a602e056cac24a3355a95b3b198e4fbd65822afcd2
696759df6e599a9bad9f1fa5aee0f4b35b23cda2721a547fda62fe8447d695d9
6978d0cdbc807840e1fc616ceace05d68334ce61ebcaefc5cf9acf73fd18600f
6a306aa02bb724d339bc6a81e4d586684dd31b78570b70453bfd4e372b414b4e
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e704905975bd4cf9eab9d4806ad73ee37adf9421addd108436b3094bde58617
711e0b710928008e30a1d944e63108e5441e709c9442af6e1a50045a59c1b9e2
712a01097d932adf1f36ed11c7a17481836f51760f5eff854ed69838fe0eb261
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
7458edd9b7b53f7b32c80f4856a8a0d1c4b7557c589f7c6b860c30a43829ac3a
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
764a854687f364d9209fee39c7cdc142f7c160462a4e697d5261ca6f50437c29
770dcaf045c045c66d6903b436c5b8c6f5d5a466fb3f17b3ba8f778f756b7621
7976a9dfe57f9ba6972420500782258da674fcc523c2def08bb6a84ce275c4b5
7ad26aeabeeb547bbc60f1903f4c6318be0dae67948ae3cb8f12945423ae75e4
7aed7c338310d559ce64cb0fd4a92e02ffabd673f0ab6c9608619f8da0bb0195
7c3ffee5bcd22c88b35273b0e47553373564c519031afac4fdd45cea71107e4f
7c4711683ed6f2d79b7aebeb5f9d00be743a943159bdb57faf129412ed1de94c
7c58d825e642307da8aad2562a7a39a8103fa06f97141c6f1b5b57154b128949
80abdc7301a85f3723a06e115899beb85170026b040c44834b954be0d2f2af3d
818d2cdb8b993b3c8b4c34e7ea6151c3f4efe4281eee57caeb3f5e9d452ce12a
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
868363ef2870b0754aff551f47a8058255af7768783bbc152711cd4552fb7f0f
88261b7c724b5c29c6a81574124a7574a6d5f635b8c896a878bea31ac981dc1f
899d1ec3c095342571d3be2091ec6f984d4cc82390d1f61945c391fa035b00d9
8bba9687afeda017cbf549538f5433e397e901a3b452306988a7999db6f1a8ce
8e683a0ae8fc37aeae8fd20643faef0341fe5cf01c30f25f41d6bad28b1a8365
921e1fad091c3f14fb5809581ff557c471ced29ef7d94b206ffd0022c3867d26
922419daf0f7f53cca9234ef4f41bffaafb484020e655eae333ee4ba2af6a76a
92fe1cea3df8fc0e2a03f1c8d0099cb105c7d455ac8be20be165ce6bff558365
933eb56d46a5af1ba475b96065772b838deb8668526b72ebc80790e4314dbe39
93c978c0e4d6597dc192f43e889796eb6eb0cbb8dbec8419e22ebd71a78be2c4
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
9747658e47aee56d403f2a54b6a725bd3cb59dd44185661463dc00c7dde3e330
980c8780366c4be3d8e14ac0a98833e357313bd0c55e9cec1b5f16deec75c049
9cefee4c660d3fc32a9c8957e4e5a464fde600f95d50d64e533e9c2b73d7ad2c
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c767ec61f3ecd854a3b3aab3ed23168707aa1fc9cee0009643a72362d6bfdd
a3c3bd9d9469e98ac15f87f84eace7c24303948673b40972f81774367fad089e
a443c04c6041b16f5fb8c37f47691453a55466407834c790be99606ff281aad1
a76ff167d7d530e0a4d45c331ac37dd1ad59b0c32b1a80e3906cb50d88e0f3b7
a866c7b8780ff568ad1101e05e95522bf49ee02dcd0a3cc06bc3ca7c5bf108a2
a8a4a852dedcc7e3b6bb2c6acffac1a82a31828a00749ce2a8c2d6dd5f268dd9
aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9
aadfdde0a0aea4dd6e3bfb60868f546b2e30db7f8d5b3549af99915a8e7294f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad4c15f9db190ab5354af8cbc0cfa69f1ade43738e36b2de8a7a4071b1a1764a
ae1d946d7305119960251e362f5bf0ca500511b0f438cf0183e9af1c5ed86684
af8919069a891771e1fef808d691297be73a1b317a10faf96a13af84fda31f7d
b1139a764a2eae949ca1358aa7a387a7d6812f277016c070e28279f2639da412
b1262596e44018dc1685c16934c14e75b94f7c91f7445132311be0d255387467
b5348904074ca7f09e3078c2afcabad0f0c9cafcfc751566e93d90ceaa75b887
b7f817d35152e6280e12fa0a2895ec47b65085df83867b00d766f9a0e5595a37
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b9816b2a7b6d777068df321dacb45fb58995efd730917b237821a680e8bd7d5f
bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332
bb9eef3b114f21d8a84bd35487bc3c59fb5ee8f015cbd67fb763df8aa9901475
bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938
bf8b528d548f6f2b9967c2b778acf23ea787b04414a50d7754a901baf17fc1ba
c2ab34321ef0a61378759396e72284c4ee6c055bf11521b655d1e5b5a435a8b5
c3ab60f733d9ada980aed0c9c08511963093903d3578c20e5f2ec4e64c629ec1
c6ac86cfcd875307be77577d580d25f3e0868dfeebd12080b3fe1044c378dbb9
c7e791cd90e0a1f79ac0639e79e74527567696f3d5420566415c7234123f432e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
cea576f3ddb21972a5e1d788b5224ba6769d85143ef644fe04d6245e1053e4e6
cf3e21aad61783d6e6908e5631c43656c05a34a9c7f64eab44dcd7fc58562aa8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7757eb072d08d857634fe0a4997f9efe4d0c20b614f72858a0d61fe090743c
d19e397a972031773c835af153dfaaae6708a2a05d5b018ca905398a3e24c7f6
d28bf550977b2be0583913e8aa97cd4315502804ceda5f29943bca8dd77b5813
d29cd91a00c3f1589cac5df5a20ad432adffee83efc469d59bcc5ebec2dc3383
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d72995ef7e52dafc770a56457038f77d59a619a426132bfe914ba3ba4f683640
d7d393de9b931eef7c46b9ca0704082660771d46390ea9346b6f1cbf171d4566
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9749681f7100c77e5c9394e29da30b923e792566136b6d822f8a606eb3e7fe8
da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f
db268188af417f5bc2e8ff4a1d4e13b09a78440de98473b194848fd968901043
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2e5c48981d7dbaa37c503097f81fcfb7b7541a3be895188822a03ee69e40a0b
e32bc13b3e4f0568bb50f59accaa28371bba1f54950e84169b1d571557bab84b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f2ba4f1a2e7247d4598ee816ac1a53bca03cc6fcc6636bd15087264e6d2cc791
f44f6526e35f8f2595a297c9e049e8efe9159f763c1d14832ada2d66931eebf8
f5aa94a7becd0d69123d55072d709bc6fa79b8f44ed4723f1e1eaff535f6a8d2
f6f9756179380c58899c845278f361af931be8948bc635d9f1f0c34ed372ec08
f7f7217e607d2991b2e5988302754355c34679675b113e5e451c9f81a4328b08
fe7ca5b465b338f88ef1f4db8dcbd5df9055f9bc3cd48d4b81c138298a848743

138.68.148.191.sslip.io Open in urlscan Pro 138.68.148.191 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

209 Requests

96 %HTTPS

44 %IPv6

39 Domains

62 Subdomains

61 IPs

8 Countries

2918 kBTransfer

8439 kBSize

42 Cookies

63 Outgoing links

Redirected requests

209 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

138.68.148.191.sslip.io Open in urlscan Pro
138.68.148.191 Public Scan

Screenshot
Live screenshot

Full Image

209
Requests

96 %
HTTPS

44 %
IPv6

39
Domains

62
Subdomains

61
IPs

8
Countries

2918 kB
Transfer

8439 kB
Size

42
Cookies

209 HTTP transactions
1 data transactions