www.thestar.com Open in urlscan Pro
52.222.149.23 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Submission: On July 10 via api (July 10th 2023, 5:43:04 pm UTC) from DE — Scanned from DE

Summary HTTP 348 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 108 IPs in 11 countries across 79 domains to perform 348 HTTP transactions. The main IP is 52.222.149.23, located in United States and belongs to AMAZON-02, US. The main domain is www.thestar.com. The Cisco Umbrella rank of the primary domain is 86309.
TLS certificate: Issued by Trustwave Organization Validation SHA... on September 27th 2022. Valid for: a year.

This is the only time www.thestar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	52.222.149.23 52.222.149.23	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:236... 2600:9000:236e:4800:16:970:b940:93a1	16509 (AMAZON-02) (AMAZON-02)
34	18.66.112.98 18.66.112.98	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
24	2606:4700:e4:... 2606:4700:e4::ac40:a821	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200d	15169 (GOOGLE) (GOOGLE)
1	2600:9000:245... 2600:9000:2450:9800:8:2ae1:d740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:29aa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.21.220.26 52.21.220.26	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.157.133 150.136.157.133	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
4	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
13	18.66.97.82 18.66.97.82	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::ac43:490d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:20:... 2606:4700:20::681a:68b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	51.104.28.77 51.104.28.77	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.32.185.123 23.32.185.123	16625 (AKAMAI-AS) (AKAMAI-AS)
2	13.32.121.21 13.32.121.21	16509 (AMAZON-02) (AMAZON-02)
1	13.32.118.217 13.32.118.217	16509 (AMAZON-02) (AMAZON-02)
1	52.222.250.8 52.222.250.8	16509 (AMAZON-02) (AMAZON-02)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
3	13.225.30.130 13.225.30.130	16509 (AMAZON-02) (AMAZON-02)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
2 3	37.252.171.22 37.252.171.22	29990 (ASN-APPNEX) (ASN-APPNEX)
9	34.107.254.252 34.107.254.252	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	3.216.196.193 3.216.196.193	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:44f... 2600:1f18:44f0:4847:78ed:de6e:2e51:d042	14618 (AMAZON-AES) (AMAZON-AES)
3	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
2	52.49.138.0 52.49.138.0	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	18.66.100.58 18.66.100.58	16509 (AMAZON-02) (AMAZON-02)
9	35.190.14.224 35.190.14.224	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2 3	2606:4700::68... 2606:4700::6810:7caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.48.195.8 52.48.195.8	16509 (AMAZON-02) (AMAZON-02)
2	63.140.62.135 63.140.62.135	15224 (OMNITURE) (OMNITURE)
1 1	3.248.138.51 3.248.138.51	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:ec00:a:e047:753:be1	() ()
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c0d::9c	15169 (GOOGLE) (GOOGLE)
15	104.18.43.178 104.18.43.178	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1	54.221.61.97 54.221.61.97	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:b0c0:3:d... 2a03:b0c0:3:d0::be2:3001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
4	2a03:b0c0:3:f... 2a03:b0c0:3:f0::1bc:5000	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
6	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
4	54.155.18.159 54.155.18.159	16509 (AMAZON-02) (AMAZON-02)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	13.32.121.102 13.32.121.102	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	34.120.23.223 34.120.23.223	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
2	2600:1f18:143... 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
2	2a02:26f0:350... 2a02:26f0:3500:883::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:310... 2a02:26f0:3100::1735:28a8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.206.208.183 23.206.208.183	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	2600:9000:20e... 2600:9000:20eb:2a00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4 5	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
1	18.164.47.100 18.164.47.100	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:3965	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	35.157.188.225 35.157.188.225	16509 (AMAZON-02) (AMAZON-02)
1 1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	52.29.179.154 52.29.179.154	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.138.154 185.86.138.154	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	54.77.186.210 54.77.186.210	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	54.77.165.80 54.77.165.80	16509 (AMAZON-02) (AMAZON-02)
7	2a02:2638:d::2 2a02:2638:d::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:d::11 2a02:2638:d::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
2 2	35.156.133.126 35.156.133.126	16509 (AMAZON-02) (AMAZON-02)
2 2	34.254.57.122 34.254.57.122	16509 (AMAZON-02) (AMAZON-02)
2 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
2	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
4	185.64.191.210 185.64.191.210	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1 2	67.220.224.150 67.220.224.150	16509 (AMAZON-02) (AMAZON-02)
1	99.80.74.242 99.80.74.242	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.129.221 34.111.129.221	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.111.131.239 34.111.131.239	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	54.156.96.96 54.156.96.96	14618 (AMAZON-AES) (AMAZON-AES)
3 3	37.157.2.229 37.157.2.229	198622 (ADFORM) (ADFORM)
1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	198.47.127.205 198.47.127.205	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	2a05:d018:d29... 2a05:d018:d29:3605:dd30:da7f:d6fe:8bcf	16509 (AMAZON-02) (AMAZON-02)
2 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 2	52.214.14.119 52.214.14.119	16509 (AMAZON-02) (AMAZON-02)
1	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
348	108

33 52.222.149.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-23.cdg52.r.cloudfront.net

www.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:236e:4800:16:970:b940:93a1 (United States)

ASN16509 (AMAZON-02, US)

prebid.the-ozone-project.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 18.66.112.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-98.fra56.r.cloudfront.net

z737.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2606:4700:e4::ac40:a821 (United States)

ASN13335 (CLOUDFLARENET, US)

images.thestarimages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2450:9800:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.viafoura.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:29aa (United States)

ASN13335 (CLOUDFLARENET, US)

be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.21.220.26 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-220-26.compute-1.amazonaws.com

torstar.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.157.133 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

torstar.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.66.97.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-82.fra56.r.cloudfront.net

resources.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:490d (United States)

ASN13335 (CLOUDFLARENET, US)

static.app.delivery	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:68b (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 51.104.28.77 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adserver.pressboard.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sr.studiostack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.185.123 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-123.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-21.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.118.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-118-217.fra60.r.cloudfront.net

d1nxn87txdj54y.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.250.8 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-250-8.fra60.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.30.130 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-30-130.cdg3.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.22 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.216.196.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-196-193.compute-1.amazonaws.com

api.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:44f0:4847:78ed:de6e:2e51:d042 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.138.0 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-138-0.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.100.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-100-58.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.190.14.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.14.190.35.bc.googleusercontent.com

query.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7caf (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.195.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-195-8.eu-west-1.compute.amazonaws.com

torontostarnewspaperslimited.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.62.135 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-135.data.adobedc.net

s.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.138.51 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-138-51.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:ec00:a:e047:753:be1 (United States)

ASN- ()

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c0d::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.18.43.178 (None, )

ASN13335 (CLOUDFLARENET, US)

elb.the-ozone-project.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.221.61.97 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-61-97.compute-1.amazonaws.com

torstar.sb.blueconic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:b0c0:3:d0::be2:3001 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

push.kumulos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:b0c0:3:f0::1bc:5000 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

events.kumulos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.155.18.159 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-18-159.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-102.fra60.r.cloudfront.net

api.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.23.223 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 223.23.120.34.bc.googleusercontent.com

engagefront.theweathernetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pixel.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:883::1931 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

10230056.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3100::1735:28a8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.206.208.183 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-183.deploy.static.akamaitechnologies.com

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:2a00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.66 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.47.100 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-47-100.cdg50.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.188.225 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-188-225.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.179.154 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-179-154.eu-central-1.compute.amazonaws.com

crb.kargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.154 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.77.186.210 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-186-210.eu-west-1.compute.amazonaws.com

ad2.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.165.80 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-165-80.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:d::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.75.62.37 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.133.126 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-133-126.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.254.57.122 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-57-122.eu-west-1.compute.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 1 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.191.210 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.224.150 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.74.242 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-74-242.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 221.129.111.34.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.131.111.34.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.156.96.96 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-96-96.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.229 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.205 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:dd30:da7f:d6fe:8bcf (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.214.14.119 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-14-119.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	thestar.com www.thestar.com — Cisco Umbrella Rank: 86309 z737.thestar.com — Cisco Umbrella Rank: 272812 resources.thestar.com — Cisco Umbrella Rank: 247533 s.thestar.com — Cisco Umbrella Rank: 358269 api.thestar.com — Cisco Umbrella Rank: 385528 pixel.thestar.com — Cisco Umbrella Rank: 492853	2 MB
24	thestarimages.com images.thestarimages.com — Cisco Umbrella Rank: 198509	1 MB
22	google.com news.google.com — Cisco Umbrella Rank: 5509 accounts.google.com — Cisco Umbrella Rank: 67 region1.analytics.google.com — Cisco Umbrella Rank: 2556 play.google.com — Cisco Umbrella Rank: 58 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1670 www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 113	182 KB
18	the-ozone-project.com prebid.the-ozone-project.com — Cisco Umbrella Rank: 17581 elb.the-ozone-project.com — Cisco Umbrella Rank: 5610	89 KB
17	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 ad.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 130 10230056.fls.doubleclick.net — Cisco Umbrella Rank: 405233 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346 cm.g.doubleclick.net — Cisco Umbrella Rank: 254	188 KB
14	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	64 KB
13	criteo.net static.criteo.net — Cisco Umbrella Rank: 568 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 7998 csm.eu.criteo.net — Cisco Umbrella Rank: 7838	105 KB
10	pubmatic.com 1 redirects ads.pubmatic.com — Cisco Umbrella Rank: 553 image6.pubmatic.com — Cisco Umbrella Rank: 812 image2.pubmatic.com — Cisco Umbrella Rank: 1036 simage2.pubmatic.com — Cisco Umbrella Rank: 797 simage4.pubmatic.com — Cisco Umbrella Rank: 1338	26 KB
10	petametrics.com cdn.petametrics.com — Cisco Umbrella Rank: 14852 query.petametrics.com — Cisco Umbrella Rank: 15738	50 KB
9	permutive.com api.permutive.com — Cisco Umbrella Rank: 2037	2 KB
8	kumulos.com push.kumulos.com — Cisco Umbrella Rank: 174722 events.kumulos.com — Cisco Umbrella Rank: 121217	7 KB
8	studiostack.com sr.studiostack.com — Cisco Umbrella Rank: 51305	28 KB
8	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	542 KB
7	gstatic.com www.gstatic.com	165 KB
7	parsely.com api.parsely.com — Cisco Umbrella Rank: 12039 cdn.parsely.com — Cisco Umbrella Rank: 3062 p1.parsely.com — Cisco Umbrella Rank: 2242	40 KB
6	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1025	64 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 414 www.linkedin.com — Cisco Umbrella Rank: 544 px4.ads.linkedin.com — Cisco Umbrella Rank: 6544	5 KB
4	audrte.com 3 redirects a.audrte.com — Cisco Umbrella Rank: 2962	3 KB
4	adform.net 3 redirects cm.adform.net — Cisco Umbrella Rank: 1276 dmp.adform.net — Cisco Umbrella Rank: 3542 c1.adform.net — Cisco Umbrella Rank: 633	2 KB
4	criteo.com rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 15453 ads.eu.criteo.com — Cisco Umbrella Rank: 7742 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 9055 dis.criteo.com — Cisco Umbrella Rank: 608	47 KB
4	openx.net 2 redirects oajs.openx.net — Cisco Umbrella Rank: 1385 google-bidout-d.openx.net — Cisco Umbrella Rank: 1388 rtb.openx.net — Cisco Umbrella Rank: 982	1015 B
4	google.de www.google.de — Cisco Umbrella Rank: 4752 adservice.google.de — Cisco Umbrella Rank: 10561	1 KB
4	btloader.com btloader.com — Cisco Umbrella Rank: 1077 api.btloader.com — Cisco Umbrella Rank: 1148	7 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr — Cisco Umbrella Rank: 25056 idsync.frontend.weborama.fr — Cisco Umbrella Rank: 22775	897 B
3	yahoo.com 2 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 338 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481	1 KB
3	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 745	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 390	13 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	265 B
3	unpkg.com 2 redirects unpkg.com — Cisco Umbrella Rank: 1037	3 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 218 torontostarnewspaperslimited.demdex.net — Cisco Umbrella Rank: 304964	5 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 257	2 KB
3	blueconic.net torstar.blueconic.net — Cisco Umbrella Rank: 329761 torstar.sb.blueconic.net — Cisco Umbrella Rank: 452774	6 KB
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 610	1 KB
2	casalemedia.com 2 redirects ssum.casalemedia.com — Cisco Umbrella Rank: 1357	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	560 B
2	3lift.com 2 redirects eb2.3lift.com — Cisco Umbrella Rank: 422	794 B
2	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 4694	1 KB
2	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	967 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 383	529 B
2	360yield.com 2 redirects ad2.360yield.com — Cisco Umbrella Rank: 12415	705 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 914	6 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 833	20 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	236 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 808 id5-sync.com — Cisco Umbrella Rank: 423	25 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1168	1 KB
2	viafoura.co api.viafoura.co — Cisco Umbrella Rank: 11259	6 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	82 KB
2	cloudfront.net d1nxn87txdj54y.cloudfront.net d1z2jf7jlzjs58.cloudfront.net	2 KB
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 162	3 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4532	2 KB
1	simpli.fi um.simpli.fi — Cisco Umbrella Rank: 981	611 B
1	crwdcntrl.net sync.crwdcntrl.net — Cisco Umbrella Rank: 955	265 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 977	793 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 782	277 B
1	yieldmo.com ads.yieldmo.com — Cisco Umbrella Rank: 688	35 B
1	smartadserver.com 1 redirects ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1820	357 B
1	kargo.com crb.kargo.com — Cisco Umbrella Rank: 1783	462 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 566	359 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 374	239 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1174	7 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1031	374 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1562	637 B
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1396	8 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 732	727 B
1	t.co t.co — Cisco Umbrella Rank: 511	378 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 768	15 KB
1	theweathernetwork.com engagefront.theweathernetwork.com — Cisco Umbrella Rank: 3617	315 B
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1568	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1516	2 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1111	517 B
1	prmutv.co be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co — Cisco Umbrella Rank: 355830	394 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 639	54 KB
1	pressboard.ca adserver.pressboard.ca — Cisco Umbrella Rank: 95352	789 B
1	app.delivery static.app.delivery — Cisco Umbrella Rank: 58312	32 KB
1	gscontxt.net torstar.gscontxt.net — Cisco Umbrella Rank: 287766	369 B
1	permutive.app be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app — Cisco Umbrella Rank: 285389	146 KB
1	viafoura.net cdn.viafoura.net — Cisco Umbrella Rank: 10870	12 KB
0	districtm.io Failed dmx.districtm.io Failed
348	79

	Domain	Requested by
34	z737.thestar.com	www.thestar.com z737.thestar.com
33	www.thestar.com	www.thestar.com
24	images.thestarimages.com	www.thestar.com
15	elb.the-ozone-project.com	prebid.the-ozone-project.com elb.the-ozone-project.com ads.pubmatic.com static.cloudflareinsights.com
13	resources.thestar.com	www.thestar.com resources.thestar.com
9	query.petametrics.com	www.thestar.com
9	api.permutive.com	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
8	sr.studiostack.com	adserver.pressboard.ca sr.studiostack.com
8	www.googletagmanager.com	www.thestar.com www.googletagmanager.com
8	news.google.com	www.thestar.com news.google.com www.gstatic.com
7	static.criteo.net	ads.eu.criteo.com
7	www.gstatic.com	news.google.com www.gstatic.com
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
6	pagead2.googlesyndication.com	ad.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	play.google.com	www.gstatic.com
4	a.audrte.com	3 redirects ads.pubmatic.com
4	cm.g.doubleclick.net	4 redirects
4	image2.pubmatic.com	ads.pubmatic.com
4	imageproxy.eu.criteo.net	ads.eu.criteo.com
4	p1.parsely.com	cdn.parsely.com www.thestar.com
4	events.kumulos.com	static.app.delivery
4	push.kumulos.com	static.app.delivery
4	securepubads.g.doubleclick.net	www.thestar.com securepubads.g.doubleclick.net
3	px.ads.linkedin.com	3 redirects
3	ct.pinterest.com	s.pinimg.com www.thestar.com
3	bat.bing.com	www.thestar.com bat.bing.com
3	www.facebook.com	www.thestar.com
3	www.google.de	www.thestar.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	unpkg.com	2 redirects www.thestar.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	api.btloader.com	btloader.com
3	ib.adnxs.com	2 redirects be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
3	c.amazon-adsystem.com	www.thestar.com c.amazon-adsystem.com
3	prebid.the-ozone-project.com	www.thestar.com prebid.the-ozone-project.com
2	match.prod.bidr.io	2 redirects
2	ssum.casalemedia.com	2 redirects
2	c1.adform.net	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	image6.pubmatic.com	1 redirects ads.pubmatic.com
2	ads.pubmatic.com	elb.the-ozone-project.com ads.pubmatic.com
2	eb2.3lift.com	2 redirects
2	ads.avct.cloud	2 redirects
2	x.bidswitch.net	2 redirects
2	match.adsrvr.org	elb.the-ozone-project.com ads.pubmatic.com
2	ups.analytics.yahoo.com	2 redirects
2	csm.eu.criteo.net	ads.eu.criteo.com
2	ad2.360yield.com	2 redirects
2	ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	adservice.google.com	10230056.fls.doubleclick.net securepubads.g.doubleclick.net
2	www.google.com	www.thestar.com tpc.googlesyndication.com
2	snap.licdn.com	www.thestar.com snap.licdn.com
2	10230056.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s.pinimg.com	www.thestar.com s.pinimg.com
2	pixel.thestar.com	connect.facebook.net
2	connect.facebook.net	z737.thestar.com connect.facebook.net
2	api.thestar.com	www.thestar.com
2	oajs.openx.net	1 redirects www.thestar.com
2	region1.analytics.google.com	www.googletagmanager.com
2	s.thestar.com	resources.thestar.com
2	dpm.demdex.net	resources.thestar.com www.thestar.com
2	ad.doubleclick.net	www.thestar.com
2	ad-delivery.net	www.thestar.com
2	api.viafoura.co	cdn.viafoura.net
2	api.parsely.com	www.thestar.com
2	www.googletagservices.com	www.thestar.com ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
2	sb.scorecardresearch.com	www.thestar.com
2	dev.visualwebsiteoptimizer.com	www.thestar.com
2	torstar.blueconic.net	z737.thestar.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	simage2.pubmatic.com	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	dmp.adform.net	1 redirects
1	idsync.frontend.weborama.fr	ads.pubmatic.com
1	sync.crwdcntrl.net	ads.pubmatic.com
1	p.rfihub.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	ap.lijit.com	elb.the-ozone-project.com
1	cm.adform.net	elb.the-ozone-project.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	ads.yieldmo.com	elb.the-ozone-project.com
1	ads.eu.criteo.com	ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
1	rtb.fr3.eu.criteo.com	www.thestar.com
1	ssbsync-global.smartadserver.com	1 redirects
1	crb.kargo.com	elb.the-ozone-project.com
1	rtb.openx.net	1 redirects
1	match.sharethrough.com	elb.the-ozone-project.com
1	pixel.rubiconproject.com	elb.the-ozone-project.com
1	static.cloudflareinsights.com	elb.the-ozone-project.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	googleads4.g.doubleclick.net	ad.doubleclick.net
1	adservice.google.de	adservice.google.com
1	px4.ads.linkedin.com	www.thestar.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	alb.reddit.com	www.thestar.com
1	www.redditstatic.com	www.thestar.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	analytics.twitter.com	www.thestar.com
1	t.co	www.thestar.com
1	static.ads-twitter.com	www.thestar.com
1	fundingchoicesmessages.google.com	www.thestar.com
1	engagefront.theweathernetwork.com	www.thestar.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	torstar.sb.blueconic.net	www.thestar.com
1	id5-sync.com	cdn.id5-sync.com
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	cm.everesttech.net	1 redirects
1	torontostarnewspaperslimited.demdex.net	resources.thestar.com
1	cdn.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
1	cdn.petametrics.com	www.thestar.com
1	d1z2jf7jlzjs58.cloudfront.net	www.thestar.com
1	d1nxn87txdj54y.cloudfront.net	www.thestar.com
1	z.moatads.com	www.thestar.com
1	adserver.pressboard.ca	www.thestar.com
1	btloader.com	www.thestar.com
1	static.app.delivery	www.thestar.com
1	torstar.gscontxt.net	www.thestar.com
1	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app	www.thestar.com
1	cdn.viafoura.net	www.thestar.com
1	accounts.google.com	www.thestar.com
0	dmx.districtm.io Failed	elb.the-ozone-project.com
348	128

This site contains links to these domains. Also see Links.

Domain
sale.thestar.com
pubads.g.doubleclick.net
diversions.thestar.com
www.torontostarreprints.com
www.homefinder.ca
www.tsoffers.ca
toriservices.newscyclecloud.com
torontostar.pressreader.com
www.thestaradvisers.com
www.classroomconnection.ca
pagesofthepast.ca
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
apps.apple.com
play.google.com
notices.torstar.com
z737.thestar.com

Subject Issuer	Validity	Valid
*.thestar.com Trustwave Organization Validation SHA256 CA, Level 1	`2022-09-27` - `2023-10-19`	a year	crt.sh
*.the-ozone-project.com Amazon RSA 2048 M02	`2023-02-24` - `2023-12-20`	10 months	crt.sh
z737.thestar.com Amazon RSA 2048 M01	`2023-02-06` - `2024-03-06`	a year	crt.sh
*.news.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
thestarimages.com GTS CA 1P5	`2023-05-23` - `2023-08-21`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
viafoura.com Amazon RSA 2048 M01	`2023-02-28` - `2023-10-06`	7 months	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2023-07-09` - `2023-10-07`	3 months	crt.sh
*.blueconic.net Amazon RSA 2048 M01	`2023-06-08` - `2024-07-06`	a year	crt.sh
*.gscontxt.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-08` - `2023-12-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-06` - `2024-05-05`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
*.pressboard.ca Go Daddy Secure Certificate Authority - G2	`2023-02-13` - `2024-03-16`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
cdn.liftigniter.com R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.prmutv.co R3	`2023-06-06` - `2023-09-04`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
api.permutive.com R3	`2023-06-17` - `2023-09-15`	3 months	crt.sh
*.parsely.com Amazon RSA 2048 M02	`2023-05-06` - `2024-06-03`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
api.btloader.com GTS CA 1D4	`2023-06-13` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.liftigniter.com R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
*.studiostack.com Go Daddy Secure Certificate Authority - G2	`2022-11-16` - `2023-12-18`	a year	crt.sh
s.thestar.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-05-18` - `2023-08-16`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-05-28` - `2023-08-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
the-ozone-project.com E1	`2023-06-30` - `2023-09-28`	3 months	crt.sh
*.id5-sync.com R3	`2023-07-04` - `2023-10-02`	3 months	crt.sh
*.sb.blueconic.net Amazon RSA 2048 M02	`2023-02-22` - `2024-01-05`	10 months	crt.sh
*.kumulos.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-01` - `2024-06-01`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-19` - `2023-07-18`	3 months	crt.sh
engagefront.theweathernetwork.com GTS CA 1D4	`2023-06-23` - `2023-09-21`	3 months	crt.sh
pixel.thestar.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-08-08`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.dev.kargo.com Amazon RSA 2048 M01	`2023-02-13` - `2024-03-12`	a year	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-03` - `2023-08-27`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
*.yieldmo.com Amazon RSA 2048 M01	`2023-04-04` - `2024-05-02`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-18` - `2023-08-18`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-07` - `2023-08-30`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-25` - `2024-06-18`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-06-21` - `2024-03-02`	8 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh

This page contains 21 frames:

Primary Page: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Frame ID: C6B4143EA7F28058958ED5872C157B7C
Requests: 249 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=1689010973251&publicationId=thestar.com
Frame ID: 93B19080CA97CCDD0EB3ACB667B86576
Requests: 13 HTTP requests in this frame

Frame: https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0
Frame ID: 74D7A3473BECA9B6F0DC4EB3719F65A4
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 4C82E9F2A2DBC43B765F71B26EE6DBF3
Requests: 1 HTTP requests in this frame

Frame: https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Frame ID: 93145D638559ADBB583D8DF0753E1E9F
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D19AF87B188F6BD68118999E89656A1C
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Frame ID: D1C950353DBBBBB60EF9B9015C0B72CF
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Frame ID: DD8F90FBAB62191028566070714994C8
Requests: 1 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: E99599E82CE06EC2B150430956DE3FE9
Requests: 1 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Frame ID: D1B43A2C7A34F929F72DE569CD368E0A
Requests: 22 HTTP requests in this frame

Frame: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E1F198E511B8C8AFCE51E56EF5B3A050
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E963F6CBD0DECB1A1C10D5A6263E446F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F139B4394C4E6ECED0EB12377A5F58EF
Requests: 2 HTTP requests in this frame

Frame: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A2C1EF2D4A86FD63A93513DCC91D3767
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZKxDIQAHZNYH_YNuAA9zHIpj7EoWchllu2tRHw&u=%7C%2BDZOCBSVT86y%2F5IUK5TWRJepXNobt7gS4lYgtbglGhE%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoL2jxemlko8gG8bsssxCR7BnsVTtTGKmMDXcAzdk4mov_hysDqWkxb3EiedWll_5wTGJmeR5Jr-9FxQWsJMne8VV4uw_a-V_6BDo62dakSTkWC86s2nWreSBbeWfAOTu2oQ3CxotyrhrFAj0lpNqoybU3vDvZKTfufBgqyevS8fbbRMuyWHFO4xBy-EKEWRgr48UWGXkTvRqDG3Nu5wcvj4trOWzYO6NWWSB1yVRu8-qX0XebMixypj59IGrfqtJtN-j0eGA1uHd4yXPMHuMPt0YO4LMvoN6l4s9mZfKuJc4BehsuLm9xrX-BUxd_nlO46nP7sP-XWGtCAzghSFCfn3oAl0MvabkLbzmfFEJ2ZBy8JDzNSjPWYiFx4RQHmGH_jc5QlqhMStlAgUNGRswHK9Vtfx0j-Pb9ANqUby49PrbkjqemqWwm78G150IR58popZ8SO3v8n8o0uu_3DvsIWYqf-tMg5n7JARt4DL6CgUd4HJzwOdw25mGOZe3TohEaLZKSGiQ6ApErG6W4pzFvvAFjnnsOdHPOoJF2RaYmP-oz&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0rJIUOsZNbJHe6G9u8PnOa9kALJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTgxODg0MzE0MjU1MDk5OTfIAQmpApxeTIt2X7I-4AIAqAMByAMCqgT3Ak_QvY6BSvn0YjJ2mujZoQxO9ecdwWS7kAb8twy_JGFA-gW9lz7cc4WjIvvv8cuczE2_EJ1VrPJZqJmJSPV6_heixVhCLnrUksxHeSsJ6EFFfxAIGdV7uZnDe0jjse96zjXS73UdtfiXz3DGkqJO2LnzQsjhpoO1OobJfisqqbyVziHruOneBkkX4h2dhsIHMu9X5fiFWrhczcCwPA0xmEpG10p4h8n_fGAGZhQNAMpVHCa5AkLBqKzTCnMYShBm6Y9ieAfDHcBc-uI5MLUZTfqitR48bVuf2AhLUl7z7BJJvknDsM_HRHY7H67uUdK2UUDavwHto2Lj-oJzRsnk4MSmBSsnuD83FKtMfWHfzFzDB15TSvDS2jUpUZ6EDu-FYNF2vqHrS7eYciGnfwuenujkZZrfiemEMR6RP2gTCeQbpuyNB0saQwFuOZMd-M1TtzGEXopNai6yD-49YpARWXOImpi9sA5toD6OCg6TBYfKUGVEKhWLb-AEAYAGyaq0r7-z39rWAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAcBABMgLrAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3UYCJcQh-owCQf7K-h-QkxrRrjOA%26client%3Dca-pub-8188431425509997%26adurl%3D
Frame ID: 7F79F0BD595E9D555BE303CA9CE7884E
Requests: 15 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Frame ID: B1558E188955BFFF100049732D992AAC
Requests: 13 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 961CA3572D8CD28CE1891DE40CB51461
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828766967001
Frame ID: 0CD76B35DB8BD3AC534EF0ABB4213589
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=826918622181378742
Frame ID: 3E58983523673588800DCCF5A0A3CA95
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: A372327F0596B564ECAE26613C066795
Requests: 1 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A
Frame ID: 594127806E7AE441A97E9AC669AA8209
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Butterfly Ball raises nearly $1 million to support abused children | The Star

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

348
Requests

93 %
HTTPS

39 %
IPv6

79
Domains

128
Subdomains

108
IPs

11
Countries

5501 kB
Transfer

14635 kB
Size

116
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://sale.thestar.com/swg-2cta-faq/
Title: SALE: $3.33/monthSubscribe Now

Search URL Search Domain Scan URL

URL: http://pubads.g.doubleclick.net/gampad/clk?id=5985467267&iu=/58580620

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/
Title: fun & games

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/comics.html
Title: comics

Search URL Search Domain Scan URL

URL: http://www.torontostarreprints.com/
Title: www.TorontoStarReprints.com

Search URL Search Domain Scan URL

URL: https://www.homefinder.ca/
Title: Homefinder.ca

Search URL Search Domain Scan URL

URL: https://www.tsoffers.ca/
Title: Subscribe to Home Delivery

Search URL Search Domain Scan URL

URL: https://toriservices.newscyclecloud.com/cgi-bin/cmo_tor-c-cmdb-01.sh/custservice/web/login.html?SiteID=TS
Title: Manage Home Delivery Subscription

Search URL Search Domain Scan URL

URL: http://torontostar.pressreader.com/
Title: Star ePaper Edition

Search URL Search Domain Scan URL

URL: https://www.thestaradvisers.com/Portal/default.aspx
Title: Star Advisers

Search URL Search Domain Scan URL

URL: http://www.classroomconnection.ca/
Title: Classroom Connection

Search URL Search Domain Scan URL

URL: http://pagesofthepast.ca/
Title: Toronto Star Archives

Search URL Search Domain Scan URL

URL: https://www.facebook.com/torontostar

Search URL Search Domain Scan URL

URL: https://twitter.com/torontostar

Search URL Search Domain Scan URL

URL: https://www.youtube.com/TorontoStar

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thetorontostar/

Search URL Search Domain Scan URL

URL: https://apps.apple.com/ca/app/thestar-com-iphone/id379481068

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.thestar.www

Search URL Search Domain Scan URL

URL: http://notices.torstar.com/privacy-policy/index.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://notices.torstar.com/main_terms_of_use_daily_and_community_brands_EN/
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://z737.thestar.com/s/4KQ?profileid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9
Title: Get This Offer

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://unpkg.com/web-vitals HTTP 302
https://unpkg.com/web-vitals@3.3.2 HTTP 302
https://unpkg.com/web-vitals@3.3.2/dist/web-vitals.iife.js

Request Chain 112

https://cm.everesttech.net/cm/dd?d_uuid=00625390981284679713544092244171602429 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZKxDHQAAAFuFYQN6

Request Chain 133

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp&cc=1

Request Chain 233

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html HTTP 302
https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Request Chain 253

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1689010975726%26url%3Dhttps%253A%252F%252Fwww.thestar.com%252Fentertainment%252F2023%252F06%252F17%252Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&cookiesTest=true&liSync=true&e_ipv6=AQLoYsLFON62-wAAAYlA5jbUDsZdvFdlp4jXQo3aQzTJ2sCbOIz8eh_PzKl9E2iOmy6PDo05

Request Chain 276

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=24d50dd3-dd32-4be2-baae-8efaf4b9017f

Request Chain 279

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=6974405884151981659

Request Chain 283

https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=3fd128bb-d16c-43dd-879a-03a8ad82c255

Request Chain 309

https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%24UID HTTP 302
https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%24UID&verify=true HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-PvwZBlVE2uEdB5MJVs1MMi8fmMji4c2odBGQ7XI-~A&gdpr=0

Request Chain 315

https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Felb.the-ozone-project.com%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D0%2526gdpr_consent%253D%2526uid%253D%2524UID HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=7433993571469477067

Request Chain 317

https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=9eda8b9a-5f6d-4396-b018-1b6ab992f4c9

Request Chain 318

https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 307
https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=f02eae1f-fb20-472a-988a-775aaf07cb35

Request Chain 319

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=88943481766289253631

Request Chain 326

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828766967001

Request Chain 327

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=826918622181378742

Request Chain 328

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 330

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YSSKAgnpRs-_8RKpXcO_Kg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 332

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=926490003 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=61248A02-09E9-46CF-BFF1-12A95DC3BF2A

Request Chain 333

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZTllSTZqdDMtRFNRZDZnaHRFVkQzM3JYdw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=8252916355776753685&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
https://a.audrte.com/p

Request Chain 334

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjEyNDhBMDItMDlFOS00NkNGLUJGRjEtMTJBOTVEQzNCRjJB&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 335

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOFbeVJLlxhB-IDglOgW5D8&google_cver=1

Request Chain 337

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8252916355776753685

Request Chain 341

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D&gdpr=0&gdpr_consent=&s=189937&us_privacy=pbs-ozone&C=1 HTTP 302
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZKxDJHyd2WYBGaWA7UU.4QAA%261121

Request Chain 342

https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1 HTTP 303
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADW6k7JWIYAACMGEKwOMw

348 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html Show response
www.thestar.com/entertainment/2023/06/17/ 468 KB
69 KB 384ms
317ms Document
text/html 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

f086cfbf071ec970c51b64f6626a3de2cbc6f68245d6594d51f8e86c48b707be

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=180
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 10 Jul 2023 17:42:52 GMT
etag: W/"75171-cjBBtdI+wMaV9q7qDw3HbaoyRnE"
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
vary: Accept-Encoding
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-id: x2qgD5DVgQmBNdSRYRNPx6kV07rySfnZ5LrRwHcnnKV-YXTzazumOA==
x-amz-cf-pop: CDG52-P1
x-cache: Miss from cloudfront
x-frame-options: SAMEORIGIN
x-powered-by: Express

GET
H2 200 TorstarTextO3-Roman.ttf
www.thestar.com/assets/fonts/ 24 KB
16 KB 74ms
72ms Font
font/ttf 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/TorstarTextO3-Roman.ttf

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

502a19bd8010b390245ee5ce7cab84a4250da24d548828b555a53a68cfbd8db9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:36:09 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 11203
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"6028-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
x-amz-cf-id: WpqW3_o0BEalKwNa0c1ZbYQj7XqZk2fl9QsCTnDkfvFSJmJebDJa6Q==

GET
H2 200 TorstarTextO3-Italic.woff2
www.thestar.com/assets/fonts/ 18 KB
18 KB 63ms
62ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/TorstarTextO3-Italic.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

448edd4a71b4ca28931010c1c2166872801702a420ff549a7c757edf863d7530

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:25:25 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 1047
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 18316
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"478c-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: Aq6kXsBTgAyaAr8B9m3UmdOi4XU6oYMCBDj7EjRuKQF5_uWQjQRjhg==

GET
H2 200 TorstarTextO3-Bold.woff2
www.thestar.com/assets/fonts/ 18 KB
18 KB 51ms
49ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/TorstarTextO3-Bold.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

38254c821b6bec9ee36bb8116cf81a16b0a9c2a51f97cacdb483b4fdeb6e3821

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:29:10 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 4422
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 18276
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"4764-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: mn5pvjF9FY2z_vYrpHeJy3eieCMvIeA0rQ4RQnHnGZPg0sjIiaRy8w==

GET
H2 200 TorstarDeckCondensed-Roman.woff2
www.thestar.com/assets/fonts/ 19 KB
19 KB 54ms
52ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/TorstarDeckCondensed-Roman.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

5f8f2739eab8542e8316b8d27f96040f31ae37bba3f5247dc55a7a32d1eac773

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 13:59:22 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 14248
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 19052
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"4a6c-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: sWz6A52_th1UVqXYc-iBQglWvV4pDpT6h8t7kD44-vip_Y-sFsh2Kw==

GET
H2 200 TorstarDeckCondensed-Semibold.woff2
www.thestar.com/assets/fonts/ 18 KB
19 KB 81ms
80ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/TorstarDeckCondensed-Semibold.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

bc2dee2d7bba673bee2abc6490f270aedec3e93055882daa0cd0a474388265b9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:26:53 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 4558
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 18736
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"4930-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: nnXKoLeUmLj8wtEMLA8229ktxnelXSLy1YzpBsXXooYiearib-hmOQ==

GET
H2 200 MerriweatherSans-Regular.woff2
www.thestar.com/assets/fonts/merriweather/ 54 KB
54 KB 66ms
64ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/merriweather/MerriweatherSans-Regular.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

4b123f8e3a4b0db9c32f6add4b53ac3b66afecd0ac6c0b17a90e1451642f7418

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:51:20 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 10292
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 55032
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"d6f8-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: zbt7ekEorZmtL6M2mdH4D79frzPHXH4hmPHo7hYxdeCEQJs6WvdSVQ==

GET
H2 200 MerriweatherSans-Italic.woff2
www.thestar.com/assets/fonts/merriweather/ 52 KB
53 KB 78ms
77ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/merriweather/MerriweatherSans-Italic.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

6a5d134ce0702f55663b83e6d4a9d300e38f9328f96f1651419111712f9f02cb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:50:29 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 3143
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 53664
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"d1a0-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: yd-crP1mXu14GJk8AsCDxElzdU8nhIzl9m_Y12vqH635jL70u6Rt-Q==

GET
H2 200 MerriweatherSans-Bold.woff2
www.thestar.com/assets/fonts/merriweather/ 55 KB
56 KB 57ms
56ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/merriweather/MerriweatherSans-Bold.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

6c6bd4f1d599be4d43843b7dbf5ec5e134cd7aec0c900ac1c030ead10bbe4ea1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:43:00 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 7192
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 56380
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"dc3c-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: EQ8Q-ndJGdhOmuGrEpo_l-1Z-3ZjGHHB-cIAaBmQKyj9q5oH7gbEmQ==

GET
H2 200 MerriweatherSans-BoldItalic.woff2
www.thestar.com/assets/fonts/merriweather/ 54 KB
54 KB 74ms
73ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/merriweather/MerriweatherSans-BoldItalic.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

b8dd12b4cc0283b0d20c31c231b8ae14fa61c1b64d594cd8f8c0ed1948acb3b5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:11:03 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 5509
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 54800
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"d610-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: y72L9c-BpRkPy4BDQAgSX9gX6ekzASoJaupFem2tYiwkj6sQM5h0rQ==

GET
H2 200 MerriweatherSans-Black.woff2
www.thestar.com/assets/fonts/merriweather/ 53 KB
54 KB 70ms
69ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/fonts/merriweather/MerriweatherSans-Black.woff2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

098ac1fe26b8dcbf76d32aa5db27e6112d093743f9a3e4df1dc529c131df4363

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:12:32 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 9020
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 54304
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"d420-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: R0igOQRyR9xnpaa7TRCCEZ3bmWGEYNfeFNF6jclSRekIxnghpA0hmg==

GET
H2 200 toronto-star-adunits.js Show response
prebid.the-ozone-project.com/hw/torstar/ 4 KB
2 KB 70ms
8ms Script
application/javascript 2600:9000:236e:4800:16:970:b940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.the-ozone-project.com/hw/torstar/toronto-star-adunits.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:4800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ac217fa597b7754bca874304308db97d8db94d4733d9027cccae8d7eff7eeceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 07:08:08 GMT
content-encoding: gzip
via: 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified: Fri, 18 Feb 2022 02:13:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 55487
etag: W/"47ec15276ab051ddd124dd65b61efb8f"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: Qmdz-9D-NbxufChNV5eyL6Df9iX7WGpACVP76E1vw0D7BOXgiXRr1A==

GET
H2 200 script.js Show response
z737.thestar.com/ 138 KB
41 KB 60ms
9ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/script.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

f15f1f48088c7b933ba1ac9ab9565c5efccc70d4f7d4ebe94125e060c547f1c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:40:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 157
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 41876
x-xss-protection: 1; mode=block
last-modified: Mon, 10 Jul 2023 17:38:26 GMT
server: -
etag: 4eeadfa41a5154783b87343197d6fe44
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=600
x-robots-tag: noindex, nofollow
x-amz-cf-id: FIWaxDtRh9Extg6EuPEapcC7OYf9gmThbPugs4XPMkCLpKbxK6TbFQ==
expires: Mon, 10 Jul 2023 17:50:15 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 201 KB
59 KB 148ms
38ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb007a43ae5ab23cea15cb5b20c0eaff435f20b12376b715caa66ac93406b0ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:14:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59405
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 20:08:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 18:04:21 GMT

GET
H2 200 butterfly_1_gpm_022.jpg
images.thestarimages.com/p5ZG8VJ0cmavaO8y_QCDG9Il7eY=/605x756/smart/filters:cb(1686952260591):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 93 KB
93 KB 181ms
121ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/p5ZG8VJ0cmavaO8y_QCDG9Il7eY=/605x756/smart/filters:cb(1686952260591):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_1_gpm_022.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73c193b5cf5f9381f5cf17187ba6da391cada081a356c9712f2bf8390c0c3769

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3fc2ec9afde16c0254654ea71cc210e25b97ce8b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxRptkEgR57JrgYafPno9Z9%2BdXrAyYQwf%2Be6bp%2Bq7%2BC5jcYlGUIB7ifm081N%2FMeq4bFHoVhQDyQY6OGVXuM3wiWlXkUDkAD9uzPYalvrmBVwDWSscSLaOWALSd7QpMRznWT3UwpYPvGkPnVMWs1TF78CcTX4Rew%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b137d6c9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 94828
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_001.jpg
images.thestarimages.com/m21lS-V0B3qEH_zIm2iH9NkwfN0=/1086x869/smart/filters:cb(1686952260672):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-r... 48 KB
49 KB 1607ms
1601ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/m21lS-V0B3qEH_zIm2iH9NkwfN0=/1086x869/smart/filters:cb(1686952260672):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_001.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80fd5e47d21938649d3c7dcb2f070fb984ee398a052150b541b844db5cb34c8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "c7dc61a1a761ac9c67b46ddeeb09b14f2538890b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YZM9y%2BF%2B00%2FtEdWUF2utkKxYMhhiBIt5PjFAWa1ZG2x7%2FECYdQ2EUrHn8U3C4g6Oc4H4RE4nf3vGllRDhZR3rUBuGQuz9eHe4qTzEq6S%2BtkWuYq2HUwKt80ZOi55w1uWxnjQ0cx5Q376UvvWHyRHGPs5DF3XfNI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddca9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 49552
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_002.jpg
images.thestarimages.com/maW9LoTzT3TZseNz7qpe5lGg10k=/605x756/smart/filters:cb(1686952260810):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 28 KB
29 KB 128ms
120ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/maW9LoTzT3TZseNz7qpe5lGg10k=/605x756/smart/filters:cb(1686952260810):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_002.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 824f2e98b60d2a43082c8a1d742f071a623f92a8ae350eee153c6e51a7ebb48a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "bdcf3e5f9fb7aa9b55961f74c0069ff2188500ef"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtgIBulSbPxbVfG7jclH3JThrsMDd82wurwSSTcdxk3tBOUP1XMaA9xeMS86HIun6wrJVX9bEjcVUuwCcZx5cdPVtFISGZaln9tB51FNNq1XpDLQYaPiqzE0hzC0UTv%2BVPzTn99SyRchOKWdL7UXiZFgG%2FqJmxw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddd29036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 28828
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_003.jpg
images.thestarimages.com/l8nJPyyweFH6Z5VUHhMXSSZE4ig=/605x756/smart/filters:cb(1686952260874):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 14 KB
14 KB 603ms
596ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/l8nJPyyweFH6Z5VUHhMXSSZE4ig=/605x756/smart/filters:cb(1686952260874):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_003.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc248306922c1b5660c7c40e4e84c51c346249b5836fee7ab35f7ca9824f4587

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "2e75fe6690f9ef94e9d4cd5dc55a416abfb40091"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kD5HKOJcSgzVqq6ZAr8mK%2BuZMsb8P1BY%2BCJ286X3muC1BVid1IOiwCSap1TEYKbeVXF%2Bd9gr8G6rDz9x7IHyJZi6c2sWr3fTsKokbaWUHwJXIwpwwQSt5xmIrfAg0jinUnPdsTJKwGPPrcEgcpVX8G5MV7ty65k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddd39036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13856
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_004.jpg
images.thestarimages.com/VxWOFp4pzndfYz3KKU1TKJAAZ_w=/605x756/smart/filters:cb(1686952260956):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 70 KB
71 KB 843ms
835ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/VxWOFp4pzndfYz3KKU1TKJAAZ_w=/605x756/smart/filters:cb(1686952260956):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_004.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec3bd99a6cc869c2aee64153dafc98abef7bd3766fd1b8c94775e9d67ef2c28c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "43f1cdc48a584e9b04178117f9be7b577e02c78b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2FGuuZCcYBhmXkbj%2F1RAlk%2FmpcKATekBhy84I9lOKvAeOJObCaVDZl82JDadDnnkOGcmTqKiFXhvFP4ug%2By%2FPPp9dx475CmE%2BZh6pf69HSDqHaOkoer871DuJdAVxbXVT2ah%2Ft5MVFBJqvrluai1ZUQUa8qtXq8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddd59036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 72136
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_005.jpg
images.thestarimages.com/p-XOk62KbzYtenXkPf89ic1CKgI=/1086x869/smart/filters:cb(1686952261066):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-r... 134 KB
135 KB 133ms
125ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/p-XOk62KbzYtenXkPf89ic1CKgI=/1086x869/smart/filters:cb(1686952261066):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_005.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8698193addf3c25804f12b649228fe7e20633cfbbc49bb8bacdfb0656b151e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "f83741b396aa0c6787b121a55f24efa237dd25b8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yEYVkeS2kB%2BQxT3BDfjM8jVgua74KlOGw4%2B4yB81QDBbkupYsLsjhnLYW%2FFnDxvyv83PuaLjJ4ceUeeEbaq7kl3YruIjWWBCfDTIoYtoR6oWRm1wS9r4Ho1Xz%2B%2BnN4j7vUVzKkc97wvXeVpJcrIQEz56ZuBvtFc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddd69036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 137608
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_006.jpg
images.thestarimages.com/QUe-odb1mHdDG7mbKoiZfV2ol7k=/605x756/smart/filters:cb(1686952261141):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 72 KB
73 KB 1543ms
1536ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/QUe-odb1mHdDG7mbKoiZfV2ol7k=/605x756/smart/filters:cb(1686952261141):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_006.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f677b3de0cb23a99341897bede04bd5be2062b00f79d3e7eeea360f7f433305

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "c98639e8cd3a8e2beb9c3f278ef79945499eb87d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B88DUo9zQXiZPUufFkOSHG7tWe8Mro6kSMwJZep%2BuLuY6FCaU9cjSYmTgKnfEE%2FjioUBk0SxNObuokWI5%2BboejKG8jYezdoUN%2FuDPUnV7tJax8k6Xtu%2Fi2VqUSmUUjhvEMGRl4LPLqNgHaPBdTQQGylBDp%2Bz6L0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddd79036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 73922
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_007.jpg
images.thestarimages.com/2LhCuU5lOr4-0oGm3v3oY0GDqMg=/605x756/smart/filters:cb(1686952261179):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 20 KB
21 KB 130ms
123ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/2LhCuU5lOr4-0oGm3v3oY0GDqMg=/605x756/smart/filters:cb(1686952261179):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_007.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df84adc099a083a3c613b028b5885cd4209d30d5598b0de456561ef06d89c6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "8f214d84cd64034360169a356f73290d470046bd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SoUUDVaYAvB6sgZX9NDHUsWAqvpMNZ%2FGIRPiXOSzqsKvMg6zKCs4nctjKGM8EthOSxiX83tJ8Y3SPqTmRNNtizxel8Lr5DDlD9X5X%2F6dE1ivSzbV6lWZpT1ns6nMzW76V%2Bk2WIBQyd9l%2BRhV%2Bt%2Bx6kaDXfA6B2I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddda9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 20714
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_008.jpg
images.thestarimages.com/HMFvoT8SbhSNCJVpaPjnH-Uar7U=/605x756/smart/filters:cb(1686952261271):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 28 KB
28 KB 1234ms
1227ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/HMFvoT8SbhSNCJVpaPjnH-Uar7U=/605x756/smart/filters:cb(1686952261271):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_008.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f01a3bab61e5503ed44d618490b13eda06ee8f99a33086055de1a804c46f48dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "6f73a860404123f914e690d2d1c27f8e4c3e7469"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ujbcgt6lh68H7c4buRW4FI9hLDBUr8HmD%2F8LOU349oJW5GMaI0HR3GPMli%2BU9P4bNlXIOqX8IP9b4ffLB4%2BxQ2fVSUGbZrjfMNe0j94TFHiUEbhfwvEvazlASbo6E84cFscNcaPpt%2F9Pnf1P3PPgF3KCrbG6CA8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13dddb9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 28760
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_009.jpg
images.thestarimages.com/0vwEZEc5WEICqz_LY55c2V_Eb6M=/605x756/smart/filters:cb(1686952261315):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 17 KB
18 KB 571ms
565ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/0vwEZEc5WEICqz_LY55c2V_Eb6M=/605x756/smart/filters:cb(1686952261315):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_009.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e11299ee2655d568ec5fe5d973423d0e8d6de65b97f532e51726eca214e722f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "9610b59ff6d1aa6cdd5a44174d3e40f6094b2e15"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gM1IzV9niUiR8Jj4XMA8ZW%2Bl52gFEWY7lJgYaDhWzRg%2BnYDwVnB4i4IpbsFfkTmUQ%2Bis9pPZlEFDb6rTkPMS7lTQ5kRdD4UNwnPu8xU%2BNmfzbqGCsOR3WRd%2BU8e264%2BUCILjgRxn5TITH89ouuN6b5xQuVK8VcI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13dddc9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 17646
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_010.jpg
images.thestarimages.com/bClycVir2HiQDz7Gw-E8FR7VzU0=/605x756/smart/filters:cb(1686952261353):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 17 KB
18 KB 146ms
139ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/bClycVir2HiQDz7Gw-E8FR7VzU0=/605x756/smart/filters:cb(1686952261353):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_010.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a26dc8641a51f345b9b84978f8d4fa549cf5e5f6455eb29f9b7241fb21370b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "55d88b84f219b35c03bef5db6fcb8036f3fd6794"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FnkPoJ6H4AuoVhiLll3N9HOcOOaxgBqpAg9%2FGKDjSqiBQKLPEDox7L50u8ARafrYigI5ReNasBTzQ5F30eHRcxhgGxVgYcq%2BBcyPK%2BDI5Jsst5zoPOuuVRhMl3orVQAmx7CTGPKTOipX0cAZNayc2%2B2phcTBjI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13ddde9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 17734
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_011.jpg
images.thestarimages.com/37WURvhVp28tBCKCu9Fgc1IaqDs=/605x756/smart/filters:cb(1686952261457):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 28 KB
28 KB 887ms
880ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/37WURvhVp28tBCKCu9Fgc1IaqDs=/605x756/smart/filters:cb(1686952261457):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_011.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dded79d17f9f05716c571a8ed742637bbc3591e9e0d14e9304917459e1f840d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "509da16ccc4e9b68783bf89ad57fdcfb8b68aca1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NHTvYoP3mlTY%2BgKPCXO8qbW7ii2Zu9UQxng9tiZM3wuo5j3lm0C6dHCZxptooblwNvQHyrC2JUFEX12k7gVhXx989CujgJrce9IEOZUXgcTnu0P3nI08b3D%2BhDptMwUPf7qCXGHmEY2momY%2FJAO0iPwtBXAknmw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdf89036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 28802
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_012.jpg
images.thestarimages.com/V19m9wWZWiDIb7gx8Em4uOgqdCA=/605x756/smart/filters:cb(1686952261510):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 35 KB
35 KB 2466ms
2459ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/V19m9wWZWiDIb7gx8Em4uOgqdCA=/605x756/smart/filters:cb(1686952261510):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_012.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4801aa7057c5d58a4ed7544ff547132dec19ca078caef0b545656868809db3f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4cb1f3a236ebf75a8c9883ff37040b1542ca2c3b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xBlUWdAXitt16ybHTBgPwvjN0MQgjtsPj%2FUQPPdpBCIaz391cAYRhTaS4EZaLEUVtWTo8Sy0ObJCuBHllFG3w89ooCAeuaX4UDZqdg4AHA8%2FeU3bn3SUhlbXi0QDwYra4rvexkTCNCdAraLSd5OklPZZ9WMs3%2BM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdf99036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 35570
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_013.jpg
images.thestarimages.com/Y5pV4t7oNi7Tequl1sUwfTO7aLY=/605x756/smart/filters:cb(1686952261571):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 29 KB
29 KB 147ms
140ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/Y5pV4t7oNi7Tequl1sUwfTO7aLY=/605x756/smart/filters:cb(1686952261571):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_013.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9fc1a81b65555a43367e3237d0070597defdb9d4907ed293a982f77e5cd98a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "29c02fd3f4344db90c2db3cde249724077799dc7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atHT9HotUaeqnsRcjKxnkel41e4nbv%2FwZtgWJo9j1qRU3KeismofxwWbCaM5S%2FkM2WynVldNDriDtfm617%2BFUVEGcyh%2FfyddhMmMJuxUDkKxVXEuAjNcTZA64mtXIhsu4bVEmsQXajDxSlb7iagFRij6Vo%2FOLSI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdfa9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 29592
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_014.jpg
images.thestarimages.com/oKzsaFwSTxECfoLEWU0nRt24Fwc=/605x756/smart/filters:cb(1686952261628):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 53 KB
54 KB 1089ms
1083ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/oKzsaFwSTxECfoLEWU0nRt24Fwc=/605x756/smart/filters:cb(1686952261628):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_014.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18407a06d7abf02ebc49d291cb9e9ae72c5363535b6eda7b7cfd24db66127092

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "59d8ddd72b37c960cbc7d1767880d3f955e9f434"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fedVwO7TFIUcOny5zu3yQU4GihtejcLbU87il2LqWsk%2BFT0h7PHYNu9nJBYQR%2BY6zxsxu3ZgezV3S8zdR%2FBMr165yTw7Rh9S35lTqKweefK%2BQnq4Iox7fXyLTpMOKHxgGGAFdY8cbcX8ELOGFtrvTHOmCE6BZos%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdfb9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 54542
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_015.jpg
images.thestarimages.com/_Q0spqCWSNT_uBfDZYH2vQftRWg=/480x720/smart/filters:cb(1686952261738):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 38 KB
38 KB 1078ms
1071ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/_Q0spqCWSNT_uBfDZYH2vQftRWg=/480x720/smart/filters:cb(1686952261738):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_015.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9cb488de4345b6f3c3ee5283e099f7c50e2aff89e4b6838cf8a0072804da529

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "5ff72e43c85d985bf7767fd5295227cfabbf5373"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pwltdwm8tHiwAE1LwaiulPuRSk1cCzxzjD6PadRmqp87pyhkrCrtLlxTcNhMRivAPmiaxXtYfgX%2B%2BbW1XMWiZusHGVEHkTRtqjtIx820wsN8WDxVww8rsxeah%2FBeLzGm%2B7ifl7gYKXcOQ1Cim0VOWkyQhoiaTik%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdfc9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 38844
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_016.jpg
images.thestarimages.com/McF_zi8lGXi_KOmnw_IPH7D7S2M=/480x720/smart/filters:cb(1686952261791):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 38 KB
38 KB 1540ms
1534ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/McF_zi8lGXi_KOmnw_IPH7D7S2M=/480x720/smart/filters:cb(1686952261791):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_016.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58400f67b2ac1f95b03d3238a5deb2050d1d995fc6b9d6bf3d76e4d7c05aff75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "3da1b1b98196261c5dabeafa7a5d6a75cdef0241"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dwqUDzLi%2BMNaqLUsf%2FY78Cr%2F4TtD4H0jlX6uuvfsagRq0OEMyThiQSSkhIDbVPZo0GzmFbkWzuh%2B5AnNa4p6GLswUt6j9KxUfVj7mQ0h7oOsUT5%2FODhmeE0mOeg20YI4qNUUKblWNi4I%2FZvdQqgGyBClYlNVhVw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdfd9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 38718
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_017.jpg
images.thestarimages.com/NpTpAgblnoxZ8RtCfSHsU47dnw4=/480x720/smart/filters:cb(1686952261833):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 34 KB
34 KB 1424ms
1418ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/NpTpAgblnoxZ8RtCfSHsU47dnw4=/480x720/smart/filters:cb(1686952261833):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_017.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 230d5ed038370eb3fcf8153be8889227e04026fcd1a4cd4f19f93a6c5a3d4346

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "54bb08a6674b07a49b2477405cfcd6a43806c9af"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SxTN9gMAVKn3n7kZgGHGKMYO0uJJwnFH2V%2BFxOH1tcnna2DgUONL%2F2VVPe%2BmYDgO%2BY6zUYfEWKaV96zugyiGMqEJvmtNfeXdmKIAmVmV%2BRiRgGCBYqS%2BzWSDfwSa2OgAN4%2F%2B31rXWg1H633O4nOclsLdC03FFy0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdfe9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 34858
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_019.jpg
images.thestarimages.com/spmHzUYhf0jfrk678mgHJbNqLHo=/480x720/smart/filters:cb(1686952261873):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 57 KB
57 KB 1269ms
1263ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/spmHzUYhf0jfrk678mgHJbNqLHo=/480x720/smart/filters:cb(1686952261873):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_019.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37534c4877f3333f9a5910f71fffd67b766d39317b7c1800fade39e12d5cdd4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4ea1e25286228f6731bafa9c2777efae40806350"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WBzidc8rMwsItygib10f9hObN%2FAQupWtnv968WWe%2FWAEgESUCgpYnhhNWefJ0Jh9Prtw7Sh0d313rtD0l15r%2BExgheoEb0nWuFSgBYaXDJOc7FfUQVLZwaoineZJPPF2g6xId00c3rzUNG4CevNKXMTNY%2FiUAT0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fdff9036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 58196
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 butterfly_gpm_023.jpg
images.thestarimages.com/8wYYVaCQGEW5wVZp9omXk3f_I3I=/480x720/smart/filters:cb(1686952261984):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-ra... 73 KB
73 KB 790ms
784ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/8wYYVaCQGEW5wVZp9omXk3f_I3I=/480x720/smart/filters:cb(1686952261984):format(webp)/https://www.thestar.com/content/dam/thestar/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children/butterfly_gpm_023.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e14e9b29a11de964e1c933db58c73cceb4237ae417d42dd8a74436c7cc9a284

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "4d21940ef6808b5bf35d1a3ebea2829929d733b8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2BgPzUjXPmd3c1HouI52VL0ic9Jm8hauUu1k0BLWG8k8Wc9JwtJsDTi0BfIkdhTmd04%2FiQPuDPJV%2Fslsh8uwJjhj1cLmtZIlptmvSL1SVc79BrajCLNCVGeB%2FCGiWYnzcYBaMp4Hfgn7jWKYd%2B%2FpdFOD4qFhsUE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b13fe019036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 74420
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swg-gaa.js Show response
news.google.com/swg/js/v1/ 66 KB
21 KB 83ms
78ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-gaa.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6618d469c7249cf9adb4c694265c9037931f1da70a4c54f8f38fe37f264092f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:29:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 816
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21355
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 20:08:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 18:19:16 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 193 KB
76 KB 224ms
132ms Script
application/javascript 2a00:1450:4001:811::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d9ff3e3e017eb87c0b0028e28faa8ee28ee10e7f719bb727da5b0820ce964b75

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-keh8rQOHDcwb5o6PwRiOmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-keh8rQOHDcwb5o6PwRiOmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 10 Jul 2023 17:42:52 GMT

GET
H2 200 index.js Show response
cdn.viafoura.net/entry/ 35 KB
12 KB 84ms
22ms Script
text/javascript 2600:9000:2450:9800:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/entry/index.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2450:9800:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec39731f213524c0c4fb04959b24ba04ec9855e2d6d916fe1015674e38a1b511

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: LFejblL3ol0ldASz1O2IM7mPz8vQ_saL
content-encoding: br
via: 1.1 a13e42093f0d6dc965236581ea51a662.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 17:38:29 GMT
x-amz-cf-pop: CDG50-P4
age: 264
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Jun 2023 12:54:01 GMT
server: AmazonS3
etag: W/"1a56ecabf4519ecef4443865eff81eda"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public,max-age=600,s-max-age=60
x-amz-cf-id: cXqA4IgH1RaeApI6SKEpjYXSceAERHdWJXK2_iGGuUyL_G8f44gvKA==

GET
H2 200 74.css
www.thestar.com/static/ 6 KB
3 KB 30ms
30ms Stylesheet
text/css 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/74.css?v=7db92b637058f6d7a9ef

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

3e54047a5de69628d87570753a0bfbcae01a1375bc54d1b3819751e211b602b9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 22:53:53 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 67739
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"19a0-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
x-amz-cf-id: Dir_HEeGpITB1x4A-1S-lyEoF5j-8d8qAi5gl10JUuIKeUCxgiBefQ==

GET
H2 200 bundle.css
www.thestar.com/static/ 406 KB
63 KB 35ms
34ms Stylesheet
text/css 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/bundle.css?v=aa7caab50723af21a1a5

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

0d0384e698f646fa31641391e650a73c8d93059724cceca65926e736005b28b6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 22:44:39 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 68293
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"6565c-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
x-amz-cf-id: nbJQBKPUh0bxTGWNRenAEAthdTIr8d0Hw9k1MW2gju1uqf_eUYTmrA==

GET
H2 200 be54a597-6b6d-4e2d-9d31-642310a8db25-web.js Show response
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/ 486 KB
146 KB 73ms
34ms Script
application/javascript 2606:4700:4400::6812:29aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:29aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b0590c240f60745d803f276d673d520d88bc3f22a3f51144b19afb91f469149

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: be54a597-6b6d-4e2d-9d31-642310a8db25
age: 0
x-guploader-uploadid: ADPycdsoaE1qL-K0GPV7E9WIkJzpE4vDyiDvGf7H__lqCm6b0ct_Q-8kEXxpOIofobaplfCmJEVfZ6LBHywq0gyCVHpENiyWcjTx
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
last-modified: Thu, 15 Jun 2023 15:03:04 GMT
server: cloudflare
etag: W/"069d6c50d6ccfef3911a440fbd5ded6d"
vary: Accept-Encoding
x-goog-generation: 1686841384980028
content-type: application/javascript
x-goog-hash: crc32c=90Or3Q==, md5=Bp1sUNbM/vORGkQPvV3tbQ==
cache-control: public, max-age=900
x-goog-stored-content-length: 153462
timing-allow-origin: *
cf-ray: 7e4a9b141ee74dc3-FRA
expires: Mon, 10 Jul 2023 17:57:52 GMT

GET
H2 200 cs Show response
torstar.blueconic.net/DG/DEFAULT/ 16 B
700 B 341ms
109ms Script
text/javascript 52.21.220.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://torstar.blueconic.net/DG/DEFAULT/cs?&callback=bc_json264

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.21.220.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-21-220-26.compute-1.amazonaws.com

Software

- /

Resource Hash

30645a83a3e630908fe22cba2a06451131730fd67ee850139dc99d22218ad3cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
x-permitted-cross-domain-policies: master-only
content-type: text/javascript; charset=utf-8
p3p: policyref="", CP="DSP"
cache-control: no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag: noindex, nofollow
content-length: 36
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ozpb.js Show response
prebid.the-ozone-project.com/hw/torstar/ 203 KB
63 KB 14ms
8ms Script
application/javascript 2600:9000:236e:4800:16:970:b940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Requested by: Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/toronto-star-adunits.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:4800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25e5c10cb58300c92e6d6065fa0ea49a206499c58a2f1152af1deea8f34a5066

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 07:38:47 GMT
content-encoding: gzip
via: 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified: Mon, 21 Mar 2022 18:26:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 48523
etag: W/"e08e5a6e68f37184e1c046d32d471d44"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: CDZMPbrE0G6CQZj-uhzQHsEHFWgQx8YS1CqaKKzUcS-933_JyCKuag==

GET
H2 200 ozp_global_int.min.js Show response
prebid.the-ozone-project.com/hw/torstar/ 6 KB
3 KB 22ms
16ms Script
application/javascript 2600:9000:236e:4800:16:970:b940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.the-ozone-project.com/hw/torstar/ozp_global_int.min.js
Requested by: Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/toronto-star-adunits.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:4800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9255f9f186056d9c722c47bb75bf71f79690a0a85fdccf83481c6eca62552623

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 06:47:03 GMT
content-encoding: gzip
via: 1.1 a300dbfb49a2eb50edb83038642c9f82.cloudfront.net (CloudFront)
last-modified: Thu, 28 Apr 2022 14:10:53 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 39350
etag: W/"c6e67d08c7c4a89b3155020045b68eb1"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: 8Pl9r10cI8DLhab4DX1lPNARfs_4ZNWH5li-7vdS6yYzDBubqFADkw==

GET
H/1.1 200
OK channels.cgi Show response
torstar.gscontxt.net/main/ 291 B
369 B 805ms
99ms Script
application/javascript 150.136.157.133
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://torstar.gscontxt.net/main/channels.cgi?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 150.136.157.133 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: fe3987dba42400a9775663aeee4b76e9a25c65196bd8d28a241b3aed87c0991a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 291
Content-Type: application/javascript

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
26 KB 193ms
85ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06baf8731b56c087204a153faa13df46136ed4c46d7187cb45c5efd91e7a62fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25980
x-xss-protection: 0
server: cafe
etag: 704 / 19548 / m202306290101 / config-hash: 18038137322586664424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 10 Jul 2023 17:42:52 GMT

GET
H2 200 launch-EN5e55511c260e4c0cb05872ba3729b255.min.js Show response
resources.thestar.com/ 363 KB
77 KB 98ms
10ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b839a187b30cb9a125a21882271e8bdd1f51099258db845ed2f4d581675c4561

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:01 GMT
x-amz-version-id: wmXEXBxVp9duUhRRHHJm1Q56.w4_CyNe
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:56 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"ea63d08799901f40cfe7b01d00c632f2"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 592
x-amz-cf-id: GfHBdtULBgCmfpWx2TGGjy6SOPwi9zCX5NStnlpgGnuDgyRqHVj3-g==

GET
H2 200 main.js Show response
static.app.delivery/sdks/web/ 130 KB
32 KB 49ms
19ms Script
application/javascript 2606:4700:20::ac43:490d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.app.delivery/sdks/web/main.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:490d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

194b1d4608a433c162d21a856f417d51188c0adbf4fe2259f8fa46b742cc4c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1319
content-encoding: br
last-modified: Fri, 28 Apr 2023 11:04:12 GMT
server: cloudflare
etag: W/"644ba82c-20792"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2B75hm1ZrUJSgQQ6Y0zC4iTgIQ5TSz8AkZiJXE4pX1d2nwMyW480mocqHGqhHYlmO3j8BccndclTwI7VRHMWAbZE0ZpWCwg0za%2B0GELdQFE9ne29TzXXnTp24ZC3dD8Qdj4WPPpQyPdL5SsKH9sU%2Fps%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 7e4a9b140f622bb2-FRA
expires: Mon, 10 Jul 2023 18:20:53 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 261 KB
91 KB 148ms
56ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42820a1db5db7b8f8ba3ab355882a3f3f9e5babcde56f59670b11a351130391f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93011
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js_visitor_settings.php Show response
dev.visualwebsiteoptimizer.com/deploy/ 4 KB
2 KB 88ms
48ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&random=0.2558681945884367
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: d56c3dd5229edf1ae62f0d253320a9c51ce216622dc6001f5a54c6732f8ca947

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: gzip
via: 1.1 google
server: gams1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/javascript; charset=UTF-8

GET
H2 200 ads.js Show response
www.thestar.com/assets/js/ 22 B
487 B 22ms
17ms Script
application/javascript 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/assets/js/ads.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

be2277c99594557635d0993ac606fdc4994494e43408bc1be5c6ac9bfabc5dac

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:18:00 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 8692
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 22
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"16-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: vRw3vXyxPq9pyOjf3E9_2pVPfWktBZxT6rbVEShRWLmdesC2bD5lAQ==

GET
H2 200 tag Show response
btloader.com/ 15 KB
7 KB 69ms
19ms Script
application/javascript 2606:4700:20::681a:68b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:68b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 435f25bb7e193cf7ac0df4314519011cb446292022faa04daf26128feef86971

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 10 Jul 2023 17:28:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 659
etag: W/"1593adb33e1cf8b63499e29661451208"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMjrp75tMmyRHN3pR%2FEYFtz2QnX2wiuu6HkrL7CuZ6UKvg%2BOZ2D60aqOTyrkP3wP1D%2BsSp1DSnEitnUDfUgqRq5dMeoVdnsxYd9ugqxYadNHiP9CqClhFmS68iOc7NnIs9o7Lvje%2Fb4XVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray: 7e4a9b147bd79948-FRA

GET
H2 200 logo-toronto.svg
www.thestar.com/assets/svg/ 7 KB
3 KB 42ms
37ms Image
image/svg+xml 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thestar.com/assets/svg/logo-toronto.svg

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

4466f366b2897f4839ba95e1b5d96fa3c3e11cadb7fe0096afb3a5a97b872ffb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:25:52 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 11820
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"1df3-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
x-amz-cf-id: WvGGInRTnSfgnm9c4HFtcxB_Bmly-Qab6gvmzaY85rEJ8yv-ExWSTg==

GET
H2 200 logo-round-thestar.svg
www.thestar.com/assets/svg/ 589 B
1 KB 47ms
43ms Image
image/svg+xml 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thestar.com/assets/svg/logo-round-thestar.svg

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

95f4db14172013eb07b61d3933cdcee02d39e70569f86e2d445e637db2d62547

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 16:52:30 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 3022
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 589
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"24d-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
accept-ranges: bytes
x-amz-cf-id: x2Cs-V-r6mOjlqDeMccCFNudjhb0hTpdlyIAbk30SNUWJAE5NyPtzQ==

GET
H2 200 vendors~bundle.chunk.js Show response
www.thestar.com/static/ 2 MB
482 KB 28ms
24ms Script
application/javascript 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

2cd8a500a6363b84901eb2ba53ec906208ea33692c18673691200915ee78806c

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 22:44:39 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 68293
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"1b07b1-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
x-amz-cf-id: rcIa37nfxBj03nDAGrCsEPGzexX58Opa-rzhn7JJ4j6PiBHHaJiPWw==

GET
H2 200 bundle.js Show response
www.thestar.com/static/ 1 MB
248 KB 22ms
18ms Script
application/javascript 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/bundle.js?v=a22a81fd

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

153c3fec4f811698dd55a879e1544d8911c92bca874f205d73c4d39cab63f024

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 22:44:39 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 68293
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"13ebe8-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
x-amz-cf-id: 5-WkjcAJPsRZcrZCgDZZSNQvMxuhpm36JvvJOqBJhgIC3lkwPw2Mcw==

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 106ms
102ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=354908&d=thestar.com&u=DB5913B3A39035B4F7CFAAB4A69B7D6A9&h=c19a47fab7fade62e97f6d229fe86d85&r=0.314743340947909

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:52 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H/1.1 200
OK embedder Show response
adserver.pressboard.ca/v3/ 351 B
789 B 173ms
21ms Script
application/x-javascript 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adserver.pressboard.ca/v3/embedder?media=130507
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4da8f4d2d20833c254b092ab30d0ebaee5e3d93716e320773ff55c27c353796b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:53 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 351
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

GET
H2 200 moatcontent.js Show response
z.moatads.com/torontocontentstarcontent37863992/ 165 KB
54 KB 53ms
7ms Script
application/x-javascript 23.32.185.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/torontocontentstarcontent37863992/moatcontent.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.123 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-123.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: d85850c885fe92574f866d77f638250a2747c691aa7f537b4922e28b368cd51a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 17:22:35 GMT
server: AmazonS3
x-amz-request-id: BJD1T6X86GWXN8YB
etag: "491121b0fb1268b17bdb2c53880291f2"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=50005
accept-ranges: bytes
content-length: 54912
x-amz-id-2: 8GAuS741F4Ki2qDE20WPkmNyJP9i2fzENmruhBLbRiG5hjKPsoRbaiay3+ZpEu/Nwb/luZBeeJQ=

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 59ms
9ms Script
application/javascript 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 03:14:23 GMT
content-encoding: gzip
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
last-modified: Thu, 09 Mar 2023 09:22:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 52110
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: Fa2FFb67LtSIBdOCJ1MzJ4387lYmRt9V6mP3Uq-6NoWlsBNZvZ9Wkw==

GET
H/1.1 200
OK /
d1nxn87txdj54y.cloudfront.net/ 43 B
524 B 438ms
388ms Image
image/gif 13.32.118.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1nxn87txdj54y.cloudfront.net/?a=40727dc8cfba4185b5b471b11fed6eb9
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.118.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-118-217.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:42:54 GMT
Via: 1.1 91353a8aba9ab05d79e9678e004043bc.cloudfront.net (CloudFront)
Last-Modified: Mon, 22 Apr 2013 19:31:32 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache: RefreshHit from cloudfront
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 43
X-Amz-Cf-Id: R_nNn37Q-MAXt8g1SzqMjscLmcXLqnNY1pzFM2NNPxkgiFBDYBnsqg==

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 930 B
1 KB 45ms
8ms Script
application/javascript 52.222.250.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.250.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-250-8.fra60.r.cloudfront.net
Software: nginx /
Resource Hash: 62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Sun, 09 Jul 2023 20:17:50 GMT
Via: 1.1 6bf2ca4ea5a5c92a1d7cd2f9767e8674.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 77102
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 930
Pragma: public
Last-Modified: Wed, 06 May 2020 20:19:48 GMT
Server: nginx
ETag: "5eb31be4-3a2"
Content-Type: application/javascript
Cache-Control: max-age=86400, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ybV_W51XwfnN2zHe8sRhdhDzZ96ZmiqsC5UvwcSPkkIbnm9bRcH5yQ==
Expires: Mon, 10 Jul 2023 20:17:50 GMT

GET
H2 200 q9fqmmutk5a97trs-nbc.js Show response
cdn.petametrics.com/ 157 KB
46 KB 72ms
18ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.petametrics.com/q9fqmmutk5a97trs-nbc.js?ts=469169
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: f7160fe443d32f0e4578d3ab5416de8c267289613297a2d9dbcc75733425dc69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:52 GMT
content-encoding: gzip
x-amz-version-id: ERbVIarZ1rISsHslj8F21HdZHLRJTt8v
last-modified: Thu, 30 Mar 2023 03:36:46 GMT
server: AmazonS3
x-amz-request-id: 5XQWM8PQRCPQSJ8A
etag: "bb66a896f1f818dad31656bdc8030f36"
x-amz-server-side-encryption: AES256
x-hw: 1689010972.cds211.am5.hn,1689010972.cds279.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=31536000
accept-ranges: bytes
content-length: 46842
x-amz-id-2: tBiuAHmtn2SAY49BoGVh9avXKF/o61gAQh7XspTZIZKXuTkm2PSN3ZJfgRF555QTSezWOacZnhY+JWxd9oQYfA==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 236 KB
58 KB 66ms
17ms Script
application/javascript 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:31:23 GMT
content-encoding: gzip
via: 1.1 21aae5a66a5964298de99c3b1a4ea77c.cloudfront.net (CloudFront), 1.1 95a1a2515bcfe82199fde4e864c4e6f0.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:20 GMT
server: AmazonS3
x-amz-cf-pop: LHR62-C4, CDG3-C2
age: 689
etag: W/"9352f20e556bff9fea6fd0461aac850d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: L0BTkf_3Hi1Hzt9G0DdP9_2A1eMV-lg8h4fPXhkYpiT0yEik056yrQ==

GET
H2 200 material-icons-outlined-all-400-normal.woff2
www.thestar.com/static/assets/ 126 KB
126 KB 41ms
39ms Font
font/woff2 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/assets/material-icons-outlined-all-400-normal.woff2?v=e4106b07

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

afa2d43bc5235e019048bf8eeb242859a5beff1fa165621f8deaa6385b799951

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 02:19:22 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 55410
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 128844
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"1f74c-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: eO3fPIQpCld8w_ZhU0ZBO1WmOtFvzUj5vMf4_crBjBWkvjyH-Tg7LA==

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 40ms
38ms Stylesheet
text/css 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f46926d81be4472495e6dc6a8789d7fc9ffb6acb270b4f6462720e0332fe718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6456
x-xss-protection: 0
last-modified: Wed, 26 Apr 2023 21:11:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 18:31:28 GMT

GET
H2 200 pxid Show response
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/ 46 B
394 B 66ms
23ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/pxid?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 4e6e793850a5e8e917ce972e8110e94eb569cad2939ad166403d71c4f14c36af

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66

GET
H2 200 getuidj Show response
ib.adnxs.com/ 11 B
576 B 31ms
8ms XHR
application/json 37.252.171.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:52 GMT
an-x-request-uuid: 44983220-7c1a-4ac7-92f9-be60a696f0b5
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.186; 185.213.155.186; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 261 B
369 B 67ms
21ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 39c5031fa5e04352d50fff0f766f4c5f77f2e30a45fcf73d0470bd41cd041394

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 174

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 331 B
320 B 70ms
25ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e4afed48ed0b54b19b4403524034c0484fd7f59be06a733475ff6490846cf56d

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 254

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 76 KB
26 KB 182ms
97ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/bundle.js?v=a22a81fd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f948edc8ba9bcb66bf27441bd5ad3601df1572d8446fdf0248a53e6f419c0a17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25980
x-xss-protection: 0
server: cafe
etag: 79 / 19548 / m202306290101 / config-hash: 18038137322586664424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 10 Jul 2023 17:42:53 GMT

GET
H2 200 breakingnews Show response
www.thestar.com/api/alerts/ 19 B
449 B 18ms
18ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/alerts/breakingnews

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

6707bbab4dbba0ac7fce42d70d1a036d37a9e2fbeb320156e9d960e193c1d6c9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:39 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 74
x-powered-by: Express
etag: W/"13-dtK7HFxXRJGTWdPpmheUxDbkx20"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
content-length: 19
x-amz-cf-id: yzF2Ho51oN3EuPIl7F8DSqHHVbtroS12E5hPawrCgD1MxZN5XpPpxw==

GET
H2 200 updates Show response
www.thestar.com/api/alerts/ 19 B
448 B 17ms
17ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/alerts/updates

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

b3abab8c0524b6f876d36f99aedd1fb14317c2e3758d2bdf093362d458f6f199

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:39 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 74
x-powered-by: Express
etag: W/"13-Ke/+pN/k0l2LXDxWablmwTVvPYs"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
content-length: 19
x-amz-cf-id: i3y2D_RHokL933lNaiIapViHbLOug7h1VBxVwA9fZPLsNvOJs4tcOg==

GET
H2 200 related Show response
api.parsely.com/v2/ 10 KB
3 KB 389ms
154ms XHR
application/json 3.216.196.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.parsely.com/v2/related?apikey=thestar.com&tag=tlc_entertainment&url=https:%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&limit=20&boost=views&pub_date_start=48h
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.216.196.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-216-196-193.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 5ba90a1f4ce185e13c563c2f0ac128cae74954078e726c9918eaa717ff1a3f1e

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
server: nginx
x-cache-status: MISS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=120
expires: Mon, 10 Jul 2023 17:44:53 GMT

GET
H2 200 articles Show response
www.thestar.com/api/ 84 KB
15 KB 16ms
15ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/articles?type=top

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

844f3ce91af9e9e2b07f298b912592cb98ee423da6c6dce00cdb59215124e66a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:38:13 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 280
x-powered-by: Express
etag: W/"14ee8-2BZmkuMOvAqEhPZqU4a7rUBqQE4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
x-amz-cf-id: nL_nDqwoxCWNSYUaNR_GhsYncDUbO80lbmpcrYxawZeEejqYgDT6ng==

GET
H2 200 posts Show response
api.parsely.com/v2/analytics/ 39 KB
10 KB 343ms
109ms XHR
application/json 3.216.196.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.parsely.com/v2/analytics/posts?apikey=thestar.com&secret=XMZfv5sJ1L3qE6DZfkeSIh4mI4bCvQ1hZdyWNEOZAQg&sort=views&limit=20&page=1&period_start=15m
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.216.196.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-216-196-193.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 376685e441eb017bed573aee2c7284ef03d39985dcf859f57b5812511b1fc9ba

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
server: nginx
x-cache-status: HIT
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=600
expires: Mon, 10 Jul 2023 17:52:53 GMT

GET
H2 200 16.css
www.thestar.com/static/ 257 B
714 B 16ms
16ms Stylesheet
text/css 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/16.css?v=77f92dd85f139b4be241

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/bundle.js?v=a22a81fd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

6118aab3972757bc62c6e4c730c32154718c63b74cffc6c66733af493c730139

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:11:23 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 9090
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 257
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"101-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: N8oRQgQwK6GWqyrOrfwQpaLRdBgGMkLS2vPX7yKkfMYei6nd4gigjA==

GET
H2 200 RightRailAds-RightRailAds.chunk.js Show response
www.thestar.com/static/ 5 KB
2 KB 17ms
16ms Script
application/javascript 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/static/RightRailAds-RightRailAds.chunk.js?v=5c7b8065

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/bundle.js?v=a22a81fd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

0d6cfe4bf2e972d5e528c5656050f9ad7dca2a6f8c16923bfffd7e5117d198fe

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 09 Jul 2023 19:06:21 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 81392
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:16:06 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"141e-188b10970f0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=86400
x-amz-cf-id: 4bN_UVSbLWYlqt84BcpT1Ryk34uN8H_2zxnVaiXHxZTAoRysW4C7YA==

GET
H2 200 indicator-icon.svg
www.thestar.com/assets/img/ 2 KB
1 KB 39ms
39ms Image
image/svg+xml 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thestar.com/assets/img/indicator-icon.svg

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/bundle.css?v=aa7caab50723af21a1a5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

a88716b2e48961b771017aef83ad9bdacb13a354dc0b09c62b880e7a2f72d9c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/static/bundle.css?v=aa7caab50723af21a1a5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:01:46 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 2467
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"664-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
x-amz-cf-id: id-t2KQA747wD2Tu1Ss3HkN574_1UPYYiytdEzxc6UasGzwEjPZjCA==

GET
DATA 200
OK truncated
/ 10 KB
10 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f1229425f1e6c52fb768051afca5e74e82d650b9df5c7a0af0e7f74d5f5d5da

Request headers

Referer
Origin: https://www.thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 36ms
36ms Other
image/svg+xml 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:25:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1067
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 18:15:06 GMT

GET
H3 200 serviceiframe Show response
news.google.com/swg/ui/v1/ Frame 93B1 16 KB
7 KB 99ms
98ms Document
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=1689010973251&publicationId=thestar.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f5c8b6a5f2b02a1e809faff709f99f58e13c04e20db58fd694aebf4f243fcc52

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-pqf9aGBfXxjVHCKESJmhGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-pqf9aGBfXxjVHCKESJmhGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Mon, 10 Jul 2023 17:42:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 NSG-Logo-NSB.svg
www.thestar.com/assets/svg/ 28 KB
20 KB 40ms
40ms Image
image/svg+xml 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thestar.com/assets/svg/NSG-Logo-NSB.svg

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

52c6b724460d1cc1eef6b6b43f27f26d9f17f392ca2148e0df83f05f3cbc9970

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:02:28 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
age: 2425
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Mon, 12 Jun 2023 19:09:27 GMT
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
etag: W/"6e4e-188b1035a58"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://amp.thestar.com
cache-control: max-age=14400
x-amz-cf-id: 8lHyu93qHM7CA8EPp6ac_z0Vop6z8rATc7MG4qvOm-qNoxP2X7kiUA==

POST
H2 200 v2 Show response
api.viafoura.co/v2/www.thestar.com/bootstrap/ 7 KB
3 KB 335ms
112ms Fetch
application/json 2600:1f18:44f0:4847:78ed:de6e:2e51:d042
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/www.thestar.com/bootstrap/v2
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/entry/index.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4847:78ed:de6e:2e51:d042 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 975def900b45d55c5b36e28d3f2216cb7f906243b4cd0a8f48d651f159a8e1d5

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-instance-id: i-073b359da5dd4ae93
pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.thestar.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Mon, 10 Jul 2023 17:42:53 GMT

GET
BLOB 200
OK 4e856f2f-6f31-49c4-b4d3-2c93371ce271
https://www.thestar.com/ 215 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.thestar.com/4e856f2f-6f31-49c4-b4d3-2c93371ce271
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec384bf5e2e66708a87b9d86027448aa4497ad75cffd5d561fdd00d4476f674e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 220527
Content-Type

GET
BLOB 200
OK 5525f1de-76ab-437f-a093-58cd59cc18f0
https://www.thestar.com/ 215 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.thestar.com/5525f1de-76ab-437f-a093-58cd59cc18f0
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec384bf5e2e66708a87b9d86027448aa4497ad75cffd5d561fdd00d4476f674e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 220527
Content-Type

GET
H3 200 article Show response
news.google.com/swg/_/api/v1/publication/thestar.com/ 347 B
321 B 131ms
130ms Fetch
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/thestar.com/article

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa6dc1e27f4179085256161eb6018661707fe14bf431bbdaf79917d6174cc851

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
content-encoding: gzip
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2 Show response
api.viafoura.co/v2/www.thestar.com/bootstrap/ 7 KB
3 KB 271ms
107ms Fetch
application/json 2600:1f18:44f0:4847:78ed:de6e:2e51:d042
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/www.thestar.com/bootstrap/v2
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/entry/index.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4847:78ed:de6e:2e51:d042 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 975def900b45d55c5b36e28d3f2216cb7f906243b4cd0a8f48d651f159a8e1d5

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-instance-id: i-010a8fb2cc9a9d0b7
pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.thestar.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Mon, 10 Jul 2023 17:42:53 GMT

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 159ms
115ms Fetch 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
940 B 45ms
12ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2406239
x-guploader-uploadid: ADPycdvWwBKXU9SLI0lMJfU9xGT_twtBLNIR9Acyj4W3IGzU9jDKxL-siFM3GQ-n0i6wh-2NFJhNB-jsRo0vHM74ZMdfeHtMxg7o
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhzO2xHPh6exDEYnayWU%2BQIti3HcZ0Uik5GPVESLMPc%2FX4dUqW3UOW0X4HowGooJgjpxZU15UafOfRg6uWfKryqC1PoyWKuBZqjEC%2Bv6uELSbJ4dW2wxm9zYvDfzg0sxwjPCy%2Bkl%2F9djM%2Bf7VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7e4a9b17ae4d038e-FRA
expires: Mon, 12 Jun 2023 21:27:18 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
570 B 137ms
35ms Image
image/x-icon 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:05:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9457
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 15:05:16 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
340 B 46ms
13ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.3909329721936492
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2406239
x-guploader-uploadid: ADPycdvWwBKXU9SLI0lMJfU9xGT_twtBLNIR9Acyj4W3IGzU9jDKxL-siFM3GQ-n0i6wh-2NFJhNB-jsRo0vHM74ZMdfeHtMxg7o
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QqS6knnj7wyJFw4Ngu%2BoORunRAtekd6vdD62H4xor%2F2LXDKHk5hYFJ7C27giDsdaSastiDTXL%2FXykrcFAMSv1Lx6BpuGmQVliWtyX63kV8fTxObfLGzgFMjpELZlplDC5x1SY61QAZ4v%2FqGzCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 7e4a9b17ae4f038e-FRA
expires: Mon, 12 Jun 2023 21:27:18 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 387 B
1 KB 138ms
41ms XHR
application/json 52.49.138.0
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&d_nsid=0&ts=1689010973357

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.138.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-138-0.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e50c5c7a4bfbc6003a60cc2af3dd381dbfd53e021418084dd666d96ea4521af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v050-04aec769b.edge-irl1.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: NnHTl5AtT0Y=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.thestar.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 325
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/ 34 KB
12 KB 10ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:05 GMT
x-amz-version-id: .5dyGr5l1y9dGLmmWmvemnJtK3kHnYii
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"dfdd9e1f988805f0c2fbb10cd6b8f034"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 589
x-amz-cf-id: tZ6X8QlBtL4Ee27tVFtfg7hDv8AwpV7_f2yBOkU-qgP3o3dwrbOs5Q==

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/ 3 KB
2 KB 9ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:05 GMT
x-amz-version-id: 6XYYxqD3TwPpKrAFZ9wZ_O7STKBN.Yyf
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"b89fcb8870ac40eecb6d3cc844d35389"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 589
x-amz-cf-id: 1EdeaNYuz7Fz1tbdstwogIQQ_6UnzxvypfHJNRElEtEUC3FWvSnuUg==

POST
H3 204 cspreport
news.google.com/swg/_/SubscribewithgoogleClientUi/ Frame 93B1 0
25 B 89ms
88ms Other
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-kiEbemIyNezX4l8VdpVX0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/ui/v1/serviceiframe?_=1689010973251&publicationId=thestar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: script-src 'report-sample' 'nonce-kiEbemIyNezX4l8VdpVX0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=serviceiframeview,_b,_tp,_r
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/ed=1/rs=ABXTjI4YjU3ZiIaNZmqqRYBAsLONQRFYxA/ Frame 93B1 532 B
981 B 128ms
39ms Stylesheet
text/css 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/ed=1/rs=ABXTjI4YjU3ZiIaNZmqqRYBAsLONQRFYxA/m=serviceiframeview,_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1689010973251&publicationId=thestar.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6d1acc43378dff625c02b13b7c50fe30f6b11107795c794939c145f300264dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 21:13:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 332992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 323
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 21:13:01 GMT

GET
H2 200 m=_b,_tp,_r Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/am=AKA5Aw/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=... Frame 93B1 202 KB
71 KB 128ms
40ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/am=AKA5Aw/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI56_4vfX52hSZPg2omE56h81XVwPQ/m=_b,_tp,_r

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1689010973251&publicationId=thestar.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f463f345daaaaac7c0bc957aac05de1ae7a1acbd8f371d18a52ee7ca16de05da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72836
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
227 B 14ms
13ms Image
text/plain 13.32.121.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1689010973399&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&c8=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&c9=
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-21.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: w6QNQSg6WzHa1w6XUOJ0SkkPHS-LzYI0_4VhM6mpLQGvZd1xYwzbZQ==
x-cache: Miss from cloudfront

GET
H2 200 p.js Show response
cdn.parsely.com/keys/thestar.com/ 73 KB
26 KB 55ms
7ms Script
application/javascript 18.66.100.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/thestar.com/p.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.100.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-100-58.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: 4e055c26ecd439ee73765fc8f167b4f23eb9b92608c70b2068b0bc7c3baeb9dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: public
date: Mon, 10 Jul 2023 04:03:30 GMT
content-encoding: gzip
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
last-modified: Fri, 24 Jun 2022 01:41:35 GMT
server: nginx
x-amz-cf-pop: FRA56-P2
age: 49163
etag: W/"62b5164f-12236"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: RMYcy8g9B8yeiL_fROxy2GZOoU-FDzpq1N6cZpLfN0zVjkS7RqPciA==
expires: Tue, 11 Jul 2023 04:03:30 GMT

POST
H3 200 identify Show response
api.permutive.com/v2.0/ 50 B
88 B 55ms
24ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e780903b840c40b1d3e4f23ed2f60e4564c91f7cdedba8a5e2ab540292d709c5

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/ 391 KB
125 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10265
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127464
x-xss-protection: 0
server: cafe
etag: 4704578582152062329
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 09 Jul 2024 14:51:48 GMT

GET
H2 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
175 B 154ms
115ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=pageview&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=1354&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=15&jsfv=nbc&ts=1689010973452&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H/1.1 200
OK services Show response
sr.studiostack.com/v3/ 26 KB
26 KB 87ms
22ms Script
application/x-javascript 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/v3/services
Requested by: Host: adserver.pressboard.ca
URL: https://adserver.pressboard.ca/v3/embedder?media=130507
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 42074d02d49d8fb32f0d83c80ad9fa58fd5ece5cc75b5cda9c68a9865bb60dc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:53 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 26237
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 132 KB
21 KB 384ms
384ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A53%2B00%3A00&ts=1689010973475

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

a972943594052c4498c98bac3ba76e400dae96e2115a4980df9c1d6f0767c4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 20777
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: Aw3DFz8UDZgGTM_x87_j9D_Z1rDQvm0dlzJHfkfc1QVNCmcCnUWePg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 544 B
892 B 16ms
15ms XHR
application/json 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=5028&u=https%3A%2F%2Fwww.thestar.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: Server /
Resource Hash: 62651edf87d2816cb10682476cb72ad3065481fe168cb6b18d91d0e2aa0a64dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:04:23 GMT
via: 1.1 95a1a2515bcfe82199fde4e864c4e6f0.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG3-C2
age: 20309
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.thestar.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 544
x-amz-cf-id: dWPMWcfmAAjSpaC2r8cw2zfWpcCEaqNzdhB6LZCpKQG85CqJe8qFFg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 50ms
16ms XHR
application/javascript 13.225.30.130
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.30.130 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-30-130.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 7ed8bfca040de3b276333e3442676bf4.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 05:45:31 GMT
x-amz-cf-pop: CDG3-C2
age: 43043
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 5_7CDx38ATQf3Gm7Wn1tRFtZUil0CBJbV38BCkEgcO8BGYMEPLQn4w==

POST
H2 200 model Show response
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 11 KB
3 KB 349ms
319ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/model
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 444c796333814e17b9accb5e9820fc75a9dc164e38e36adb4ce2fa5323d58125

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 124ms
38ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jul 2023 17:04:37 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2296
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 10 Jul 2023 19:04:37 GMT

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@3.3.2/dist/
Redirect Chain

https://unpkg.com/web-vitals
https://unpkg.com/web-vitals@3.3.2
https://unpkg.com/web-vitals@3.3.2/dist/web-vitals.iife.js

7 KB
3 KB

26ms
26ms

Script
application/javascript

2606:4700::6810:7caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@3.3.2/dist/web-vitals.iife.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Server

2606:4700::6810:7caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27e29a5aebbbc2d82b6f7d9dbbf03ced7ecaf592adf68338a02aff332b3e7bd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3641368
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01H1KXPJRD28PTNQ085R57ZC3J-fra
server: cloudflare
etag: W/"1b99-+0VwSXVmoLd0uGhBB2XoSfehK74"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7e4a9b199f6c1e5b-FRA

Redirect headers

date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01H1KXTSRNGE56THYNXQ93K7XN-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3641230
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@3.3.2/dist/web-vitals.iife.js
cache-control: public, max-age=31536000
cf-ray: 7e4a9b192eaf1e5b-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
83 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B4CQN4KW3R&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0e6b64435c7e78e839b092860fe86b0021188ef3d744aad267e44d38be55127e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84701
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jul 2023 17:42:53 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
83 KB 63ms
62ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b349185811d997b80dbe3e6013db81e8e2c89c4265756e6416cfafe44768b6c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85125
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jul 2023 17:42:53 GMT

GET
H/1.1 200
OK dest5.html Show response
torontostarnewspaperslimited.demdex.net/ Frame 74D7 7 KB
3 KB 122ms
28ms Document
text/html 52.48.195.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.195.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-195-8.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v050-04c10efb4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: wapDIGGbSJ4=
content-encoding: gzip
date: Mon, 10 Jul 2023 17:42:53 GMT
last-modified: Wed, 28 Jun 2023 13:20:51 GMT
vary: accept-encoding

GET
H2 200 id Show response
s.thestar.com/ 48 B
458 B 78ms
19ms XHR
application/x-javascript 63.140.62.135
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.thestar.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&mid=00594391275565266013540427949491741687&ts=1689010973530

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.135 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-135.data.adobedc.net

Software

jag /

Resource Hash

4b866e6dc199e3f4953fd1048f7847814acb78b6cc9249ae61126b5acbbe926a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://www.thestar.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZKxDHQAAAFuFYQN6
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=00625390981284679713544092244171602429
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZKxDHQAAAFuFYQN6

42 B
942 B

31ms
31ms

Image
image/gif

52.49.138.0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZKxDHQAAAFuFYQN6

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

HTTP/1.1

Server

52.49.138.0 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-138-0.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-0e03aa7e8.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Jp0VGv6nSiQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZKxDHQAAAFuFYQN6
Date: Mon, 10 Jul 2023 17:42:53 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 country Show response
api.btloader.com/ 16 B
141 B 117ms
114ms Fetch
application/json 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/country
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 google
vary: Origin
content-type: application/json
access-control-allow-origin: *
cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16

GET
H2 204 pv Show response
api.btloader.com/ 0
66 B 117ms
114ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=uxQBmsgmzu&w=5166328627855360&o=5071905434894336&cv=2.1.13-15-g6498499&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&sid=pV5mF8Koq&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:53 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

OPTIONS
H/1.1 200
OK attention-event
sr.studiostack.com/track/ Frame 0
0 66ms
22ms Preflight
text/html 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Allow: POST
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 4
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Jul 2023 17:42:53 GMT
ETag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
Expires: 0
Pragma: no-cache
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

POST
H/1.1 200
OK attention-event Show response
sr.studiostack.com/track/ 0
396 B 23ms
20ms XHR
text/plain 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Requested by: Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:53 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 0
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 45ms
7ms Script
text/javascript 2600:9000:2250:ec00:a:e047:753:be1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:ec00:a:e047:753:be1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: null
Date: Mon, 10 Jul 2023 02:48:38 GMT
Via: 1.1 b3bfeb8eb7405a05775de8861a4d117c.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 53656
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: AQsLUM3PHjoeTzRNXLq-hq187UXnN5QZQEULSaiZ_CxoTwwtnxeQsg==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 102 KB
25 KB 54ms
24ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4924e12a30059184d9bd1c36294dcdf957f5f2da452209448b35a93aa785cca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 22 Jun 2023 08:35:03 GMT
server: cloudflare
x-amz-request-id: 1WTS3PXJ3PW0DRYQ
age: 2695
etag: W/"9b8b8eb50e4814cbdc325ce477c96910"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7e4a9b19ba161cad-FRA
x-amz-id-2: b6msF3rN/zhF2drF/ZyVJ/eaOX6n6q7WjUHiW7fgtpM7i2lpEc/zln9UFz7xrVPSz52wpUIlNcU=

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 51ms
14ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 19 Jun 2023 09:29:07 GMT
content-encoding: gzip
age: 1844026
x-guploader-uploadid: ADPycdulo62n1Oz3OsP18omM7Whzc8GGJLsUOW8hRKueo04UFAsHphh0sQrfyUH2LYgBzdVpvOez23Ksj_TnHOEACBWSrQ7WPdtv
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 18 Jun 2024 09:29:07 GMT

GET
H2 200 m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,mUDFmf,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,W93Wdc Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1... Frame 93B1 125 KB
43 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5t86KbrddGVgryXfoYnUKMmpiI4g/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,mUDFmf,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,W93Wdc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/am=AKA5Aw/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI56_4vfX52hSZPg2omE56h81XVwPQ/m=_b,_tp,_r

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03568784ef9bf74ec6d2e5119c8afe23fef8e56d328c6b33a1d9bc5cef68170d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43525
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

GET
H2 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1... Frame 93B1 18 KB
7 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/exm=COQbmf,EEDORb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5t86KbrddGVgryXfoYnUKMmpiI4g/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a609f7b1319b1f7f0929dd47b99f33a56d1176a67eafe24c66f7b3734cea4653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7564
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

GET
H/1.1 200
OK attention-data Show response
sr.studiostack.com/track/ 219 B
706 B 400ms
363ms XHR
application/json 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-data?media=130507&ref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Requested by: Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 70b44f4183a1d28a1b73f32d538e1d840edcbad0e3a04e64452f649ebc1557d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:54 GMT
ETag: W/"db-8GRg4+joEMQcsI+yZF1UHrApvkU"
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 219
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

POST
H2 204 collect
region1.analytics.google.com/g/ 0
245 B 50ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B4CQN4KW3R&gtm=45je3750&_p=1338355828&_gaz=1&cid=1826142691.1689010974&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1689010973&sct=1&seg=0&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&dt=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&en=page_view&_fv=1&_nsi=1&_ss=1&ep.Asset_Alias=the-butterfly-ball-raises-nearly-1-million-to-support-abused-children&ep.Breakpoint=desktop&ep.Orientation=landscape&ep.Page_Type=asset&ep.Site_Type=core%20site&ep.Source=web&ep.User_Agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36&up.Torstar_User_ID=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B4CQN4KW3R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 56ms
18ms Ping
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B4CQN4KW3R&cid=1826142691.1689010974&gtm=45je3750&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B4CQN4KW3R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 146ms
62ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B4CQN4KW3R&cid=1826142691.1689010974&gtm=45je3750&aip=1&z=2112515005

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 auction Show response
elb.the-ozone-project.com/openrtb2/ 164 B
1015 B 461ms
427ms XHR
application/json 104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/openrtb2/auction
Requested by: Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0bf3dba92fc69ffb3cd602c4fcf47a32bc5693b11b79393b269ef905b8bb97f3

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7e4a9b1a1a521909-FRA
expires: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 18ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6FZFMVVWVN&gtm=45je3750&_p=1338355828&_gaz=1&cid=1826142691.1689010974&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1689010973&sct=1&seg=0&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&dt=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&en=page_view&_fv=1&_ss=1&ep.Page_Type=asset&ep.Site_Type=core%20site&ep.Breakpoint=desktop&ep.Orientation=landscape&ep.Asset_Alias=the-butterfly-ball-raises-nearly-1-million-to-support-abused-children&ep.Source=web&ep.User_Agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36&up.Torstar_User_ID=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 18ms
18ms Ping
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6FZFMVVWVN&cid=1826142691.1689010974&gtm=45je3750&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 107ms
63ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6FZFMVVWVN&cid=1826142691.1689010974&gtm=45je3750&aip=1&z=1573495647

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 47ms
46ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1338355828&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&ul=en-us&de=UTF-8&dt=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=1054154303&gjid=1881848676&cid=1826142691.1689010974&tid=UA-70431129-1&_gid=1920408568.1689010974&_r=1&_slc=1&gtm=45He3750n81P86MZHL&cd9=web&cd14=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.198%20Safari%2F537.36&z=241145978

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
70 B 45ms
45ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1338355828&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&ul=en-us&de=UTF-8&dt=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=2141734399&gjid=230440309&cid=1826142691.1689010974&tid=UA-73335503-3&_gid=1920408568.1689010974&_r=1&_slc=1&gtm=45He3750n81P86MZHL&z=1386682702

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 images Show response
www.thestar.com/api/liftigniter/ 9 KB
2 KB 183ms
183ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/liftigniter/images

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

40725fbbca1fc45d2e96a8a8338b6d76eeda0a3e7f90eb6e5216eecc850ecfb2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
x-powered-by: Express
etag: W/"243f-KDVRW9jfQFbxC6T1+jdX5H06bDs"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Miss from cloudfront
cache-control: max-age=180
x-amz-cf-id: 5B7Uh2osJeoG1AL5IpTiS2Lec_HCzS8haNJW6oaD8ome4CBKjyUPVA==

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp&cc=1

85 B
202 B

114ms
113ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp&cc=1
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 30cd4232171448300eccb3e98229539b2b48fc2879c0187812bd4b477a0fd4b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-sHtOAeOsUZ/TFrL0/OBr0Y6P0WU"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Mon, 10 Jul 2023 17:42:53 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://www.thestar.com
location: /esp?url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
324 B 32ms
10ms XHR
text/plain 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.thestar.com
date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1... Frame 93B1 1 KB
731 B 39ms
38ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5t86KbrddGVgryXfoYnUKMmpiI4g/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c254f061ba4d6a785c3bf43a7e4ef73522ec0d41099af4bd0b038a7f2d75bdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 705
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

GET
H2 200 ff0654f1f8213afbfaeae0f63392b51d Show response
z737.thestar.com/plugin/plugin/ 252 KB
57 KB 8ms
8ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugin/plugin/ff0654f1f8213afbfaeae0f63392b51d

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

df18b822b58faaaa8d429a60afcd872387b73238f8431de0216a48e781448cdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:26:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 29779
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 57779
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Jul 2023 09:26:34 GMT
server: -
etag: ff0654f1f8213afbfaeae0f63392b51d
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: aYrIDy36hHryvsX5VFSMhKoK7d2fdorwnzAyuzVByEdrFMcKxwZOjg==
expires: Tue, 09 Jul 2024 09:26:34 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 20ms
19ms XHR
text/plain 2a00:1450:400c:c0d::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-70431129-1&cid=1826142691.1689010974&jid=1054154303&gjid=1881848676&_gid=1920408568.1689010974&_u=YADAAAAAAAAAAC~&z=938119922

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0d::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 10 Jul 2023 17:42:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1... Frame 93B1 18 KB
6 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5t86KbrddGVgryXfoYnUKMmpiI4g/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dd63c10a1954003739225b98b306fa48534e683ae0311106e9a905a6deb571f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6324
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

POST
H3 200 batchexecute Show response
news.google.com/swg/_/SubscribewithgoogleClientUi/data/ Frame 93B1 158 B
189 B 112ms
111ms XHR
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2Fui%2Fv1%2Fserviceiframe&f.sid=2445502362200076569&bl=boq_subscribewithgoogleclientserver_20230705.08_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=63774&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98a13774757252835f685473e1f3e736386b707e1b75be35d378b99e607fe0c2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 10 Jul 2023 17:42:53 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1... Frame 93B1 108 KB
36 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.BMATQ0RAXqs.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.kCsao7Cs8UM.L.B1.O/am=AKA5Aw/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,RqjULd,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5t86KbrddGVgryXfoYnUKMmpiI4g/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61f9cb335de6f13c959e45a68990fd5c9753c1410bf002670830b9baa0429a0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 22:23:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 328774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36648
x-xss-protection: 0
last-modified: Thu, 06 Jul 2023 00:49:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Fri, 05 Jul 2024 22:23:19 GMT

GET
H2 200 user_agent.min.js Show response
z737.thestar.com/plugins/listener_logout_torstar/ts_19beba72f86c9c8dac3d26c579a17658/frontend/src/scripts/ 5 KB
2 KB 8ms
7ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugins/listener_logout_torstar/ts_19beba72f86c9c8dac3d26c579a17658/frontend/src/scripts/user_agent.min.js

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

459e95cf842f6dee4b6aafa23a5fcc6f65c228390c131da04c47ca997b2b0e94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 29 Mar 2023 01:08:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 8958862
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1274
x-xss-protection: 1; mode=block
last-modified: Tue, 28 Mar 2023 01:08:31 GMT
server: -
etag: 333f52c72fdc4072c6c7950dab8f54f4
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: EipTHLR8RTAFghQJuHhSEcz0KF4b-TFGayuf6GoYwgcBPgoRYPcPxA==
expires: Thu, 28 Mar 2024 01:08:31 GMT

GET
H2 200 6265b99ea16fa3d7890a46b0078a3335 Show response
z737.thestar.com/plugin/library/ 465 KB
145 KB 8ms
8ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugin/library/6265b99ea16fa3d7890a46b0078a3335

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

d9d280cee9867539fd657970c2fd0166286ef306a36a8778953c66469347a2cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:26:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 29778
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 147419
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Jul 2023 09:26:35 GMT
server: -
etag: 6265b99ea16fa3d7890a46b0078a3335
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: _bFcnO95f9xy2sgcm8i0mKQeAlzAtbhxADFiABu05miOUQeINS_kvQ==
expires: Tue, 09 Jul 2024 09:26:35 GMT

POST
H2 200 LB-Zone-2 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/263/ 5 KB
2 KB 289ms
289ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263/LB-Zone-2?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=&bctempid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&overruleReferrer=&time=2023-07-10T17%3A42%3A53%2B00%3A00&ts=1689010973980

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

242a33de01a52985bdd655a2eb918acdb4bbb0f81d489cc0a50b492b745eab5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1637
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: i-KRT1K8RzDbwaE08z0hvZjMTsCmpdQW1f7rzV5_D1OnkSqTnVg0PQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 brand%403x.png
torstar.sb.blueconic.net/rest/dialogues/files/92a5531d-64b4-4964-8bc1-6e89602c9514/ 4 KB
4 KB 341ms
104ms Image
image/png 54.221.61.97
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://torstar.sb.blueconic.net/rest/dialogues/files/92a5531d-64b4-4964-8bc1-6e89602c9514/brand%403x.png

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.221.61.97 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-221-61-97.compute-1.amazonaws.com

Software

- /

Resource Hash

8966b07f115c55f76167b14a9eb7b8ca82ed3390f82878ee75b47f2c34163ea2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 09 Jul 2023 17:42:54 GMT
server: -
x-permitted-cross-domain-policies: master-only
etag: 77ee54cf130d3c899f9b5443c520453e
content-type: image/png
p3p: policyref="", CP="DSP"
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
content-length: 4108
x-xss-protection: 1; mode=block
expires: Tue, 09 Jul 2024 17:42:54 GMT

GET
H2 200 Summer-Sale-2-495x300px.gif
www.thestar.com/content/dam/thestar/static_images/subscription/ 273 KB
274 KB 16ms
16ms Image
image/gif 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thestar.com/content/dam/thestar/static_images/subscription/Summer-Sale-2-495x300px.gif

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.56 () OpenSSL/1.0.2k-fips Communique/4.3.3 /

Resource Hash

f3d0dbf86ff1b2fb8dabd477549e97479ff24a8ef2d4c582960619813e28be4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 04 Jul 2023 13:43:05 GMT
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
last-modified: Tue, 04 Jul 2023 13:42:10 GMT
server: Apache/2.4.56 () OpenSSL/1.0.2k-fips Communique/4.3.3
x-amz-cf-pop: CDG52-P1
age: 532843
x-cache: Hit from cloudfront
content-type: image/gif
cache-control: max-age=31546000
accept-ranges: bytes
content-length: 279639
x-amz-cf-id: MMrz6jX3HWC7h2721QqoRl-MDrxItwLXpu91Sdj3X7n9BYpBXlQ_GQ==
expires: Wed, 03 Jul 2024 16:29:45 GMT

GET
H2 200 config Show response
push.kumulos.com/v1/web/ 2 KB
1 KB 34ms
34ms Fetch
application/json 2a03:b0c0:3:d0::be2:3001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://push.kumulos.com/v1/web/config

Requested by

Host: static.app.delivery
URL: https://static.app.delivery/sdks/web/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::be2:3001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

81213e09ec09abe060a47d101767ef8f2d2cce6f1212b237541cba0445bf730c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
Authorization: Basic ZWU3M2FkYjUtMWRmOS00ZGY4LTkyYTQtNzhlYWYxODJmNmU5OmUyVG1NTWNHMXlGOUR4OGxrZ0tBOVVXRkk4bHVOWVozZkhlUw==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubdomains;
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
access-control-max-age: 36000
access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With

OPTIONS
H2 200 config
push.kumulos.com/v1/web/ Frame 0
0 86ms
31ms Preflight
text/html 2a03:b0c0:3:d0::be2:3001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://push.kumulos.com/v1/web/config

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::be2:3001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
access-control-max-age: 36000
allow: GET,HEAD
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
server: nginx
strict-transport-security: max-age=15552000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 204 events
events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ 0
0 97ms
96ms Fetch 2a03:b0c0:3:f0::1bc:5000
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/events

Requested by

Host: static.app.delivery
URL: https://static.app.delivery/sdks/web/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:f0::1bc:5000 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
Authorization: Basic ZWU3M2FkYjUtMWRmOS00ZGY4LTkyYTQtNzhlYWYxODJmNmU5OmUyVG1NTWNHMXlGOUR4OGxrZ0tBOVVXRkk4bHVOWVozZkhlUw==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
strict-transport-security: max-age=15552000; includeSubdomains;
x-content-type-options: nosniff
server: nginx
access-control-max-age: 36000
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
cache-control: no-cache, private
access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With

OPTIONS
H2 200 events
events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ Frame 0
0 72ms
15ms Preflight
text/html 2a03:b0c0:3:f0::1bc:5000
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/events

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:f0::1bc:5000 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
access-control-max-age: 36000
allow: POST
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
server: nginx
strict-transport-security: max-age=15552000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 204 events
events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ 0
0 107ms
106ms Fetch 2a03:b0c0:3:f0::1bc:5000
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/events

Requested by

Host: static.app.delivery
URL: https://static.app.delivery/sdks/web/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:f0::1bc:5000 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
Authorization: Basic ZWU3M2FkYjUtMWRmOS00ZGY4LTkyYTQtNzhlYWYxODJmNmU5OmUyVG1NTWNHMXlGOUR4OGxrZ0tBOVVXRkk4bHVOWVozZkhlUw==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
strict-transport-security: max-age=15552000; includeSubdomains;
x-content-type-options: nosniff
server: nginx
access-control-max-age: 36000
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
cache-control: no-cache, private
access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With

OPTIONS
H2 200 events
events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ Frame 0
0 78ms
22ms Preflight
text/html 2a03:b0c0:3:f0::1bc:5000
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://events.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/events

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:f0::1bc:5000 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
access-control-max-age: 36000
allow: POST
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
server: nginx
strict-transport-security: max-age=15552000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H2 200 segment Show response
api.permutive.com/adv/v2/ 14 B
78 B 30ms
30ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 331 B
316 B 27ms
25ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e4afed48ed0b54b19b4403524034c0484fd7f59be06a733475ff6490846cf56d

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 254

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 130ms
45ms Preflight
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
expires: Mon, 10 Jul 2023 17:42:54 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 93B1 131 B
155 B 128ms
50ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jul 2023 17:42:54 GMT

POST
H3 200 log Show response
play.google.com/ Frame 93B1 131 B
155 B 125ms
48ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jul 2023 17:42:54 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 130ms
45ms Preflight
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
expires: Mon, 10 Jul 2023 17:42:54 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 130ms
46ms Preflight
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
expires: Mon, 10 Jul 2023 17:42:54 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 log Show response
play.google.com/ Frame 93B1 131 B
155 B 125ms
49ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
X-Goog-AuthUser: 0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
server: Playlog
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://news.google.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: X-Playlog-Web
content-length: 131
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 10 Jul 2023 17:42:54 GMT

POST
H2 200 images Show response
www.thestar.com/api/liftigniter/ 8 KB
2 KB 181ms
180ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/liftigniter/images

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

53a304e5ed57e7c99b13b40abdbd2b1db2c7d4d29a00a9c3df267b6aae3c0975

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
x-powered-by: Express
etag: W/"21c9-5OZA87ko+zA09MDYQAk+UIEtCgw"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Miss from cloudfront
cache-control: max-age=180
x-amz-cf-id: WB2zdKfyKAadTS8qImXn0VzSmUcb1tgk4sxZjRp8ps1YfuoGVG2nXw==

POST
H3 200 segment Show response
api.permutive.com/adv/v2/ 14 B
28 B 29ms
28ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=false&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
H/1.1 200
OK / Show response
p1.parsely.com/plogger/ 43 B
257 B 131ms
29ms Fetch
image/gif 54.155.18.159
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p1.parsely.com/plogger/?rand=1689010974138&plid=1269431&idsite=thestar.com&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2200594391275565266013540427949491741687%22%7D&sid=1&surl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&sref=&sts=1689010973572&slts=0&date=Mon+Jul+10+2023+17%3A42%3A54+GMT%2B0000+(GMT)&action=heartbeat&inc=1&tt=500&u=pid%3Dbe879833f0202e6ebca54ff48b4ec873
Requested by: Host: cdn.parsely.com
URL: https://cdn.parsely.com/keys/thestar.com/p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.18.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-18-159.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:42:54 GMT
Cache-Control: no-cache
Last-Modified: Monday, 10-Jul-2023 17:42:54 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 ruleenginedata Show response
www.thestar.com/api/ 11 KB
3 KB 19ms
17ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/ruleenginedata

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

f1dc555b74071c11fb7bbcd86fa650618db83723a8828d04850e90ec73dc5898

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:45 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 9
x-powered-by: Express
etag: W/"2c58-On6xrYp0/du6eGARnnYHeUEyBMw"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
x-amz-cf-id: 90HGfk0VhZqhPmeUIeLLgXUS0EBzHEdK0ucIzVItwst1irium-EUrw==

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 123ms
28ms Image
image/gif 54.155.18.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1689010974141&plid=1269431&idsite=thestar.com&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2200594391275565266013540427949491741687%22%2C%22_scrollIncrement%22%3A1%2C%22_scrollMethod%22%3A%22heartbeat%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A7573%2C%22_trustBar%22%3A4054%7D&sid=1&surl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&sref=&sts=1689010973572&slts=0&title=Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children+%7C+The+Star&date=Mon+Jul+10+2023+17%3A42%3A54+GMT%2B0000+(GMT)&action=_scroll&u=pid%3Dbe879833f0202e6ebca54ff48b4ec873
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.18.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-18-159.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:42:54 GMT
Cache-Control: no-cache
Last-Modified: Monday, 10-Jul-2023 17:42:54 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 126ms
29ms Image
image/gif 54.155.18.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1689010974142&plid=1269431&idsite=thestar.com&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2200594391275565266013540427949491741687%22%2C%22_scrollIncrement%22%3A0%2C%22_scrollMethod%22%3A%22pageview%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A7573%2C%22_trustBar%22%3A4054%7D&sid=1&surl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&sref=&sts=1689010973572&slts=0&title=Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children+%7C+The+Star&date=Mon+Jul+10+2023+17%3A42%3A54+GMT%2B0000+(GMT)&action=pageview&js=1&pvid=30310845&u=pid%3Dbe879833f0202e6ebca54ff48b4ec873
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.18.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-18-159.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:42:54 GMT
Cache-Control: no-cache
Last-Modified: Monday, 10-Jul-2023 17:42:54 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 channels Show response
push.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ 53 KB
6 KB 69ms
69ms Fetch
application/json 2a03:b0c0:3:d0::be2:3001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://push.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/channels

Requested by

Host: static.app.delivery
URL: https://static.app.delivery/sdks/web/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::be2:3001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

d8b122f4d395b489fdf67acec120d4b3e47f87af1efe5547a7e9258e2bc6863a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
Authorization: Basic ZWU3M2FkYjUtMWRmOS00ZGY4LTkyYTQtNzhlYWYxODJmNmU5OmUyVG1NTWNHMXlGOUR4OGxrZ0tBOVVXRkk4bHVOWVozZkhlUw==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubdomains;
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
access-control-max-age: 36000
access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With

OPTIONS
H2 200 channels
push.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/ Frame 0
0 36ms
35ms Preflight
text/html 2a03:b0c0:3:d0::be2:3001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://push.kumulos.com/v1/app-installs/c19cc9f7-d4a2-4d84-a6a5-df7d62d7fd1d/channels

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a03:b0c0:3:d0::be2:3001 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubdomains;
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Origin, Accept, Authorization,Cache-Control,X-Requested-With
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: *
access-control-max-age: 36000
allow: GET,HEAD
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:54 GMT
server: nginx
strict-transport-security: max-age=15552000; includeSubdomains;
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 4C82 0
176 B 62ms
19ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Mon, 10 Jul 2023 17:42:54 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

OPTIONS
H2 200 00594391275565266013540427949491741687
api.thestar.com/users/data/anonymous/sitename/thestar/id/ Frame 0
0 395ms
284ms Preflight
application/json 13.32.121.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.thestar.com/users/data/anonymous/sitename/thestar/id/00594391275565266013540427949491741687
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-102.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-api-key
Access-Control-Request-Method: GET
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
x-amz-apigw-id: H29s0GTsoAMF8pg=
x-amz-cf-id: VMpbvDoH0lj474yqTikW3r7q-IvxKt1q_8_09zXBaspqdBeQfO19Sw==
x-amz-cf-pop: FRA60-P1
x-amzn-requestid: c1c4ac8b-f51a-4f45-b6cd-9472fe5536b7
x-cache: Miss from cloudfront

GET
H2 200 00594391275565266013540427949491741687 Show response
api.thestar.com/users/data/anonymous/sitename/thestar/id/ 51 B
428 B 308ms
307ms XHR
application/json 13.32.121.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.thestar.com/users/data/anonymous/sitename/thestar/id/00594391275565266013540427949491741687
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-102.fra60.r.cloudfront.net
Software: /
Resource Hash: a0ec8793ecc2c9d97dcceac6cce1de315e1a0cf7b6c5180060916c2d047c9a1c

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
x-api-key: b07LQ46EyU42X8fc14kd08w8gAyfSf337nbF5L8b

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 ec1ac21acdbd36c971eca9d6b61d0744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amzn-trace-id: Root=1-64ac431e-022fa3ee3bb4e6361a5ac4e7;Sampled=0;lineage=ec555b06:0
x-amzn-requestid: 2cf90c85-8def-4b93-a2d8-ea7d7fdfda54
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-apigw-id: H29s3FC6oAMFhSw=
content-length: 51
x-amz-cf-id: oVQGb1HbGMM20Qbyc-2VB7eE5eFMK3K7l7CIr0A-xiLeQOOVgS_ASg==

POST
H2 200 images Show response
www.thestar.com/api/liftigniter/ 3 KB
1 KB 182ms
181ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/liftigniter/images

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

3eb2891f7520f0e0c7ea1be09d0668cf3878ff7cedecf09ea12190106f9b3b93

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
x-powered-by: Express
etag: W/"a82-XlIGmZww+rD2KmN9Ife37vCUxB4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Miss from cloudfront
cache-control: max-age=180
x-amz-cf-id: BL_HHMoP-DyLVI1EW36zEhk_iuxc7jjhQ4YkoMWk0AyO_50t9kXUqQ==

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 6 KB
4 KB 286ms
286ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974324

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

4c548661ddfabb07e420f0bed137a70e49593bcfba098e93332da4d5239e8aa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 2613
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: 30Yt06OKXbTKmYa9Swexw5bCrfJNGboV5TcuYeo8AjQiMBmS6Gh66g==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 399ms
398ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974325

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

6b7ef196947252a08d6c5250dade0d2a985ebfbb5531e1a5154897149cf718df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 170
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: bkWZWqut0722-uvDwVP52Vvd9or4G_TwWZQ9ULctVb7_6GNbUe4fwA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 jquery.fancybox.pack.js Show response
z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/ 23 KB
9 KB 8ms
8ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/jquery.fancybox.pack.js

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

99c2257ab0c877ef811c0dde48d17bfb2cf1f1a5bd5bc6a9e9a7f4a114f4df3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 12747799
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 8529
x-xss-protection: 1; mode=block
last-modified: Sun, 12 Feb 2023 04:39:35 GMT
server: -
etag: bcd257ffe249380dcdc2e45c7ca35fb1
content-type: text/javascript; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: TORdFqtrnreedHzFQLHxHD7TxG7QvPGpDw93vu9__WC0gX_K9UBaxQ==
expires: Tue, 13 Feb 2024 04:39:35 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 562 B
1 KB 397ms
397ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974336

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

e3f111cc28228909caaae31c25d4db6546b678371d45ae42e76355b3f3bd7b34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 163
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: ZGu1fSZw6Ft9qsl23TRzMAhEA1zmKI1P9dIMY_Yv-9-Ma5tThcF3fw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 171 KB
47 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/plugin/plugin/ff0654f1f8213afbfaeae0f63392b51d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 10 Jul 2023 17:42:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: Vf24SXdoFaFhzsEIYwTIntR9Ja9e0S/sSQw8fqxh458C1Rdi6nUNuLIh1kNKen6PYT7tOzJ+EGl3O3yvA5foFQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 stats Show response
z737.thestar.com/rest/v2/recommendations/ 57 B
897 B 295ms
294ms Script
text/javascript 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/rest/v2/recommendations/stats?storeId=3a82e4aa-496b-4fad-b45e-aa27cb2383a4&action=view&itemId=da1c4fe1-0b68-467e-81c4-cacdef5d78b9&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&profileId=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&isEntrypage=true&hash=81fec7b75b9bee1e69530374c5b03fa8&lastmodified=1686999612000&referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&&callback=bc_json265

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

e38635002058cff9a4630366e7b07aea82fbe6fc31163e76d2a233971e9e8ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 77
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
content-type: text/javascript;charset=utf-8
cache-control: no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag: noindex, nofollow
x-amz-cf-id: TZGXcgj7XqJWFx2GeCj3srURWVmC9fRop8p4QD87CwBieAq_4yyA0g==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 553 B
1 KB 382ms
381ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974358

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

ce65195cc421c1ca1f56e1416a4a89d936dfc30bcb589164abbe6675487ff496

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 180
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: NxX9FeFj7uslMoDtwmY_ZC9Xufa42i0xm31GNWl8DVvFpSMRr4Uqxw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
94 B 115ms
114ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=conversion_shown&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=2233&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=30&jsfv=nbc&ts=1689010974331&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&conversion_t=%5BSTAR%5D%20HeaderCTAButtonMobile_NonSubs_Subscribe_Q323_SummerSale&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
94 B 116ms
115ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=conversion_shown&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=2235&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=31&jsfv=nbc&ts=1689010974333&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&conversion_t=%5BSTAR%5D%20HeaderCTAButtonStickyMenu_NonSubs_Subscribe_Q323_SummerSale&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 384ms
384ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974360

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

6bc8906af356ba7aedf2901b5e89bf315ec7934ae1a0588e50d55b25059e3126

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 166
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: wiCFgJlEZs5NjwrUZ1JaChc8Hqexz3VvLNTSvV7S6KJKlz-G79aa_w==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 379ms
379ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974362

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

0fd721f8ec8a6c821bae5a28ec4afcffa1a42496ef27a6384163e35fced3ce9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 166
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: Tz9FqKYLRlAFSaLMtbPLcGfjwTziaUHqkw0PkWLvxvbh4V1hXFjWsA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 cs Show response
torstar.blueconic.net/DG/DEFAULT/ 66 B
860 B 111ms
111ms Script
text/javascript 52.21.220.26
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://torstar.blueconic.net/DG/DEFAULT/cs?bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&&callback=bc_json266

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.21.220.26 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-21-220-26.compute-1.amazonaws.com

Software

- /

Resource Hash

0fb5ebef2161e33f83200e08dd783af5e1755460db227b72d48841e56771b985

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: -
x-permitted-cross-domain-policies: master-only
content-type: text/javascript; charset=utf-8
p3p: policyref="", CP="DSP"
cache-control: no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag: noindex, nofollow
content-length: 86
x-xss-protection: 1; mode=block
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 376ms
376ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974369

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

2a501fa4c7eea9c5278ee6e08d653cb5298330e08c3671ef2919109168088421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 165
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: 4dsZSNdwr5l7wZQBX_wk3EWh09-Y7sHG_-vtzZ0SQIfMD16aywFc-A==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 378ms
378ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974370

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

410ecc7bc34cd599b4665b22389c30f1e1cd6e61c7c92bb1fbd90ce87ebe79a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 166
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: Q-3ZcLUpBkUAcr1BfTAoi6-nhNXc0ePhHUlZ3ETs8VmZd2DS0wzsyQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 380ms
379ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974371

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

66db9f3838bea6b16999c07f06f9cde714dd4ce105d915572d79022b921552e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 167
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: D91l-PLFRGlgSTaID7V8y_5ctT7Ij78RtlD_jikkWxES2QI-BSLmUw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 381ms
381ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974372

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

a7569d960bc9612d2822c8dec2f2c88f45364b85b312debbaddc82d49316493b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 166
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: q35-tLYJ8o8p-18lGF3VvlcjmBQxR86e5yJRxFbNULToLxMAcG9L8w==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 388ms
387ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974373

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

dba0d5bb0d1279f4a9b3fa088d105526b2ab6a66bb60387b58ae140f3122cba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 165
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: rBWqPzo5ORovAQCP_FqiSsBhmoCtQsJB0XpZY5z_9hygfZYYa67tPQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 185 B
1 KB 383ms
383ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974374

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

0e7c3dbf8d25622a69944b8dfc589a95188e524b654b1b37f8a4a382c5a6888d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 166
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: VBK3oBwkd0G7oHid_E5CGEAcxMNuSBB2iB6Sckq2nQwvq3Zn74Bh8Q==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 jquery.fancybox.css
z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/ 5 KB
2 KB 8ms
7ms Stylesheet
text/css 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/jquery.fancybox.css

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/plugin/plugin/ff0654f1f8213afbfaeae0f63392b51d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

27eb87df8f4eb3164ad81ff266aed79d50a33f6869c249ee27ac80ad0c1e3dc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:39:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 12747798
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1429
x-xss-protection: 1; mode=block
last-modified: Sun, 12 Feb 2023 04:39:36 GMT
server: -
etag: a422994bd079b12c03bcc1bd67573254
content-type: text/css; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: I0zYo283_o3GDXuScSnFb_5o40mRlUMxJvfyCi1BuArGVK9dwLlrRA==
expires: Tue, 13 Feb 2024 04:39:36 GMT

GET
H2 200 lightbox.css
z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/css/ 219 B
705 B 8ms
8ms Stylesheet
text/css 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/css/lightbox.css

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/plugin/plugin/ff0654f1f8213afbfaeae0f63392b51d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

e4058b846286433d019ff33bb22b2eca434c9d36249df436d5a3c623825674d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 10 May 2023 00:08:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 5333693
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 174
x-xss-protection: 1; mode=block
last-modified: Tue, 09 May 2023 00:08:01 GMT
server: -
etag: 509ab20e0f70a848e487fc09470fbf83
content-type: text/css; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: zrtKzcJBqncVW40QaAyiigWLGY7k15-_mmdKzNyOiGXeipAST8g9fg==
expires: Thu, 09 May 2024 00:08:01 GMT

GET
H2 200 549886031832745 Show response
connect.facebook.net/signals/config/ 613 KB
189 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/549886031832745?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1578cb04c3fc725e72fd4f1b0999ab86e5e5c9612d83968c46b047e8b8b0febf

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 10 Jul 2023 17:42:54 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 192704
x-xss-protection: 0
pragma: public
x-fb-debug: hhD4QUD0EFzXkpf4OyM9hL5Ju1+kXKiuDgSsowtKce8mVSSm7yHH6vPexAyN+MpkSC/xlvlPzUfhHqCtOFUJbw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
49 B 114ms
114ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=conversion_shown&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=2336&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=32&jsfv=nbc&ts=1689010974434&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&conversion_t=%5BSTAR%5D%20Overlay_UnknownDesktop_Subscribe_Q323_SummerSale&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 biz_gtahomehunt15_2_.jpg
images.thestarimages.com/L7VBDB1kS6C-U6Ldm3s3I45EbDY=/100x100/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/this-20m-bridle-path-home-has-been-on-and... 2 KB
3 KB 125ms
125ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/L7VBDB1kS6C-U6Ldm3s3I45EbDY=/100x100/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/this-20m-bridle-path-home-has-been-on-and-off-the-market-for-15-years-why-cant-it-sell/biz_gtahomehunt15_2_.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fa2ff548d010318e271f7f1160d8b7ff588ff0f2721aced839405018b597349

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "14c0f9e92faf163f0a4d472f59e02d3a2d02f4eb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDotZNhoOrDqlbqkOgCBE%2FlEazQmxTFmVeLAP4h2AIo%2BwC4wYnEtCN7I6K1OlhczIoMaIF0xVIMSkOZShknp9%2Fnte5XXM7sLaPm%2BVaudmbqQeEBTzvuIxxipOF9a6HvndAYIeMnt9W72mEgTfSM%2FcU%2Bzw5bO6lA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b1e9fb69036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 2356
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 a_muskoka_modern_prefab.jpg
images.thestarimages.com/ql3UfjYTeSs8R-ULtg6AWH9WrYI=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/they-wanted-to-replace-cabin... 4 KB
4 KB 473ms
473ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/ql3UfjYTeSs8R-ULtg6AWH9WrYI=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/they-wanted-to-replace-cabin-on-their-lake-muskoka-property-they-did-something-completely-different/a_muskoka_modern_prefab.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: deeead4cfa93e8916be5b630104235b4c36967a965c7ea45b4bd1a24138cd4e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "532810aed63e22175fdbdf06c89b46e101c03991"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7i4pUvdIDxnXJdEztLWkMjf7oNMTbtFRndlT8X42n%2FG2gQd8njLpE7t2x8dRog4QQY7xNexC%2BleCU4YcgTKz5BRaXOibRJJeWr3LlCL%2Bk9JBDK3OuBwIdU9BTn%2F5iw5Ozu9v2rCr8jSa7t3joPHe5IvuHtxRt8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b1e9fb89036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 3618
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
49 B 114ms
113ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=widget_shown&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=2398&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=33&jsfv=nbc&ts=1689010974496&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&w=star_web_ymbii&source=LI&pl=null&tr=null&st=2398&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Freal-estate%2F2023%2F06%2F17%2Fthis-20m-bridle-path-home-has-been-on-and-off-the-market-for-15-years-why-cant-it-sell.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Freal-estate%2F2023%2F06%2F17%2Fthey-wanted-to-replace-cabin-on-their-lake-muskoka-property-they-did-something-completely-different.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Ftravel%2F2023%2F06%2F18%2Fcollingwood-is-an-underrated-weekend-getaway-spot-here-are-five-places-locals-say-you-cant-miss.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fadvice%2F2023%2F06%2F17%2Fi-asked-for-a-designer-bag-for-my-birthday-he-bought-me-a-super-fake-instead-im-mad-he-says-im-ungrateful-whos-right-ask-ellie.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2F2023%2F06%2F20%2Fheres-how-much-cash-you-can-save-by-making-these-four-environment-friendly-changes.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2F2023%2F06%2F18%2Fshould-you-brush-your-teeth-before-or-after-breakfast-we-asked-dentists-to-weigh-in.html%22%5D&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 biz_gtahomehunt15_2_.jpg
images.thestarimages.com/l1w90DVAMQxH40kZ0NtYVtoyE3g=/690x460/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/this-20m-bridle-path-home-has-been-on-and... 28 KB
28 KB 119ms
118ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/l1w90DVAMQxH40kZ0NtYVtoyE3g=/690x460/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/this-20m-bridle-path-home-has-been-on-and-off-the-market-for-15-years-why-cant-it-sell/biz_gtahomehunt15_2_.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 287bc2b1a64e255983a2cde3d5af8563daa6c21cfd68917750613a6132ba5ea3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "f6571fa33d87125d807539890d2b1d5031726562"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qid3pib0sDHILZEs8Ia4KJii0teeyYePUNmnoW59LHKFcSjNj7EtyjiZ%2Bjyh7y5zU5cimx8Yz1SJWLasKjjNJ2s3A5O6pCeNyAb8mOxQCV75BB7kWPWK3tFJPKrFhtf3fXIRSRpjyl6BO6fELRDtYEclYFl6hhI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b1eafc29036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 28636
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 a_muskoka_modern_prefab.jpg
images.thestarimages.com/pALafFHvP5gLfdEXqKBXoI8CL0A=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/they-wanted-to-replace-cabin... 61 KB
62 KB 622ms
622ms Image
image/webp 2606:4700:e4::ac40:a821
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.thestarimages.com/pALafFHvP5gLfdEXqKBXoI8CL0A=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thestar.com/content/dam/thestar/real-estate/2023/06/17/they-wanted-to-replace-cabin-on-their-lake-muskoka-property-they-did-something-completely-different/a_muskoka_modern_prefab.jpg
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a821 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f37646655d25e252e7b4d5c9c7cdfc4d042b0cd1136a4025c3703033879c6c5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "85bb9cb6078251f6923af77b20d7c0eea2bd685b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VrH1yXng8Opv6G0nRgotcuNYHOA617hde0Nk%2Bk0Fjy5X4fszKRltCKaIKd3KCyeUorLkEiECRKe2DevN0kXZOdgvMTtusXzwQ7ROQNTadBBTCIJ1rRlo0maVdRT34EYSIV%2FtpMTFmeHxzJcUqjmiO7or3kvEtxI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7e4a9b1eafc39036-FRA
alt-svc: h3=":443"; ma=86400
content-length: 62790
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 621 B
1 KB 284ms
284ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974614

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

7d4ecbe36062e469e7d31e9109f7423b20c6f8c147091afbeee0ce69fed28cf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 275
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: LPvjd8cAreVy6O1c7v5ams9pqtW4XtonMd9_kkzP9v1NqsfPGWiANQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 301 B
182 B 22ms
22ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 75a6afe77b587b36901b089216bbd93e2cde08ca1a700d9f628b1877cd052dbd

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 164

GET
H2 200 b
engagefront.theweathernetwork.com/x/ 47 B
315 B 153ms
107ms Image
image/gif 34.120.23.223
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://engagefront.theweathernetwork.com/x/b?data=%7B%22advertiser_org_id%22%3A%2261731269aabe2aa0d6cf5785%22%2C%22event_name%22%3A%2249695385_45a9_4217_b0c5_58934bb70a35%22%2C%22subevent%22%3A%2278386%2C79131%2C86886%22%7D
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.23.223 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 223.23.120.34.bc.googleusercontent.com
Software: TornadoServer/6.3.1 /
Resource Hash: af9dbf02c85319fda5ed6e97828a8328ce87a4a11e2a95d506654bf7dee244f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
via: 1.1 google
server: TornadoServer/6.3.1
etag: "2f28ed1ccf7c08cf22491757fe20385249db162e"
p3p: policyref='/static/w3c/p3p.xml', CP='NOI DSP COR DEVa TAIa OUR BUS UNI'
content-type: image/gif
cache-control: max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47
expires: Mon, 10 Jul 2023 17:42:54 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 100ms
100ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974765

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

d3406db30c5acf39a067f87b25bfee2fb19eec0a4c76e7ae80076d4858adec8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 170
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: syO_aglA9nl8uX2v8x1PfBZVsl2jyTrsI_Wh51vDBlmZIYEfleMLFg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 102ms
102ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974766

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

1a6610a0faa3df1040fdcc139278a79a983a665c3857b31461dc0b82c0f31d62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 170
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: Zyc2tR7-yPUyM4ERHSt8HK-15ACQWAG5ss0iKIlZUt_NQzeT7HOUcg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 282ms
281ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974767

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

4ce39a658087a488c21428da93b6c35b9712f024a8ac96e2535bddfd58695c52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 170
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: 9mI6EonveXM3wKXJH28sVxfeE5Jym_KuxqznFFc3gvZt9ikG47ZfeQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 default Show response
www.thestar.com/api/overlaydatarule/ 74 KB
13 KB 18ms
17ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/overlaydatarule/default

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

6bf0de52c3d53c3321b2314dd75bfacb03d04b829cb1cab3b36e7f77b13d4e33

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:53 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 61
x-powered-by: Express
etag: W/"12612-4kFTLfCprXMhwkVgPlpC9vYm6HU"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
x-amz-cf-id: xNcpBYlPFLdHsmZIbEr-b3Dq8xw5Zh4QVY8IIDUjpZH4HKBjShIEqA==

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 100ms
100ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974941

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

57e7c5fdaf03eb2a1448370c4220132a7038b95c51fc8e8d371c486c778425b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 171
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: UfhXBVtkvABsf7Qky-NzDsOljHOueZPeIba09Ctp383FKFhM4CLw4Q==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 overlaydata Show response
www.thestar.com/api/ 72 KB
13 KB 18ms
18ms XHR
application/json 52.222.149.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thestar.com/api/overlaydata

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/static/vendors~bundle.chunk.js?v=413c0731

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.149.23 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-149-23.cdg52.r.cloudfront.net

Software

Apache/2.4.57 (Unix) OpenSSL/3.0.9 / Express

Resource Hash

7e41416ea440eee0f014c0435cd770f9350e5aca422cca447aaba8538de0a3c3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:53 GMT
content-encoding: gzip
via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
server: Apache/2.4.57 (Unix) OpenSSL/3.0.9
x-amz-cf-pop: CDG52-P1
age: 61
x-powered-by: Express
etag: W/"11f01-fU92zs+enA5anKW9NmDz4ugLW14"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://amp.thestar.com
x-cache: Hit from cloudfront
cache-control: max-age=180
x-amz-cf-id: McU0LTwiqJADqzl4Dy7QpFqrfHdqJaQVQRqwUjNh2ma6awUTIOUAhw==

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 20 KB
6 KB 113ms
113ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A54%2B00%3A00&ts=1689010974981

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

7f15fe51526173eac3a9273b1b0824cd99323d2ac32e0ea2ca5dcc39b0c47b79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 4863
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: bFmO7yDpnQuAv_-ef_eYeSi9FaLzFY3cYyVmaUf3NgPpiVNG2oTilg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 RC92631a6dea374f7f8c4e27bdaaf0a413-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 12 KB
5 KB 9ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RC92631a6dea374f7f8c4e27bdaaf0a413-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fcabc48bd0ddf26e9461ff47f7a03f1e4d4336eb59bf2ab363a5475c0149a61a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:01 GMT
x-amz-version-id: 6OlKTst9j5cWJgms4Aauv69aoKuemt_4
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"c8cef352027b2146ae4bf666d1814a56"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 595
x-amz-cf-id: 2Pd4WnYtZswgi-soqUqChPvmgcHKp72GpdgVBnbAiW7rHR2LextsDw==

GET
H2 200 close.png
z737.thestar.com/rest/v2/dialogues/files/38bbb8e6-2ab5-4aca-b63f-d8596ddc3ba8/ 269 B
773 B 8ms
8ms Image
image/png 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://z737.thestar.com/rest/v2/dialogues/files/38bbb8e6-2ab5-4aca-b63f-d8596ddc3ba8/close.png

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

f5ee1f486d72b4c1b2ba4a16320729616508e9d67b4440aa5fc3a78fd18cd0e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:26:40 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 29775
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 269
x-xss-protection: 1; mode=block
last-modified: Sun, 09 Jul 2023 09:26:40 GMT
server: -
etag: bdffbfd63e3bf04b6c6c464895067bcf
content-type: image/png
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: N-s78MqLje4GJMO_4q5rayIK2hoDUy_A5Vt4KeUGrG9-LLjz04mMnw==
expires: Tue, 09 Jul 2024 09:26:40 GMT

GET
H2 200 toaster_v3.css
z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/ 1 KB
1018 B 9ms
7ms Stylesheet
text/css 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/toaster_v3.css

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/plugin/plugin/ff0654f1f8213afbfaeae0f63392b51d

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

ee9c02b6ef7c57f2b83a0e88dab977f839560afb553d57eae49731bc5fa252ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 08:59:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 24050609
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 485
x-xss-protection: 1; mode=block
last-modified: Tue, 04 Oct 2022 08:59:26 GMT
server: -
etag: c6066030d2b28fbf58f4c7c3d8e5b9b0
content-type: text/css; charset=utf-8
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: kEtVMIhkzH4-NQ733-Bttxe3H4jRUuyXELl3WZ7MRYbhb45ZlFeszA==
expires: Thu, 05 Oct 2023 08:59:26 GMT

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 7 KB
4 KB 107ms
106ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A55%2B00%3A00&ts=1689010975167

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

08b459ca6bcbb5be5405c2bbacf689752b725bf93c460f7d5a5af52ce4834d24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 3075
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: MOLQqrhGXUBysC0lbYwwXxPuQ17tDUKbXyDMMDQnERZlfmiKdmhDqA==
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
33 B 59ms
59ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 CloseIconToaster.png
z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/images/ 2 KB
2 KB 8ms
8ms Image
image/png 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/images/CloseIconToaster.png

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/toaster_v3.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

c6a33d7e98f7ac4c2bb7c71f0c1f7e2a3b6c3282dc99ccfe5b46e8a717fb87fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://z737.thestar.com/plugins/toaster_torstar/ts_e4a9ba13889ad51ca58f5cf11adda34f/frontend/src/css/toaster_v3.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:12:31 GMT
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
age: 21393024
x-cache: Hit from cloudfront
p3p: policyref="", CP="DSP"
content-length: 1773
x-xss-protection: 1; mode=block
last-modified: Fri, 04 Nov 2022 03:12:31 GMT
server: -
etag: eb62c1efa283c43fdfe26697d0495658
content-type: image/png
cache-control: public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag: noindex, nofollow
x-amz-cf-id: mSbqYqm9mnz-33dIUGUxYDNq6sbSQnvD6-4pGrgZTESUEpZpjh4l3w==
expires: Sun, 05 Nov 2023 03:12:31 GMT

GET
H3 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
49 B 113ms
113ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=conversion_shown&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=3122&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=37&jsfv=nbc&ts=1689010975220&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&conversion_t=%5BSTAR%5D%20NBanner_Meter_Subscribe_Q323_SummerSale&sdk=bc-pixel
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:55 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 AGSKWxXldbvRMx-JGY7DqCANmJgdyk2ojbO841S0olAwqg1Bys8kdOHtqx1cVusBNtvROHvW5kZfygvQbCWaVxRDhdE= Show response
fundingchoicesmessages.google.com/f/ 19 KB
8 KB 198ms
60ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXldbvRMx-JGY7DqCANmJgdyk2ojbO841S0olAwqg1Bys8kdOHtqx1cVusBNtvROHvW5kZfygvQbCWaVxRDhdE=

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

209d05f111316be9096c2dab94712fdff9e43d1334a14271b6f6d028b8230cad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-bqUNvklG32_KnZEbAexZDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-security-policy: script-src 'report-sample' 'nonce-bqUNvklG32_KnZEbAexZDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RC5e3aa078185a404a90c26089a206fc93-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1 KB
1 KB 8ms
8ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RC5e3aa078185a404a90c26089a206fc93-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c92ad4933db24b1c424a7d2a056f5b69dad460e20b0134bf4d0ba75fb42225c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:01 GMT
x-amz-version-id: rreOAN5BCwzYVxj1Ye8u_3b91M_8pV8O
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"5a9a118aa622a221009301470f199e56"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 595
x-amz-cf-id: j7xEPatLHWDOSztyl7ZOytiLehxJVWAHmNpxPGFxciamWHu3yFphtQ==

POST
H2 200 events Show response
pixel.thestar.com/ 0
117 B 349ms
108ms XHR
text/plain 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.thestar.com/events
Requested by: Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.111&r=stable
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.thestar.com
date: Mon, 10 Jul 2023 17:42:55 GMT
access-control-allow-credentials: true
content-length: 0
vary: origin

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 23ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=549886031832745&ev=PageView&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rl=&if=false&ts=1689010975246&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&fbp=fb.1.1689010975243.775714420&eid=ob3_plugin-set_51a2148d40ccbc7706ff37dceca80a9c1c41a3067c64f9bff9c18be0ac9f2363&cs_est=true&it=1689010974401&coo=false&rqm=GET

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 10 Jul 2023 17:42:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 events Show response
pixel.thestar.com/ 0
116 B 349ms
109ms XHR
text/plain 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.thestar.com/events
Requested by: Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.111&r=stable
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1430:9001:1204:1fc7:cf2c:18bb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.thestar.com
date: Mon, 10 Jul 2023 17:42:55 GMT
access-control-allow-credentials: true
content-length: 0
vary: origin

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 24ms
8ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=549886031832745&ev=ViewContent&dl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&rl=&if=false&ts=1689010975248&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&fbp=fb.1.1689010975243.775714420&eid=ob3_plugin-set_0d6294168cb0c64ef9e28c04c5a3d20fe90102a7bd93a700ef233be405305bc8&it=1689010974401&coo=false&rqm=GET

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 10 Jul 2023 17:42:55 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 RCd768af7a41d447a48ddbb694e078eba8-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 3 KB
1 KB 9ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RCd768af7a41d447a48ddbb694e078eba8-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 511d3346713ed97020560193692511e4becc3e2fef79bee7f57661f9d32005e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:04 GMT
x-amz-version-id: g0MZ4UPp5GprlFc.jJ3eTw4I.A98Mil9
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"a70deb1f2355897a8b6f9c5737c21655"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 592
x-amz-cf-id: -unDbt1cywf103Lll-sXMcRw7cfo2Xeik_T73YTchcEmZc7SOV8jZg==

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 188 B
1 KB 224ms
224ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A55%2B00%3A00&ts=1689010975319

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

6e5da39229c65c51423f20cf071a35097c659e95481f24b3bc7001da87833066

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 152
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: kx6nfBC9_heylY0yB2N8w65FwvsN_okkr8DVQrgB7vtOQ0W8cT1Tdg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 203 KB
72 KB 77ms
77ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9b9ce6977db360907a5d316002297391a7d535ad9211be0589e921a646f36802

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73740
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 16:05:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jul 2023 17:42:55 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 203 KB
72 KB 92ms
92ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

505dde6e24779ab49ff5db5e710ba7da79a19b363ddd39da123b76e07ca1debb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73695
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 16:05:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jul 2023 17:42:55 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 47ms
47ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7763b1958ef43e7492eefb840091fe94582b2c1a81aaab0616aff57f83ed82f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50022
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 16:05:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jul 2023 17:42:55 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 63ms
63ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P86MZHL&gtm_auth=6lA8dG63UaQ5ed3gQljsjQ&gtm_preview=env-2&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

764c4af7613917ddadaba4be9891c80caf3b244bf638817f69f6390c8537c0d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50116
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 16:05:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jul 2023 17:42:55 GMT

GET
H2 200 RC0dc25b20a90b4585b160e266222619c3-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 971 B
1 KB 10ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RC0dc25b20a90b4585b160e266222619c3-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ca7f3e13e22c27fbc6f11ebaa54dc37f7bbd6dbb059c1b2b854332a1b0793049

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:02 GMT
x-amz-version-id: bkkPekFCc.oxH4rn8jzMNr4E_OC2b3fN
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
last-modified: Mon, 10 Jul 2023 17:32:13 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P2
age: 594
etag: "b2a4183111d688b96a9f4e1253b7c82e"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 971
x-amz-cf-id: n6dwsY6ZvA01PObFGXOdVX0iQvsH61qnIfc308MD_tsHQz-OyD4WyA==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 41ms
7ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230034-FRA

GET
H2 200 RCdd630314d8a144ce818cf865b37c1fd3-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1 KB
1 KB 9ms
8ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RCdd630314d8a144ce818cf865b37c1fd3-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 025b9765817ece90e2ac5de98d9af6ed92b1524e1ee816a0202adf51c2669e4d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:05 GMT
x-amz-version-id: 1rZ.axFVehFTxmoP_dWh4nly5VqkYqIz
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"7d3aa41ea783502cca59fabdc21c7f52"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 591
x-amz-cf-id: PVonXBIkqx13OLMk3jkn1bKUV6ilnjC-158-JTu4J2v-4Q0myKc1-g==

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 3 KB
2 KB 43ms
7ms Script
application/javascript 2a02:26f0:3500:883::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:883::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 101365ad0e2eb2eb542c6137bbd44dc947123d1791d9cbcf29e062ffe6001ef4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

akamai-x-true-ttl: 7200
content-encoding: br
x-cdn: akamai
etag: "b40a83df6a03e235c87b1039ceb02375"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=7200
accept-ranges: bytes
alt-svc: h3=":443"; ma=600
content-length: 1457

GET
H2 200 RC336079137ceb479aab0ece6eedbf95e1-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1020 B
984 B 11ms
10ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RC336079137ceb479aab0ece6eedbf95e1-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77839f5289da04846994f98eefb49c73ef5e8bbbbc8965344e1bf23d1c60cb3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:06 GMT
x-amz-version-id: m3i86jC_fE73crX9X2uiKA2WAbxtmZP.
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:13 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"337e7a6503a416022376b30704a9a912"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 590
x-amz-cf-id: _y5i8SbUrdsPhfZbMzS4DXQHkzlUVC2I6NqpMLNkMP2rnVb_OkpPFQ==

GET
H2

200

activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%... Show response
10230056.fls.doubleclick.net/ Frame 9314
Redirect Chain

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=htt...
https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=...

635 B
529 B

76ms
75ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10230056

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

a69fcbda95061df08627ed2fcce8db952cbd8c238e89a70ef951a5e08be7e966

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 353
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adsct
t.co/1/i/ 43 B
378 B 218ms
180ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=59518728-1528-449a-b220-780f9abec733&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=370e1af1-1952-4c25-8904-3ce2ea8c313a&tw_document_href=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.29

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 173
date: Mon, 10 Jul 2023 17:42:55 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 476da0e40a5ac39b
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 7d00df5dbdcb41ec615da828972f06eb182b944d4438920d838ae23df1a02111
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
727 B 158ms
115ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=59518728-1528-449a-b220-780f9abec733&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=370e1af1-1952-4c25-8904-3ce2ea8c313a&tw_document_href=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.29

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-response-time: 108
date: Mon, 10 Jul 2023 17:42:55 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 85182dd06056c8cd
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 50b06e8296cf7e60591f437f3ed2457b1e5f72d88fc1444175798539c87bec8c
content-length: 43

POST
H2 200 263 Show response
z737.thestar.com/DG/DEFAULT/rest/rpc/ 181 B
1 KB 103ms
103ms XHR
application/json 18.66.112.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://z737.thestar.com/DG/DEFAULT/rest/rpc/263?referer=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&bcsessionid=f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9&bctempid=&overruleReferrer=&time=2023-07-10T17%3A42%3A55%2B00%3A00&ts=1689010975577

Requested by

Host: z737.thestar.com
URL: https://z737.thestar.com/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.98 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-98.fra56.r.cloudfront.net

Software

- /

Resource Hash

120f30328b9fae19c5145f31e18014521e7b9bab12efec98e1b82b13690328d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
p3p: policyref="", CP="DSP"
content-length: 172
x-xss-protection: 1; mode=block
pragma: no-cache
server: -
accept-ch: sec-ch-ua-platform-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
x-amz-cf-id: LdH20WUF86fBaay5e4YhpLodYwfXSRV8ASz4RWs2q5enWzJqYr1twQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/ 3 KB
2 KB 167ms
86ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/?random=1689010975587&cv=11&fst=1689010975587&bg=ffffff&guid=ON&async=1&gtm=45be3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&hn=www.googleadservices.com&frm=0&tiba=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&auid=2131353226.1689010976&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-698108511

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

96b573b6e2ddfc45bdd4ae73e9483e0ff188a596f109882e618961b1aa3a8285

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1417
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.3b72c6cf.js Show response
s.pinimg.com/ct/lib/ 62 KB
18 KB 8ms
7ms Script
application/javascript 2a02:26f0:3500:883::1931
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.3b72c6cf.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:883::1931 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 853bca381644d813e309ed7d034c5da6737aec2741dc28f52e5344cd5baf012d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

akamai-x-true-ttl: 1209600
content-encoding: br
x-cdn: akamai
etag: "35f24de4bd7e8791535207ae982af550"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding, Origin
access-control-max-age: 86400
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-expose-headers: X-CDN
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 18006

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 68ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 10 Jul 2023 17:42:55 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DC3055982511491A81827D86FA155571 Ref B: FRAEDGE1714 Ref C: 2023-07-10T17:42:55Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 RCe057394b62624c84884a89981136d531-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1 KB
996 B 10ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RCe057394b62624c84884a89981136d531-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 29e053faa66ca93d6473afe625b67205b4e6bf70998efa00864c8d67f6d97cc0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:07 GMT
x-amz-version-id: b2suLuiKRlXg9CmPJHlcUG0hciW1mVot
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"09f8f9d1a2c986243035b7489ffa1f8a"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 589
x-amz-cf-id: hiCf0aYWKJ0KjeSroBA0ME3GBpHeHc6HsgGl1J82mu5ea-hhO8Wc4w==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
772 B 59ms
9ms Script
application/x-javascript 2a02:26f0:3100::1735:28a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Jun 2023 17:35:57 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=48658
accept-ranges: bytes
content-length: 560

GET
H2 200 RCf39ced5c22854dc7bd6e804a34d45663-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1 KB
1 KB 9ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RCf39ced5c22854dc7bd6e804a34d45663-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7fe203bc4230858ca2351baf6f23aa604275f41f2feb164b7048cb3b93447017

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:07 GMT
x-amz-version-id: X_OJKk8LWVX1EzgQz0AUo6MRKszsI.yl
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"80a80b9178d95aff973f9c1934fa531c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 589
x-amz-cf-id: um0V2RJI8OJdPdjnrvokjqBPOfv9zJE5-kUCAkDCrnppzLjUbN7Pvg==

GET
H2 200 / Show response
ct.pinterest.com/user/ 568 B
859 B 117ms
47ms XHR
application/json 23.206.208.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/user/?tid=2612846434758&cb=1689010975618&dep=2%2CPAGE_LOAD

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.3b72c6cf.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-183.deploy.static.akamaitechnologies.com

Software

Resource Hash

159ec23a6b35726aca57348e6615a6db4fa63c8bb12490cca4d260c8e05f9434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
x-cdn: akamai
akamai-grn: 0.cfd5ce17.1689010975.442f627f
x-envoy-upstream-service-time: 1
content-length: 385
x-pinterest-rid: 1147384858157270
pin-unauth: dWlkPVlqVmlPVEpqTldZdE1HWXlZUzAwTm1JM0xUZzFOVGN0TWpjM09Ua3dOV1pqTkROaA
pragma: no-cache
referrer-policy: origin
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.thestar.com
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
323 B 113ms
44ms Image
image/gif 23.206.208.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ct.pinterest.com/v3/?tid=2612846434758&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%223b72c6cf%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1689010975620

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-183.deploy.static.akamaitechnologies.com

Software

Resource Hash

37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:55 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
referrer-policy: origin
x-cdn: akamai
akamai-grn: 0.cfd5ce17.1689010975.442f6280
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
content-length: 35
x-pinterest-rid: 1446081318264112
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 40ms
7ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 RCcebeff8c827742329aac568372637b0b-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 1 KB
979 B 9ms
9ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RCcebeff8c827742329aac568372637b0b-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 358d09c4121e751c69d45d275883a8643c9b7542ed346a3d1b81d5afb61ce6fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:08 GMT
x-amz-version-id: ZKRaBTMZDgUkcOO4MePwc950VF3L_jTH
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:14 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"de937a2183d61902cb6ca3b9933672ae"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 588
x-amz-cf-id: iJo-KK3gsDAeGgVixILtBUXQH-rzGOhAu-3pvU-JIgy_rzzmSic39Q==

GET
H2 200 RC0ce5bb995d064dccbfa9bf274646021d-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/ 2 KB
1 KB 9ms
8ms Script
text/javascript 18.66.97.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/RC0ce5bb995d064dccbfa9bf274646021d-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-82.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 133db9ac251d397076f792f5494be34c5ecd658097818c03281f14bbee45a413

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:33:08 GMT
x-amz-version-id: FoBfOoNnN.0ruxLwDZv_zlJ2k8R_vHkA
content-encoding: gzip
last-modified: Mon, 10 Jul 2023 17:32:13 GMT
server: AmazonS3
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"c655e828debc388c3287e7a6bb0c9dac"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 588
x-amz-cf-id: HnTxZsxXtzIXMPnMTwkv7GdrcjnlfwThXIxVuMiaz0cvRM2GqRI9ww==

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 426ms
393ms Image
image/gif 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1689010975712&id=t2_kcsr8bo&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=da122943-4773-4bf8-8397-503225f15e8b&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:56 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:3100::1735:28a8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100::1735:28a8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 21 Jun 2023 22:23:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=28838
accept-ranges: bytes
content-length: 4807

GET
H2 204 13008914.js Show response
bat.bing.com/p/action/ 0
117 B 114ms
114ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/13008914.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 10 Jul 2023 17:42:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 922EC923D84C425C8248039AC10A3ED9 Ref B: FRAEDGE1714 Ref C: 2023-07-10T17:42:55Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
284 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=13008914&Ver=2&mid=b8a8a1c8-e09f-4892-bf2f-7c1b228ef5ac&sid=33cc7d201f4911eea6d5d5a59d069946&vid=33cc9ad01f4911eea469b1e52358e263&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&kw=children,Four%20Seasons,Butterfly%20Ball,Boost%20Child%20%26%20Youth%20Advocacy%20Centre,gala,charity,Sangita%20Patel,smg_entertainment,InHouseArticle_thestar&p=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&r=&lt=807&evt=pageLoad&sv=1&rn=878979

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 10 Jul 2023 17:42:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 70F1070645A94E2983F77DEC28458781 Ref B: FRAEDGE1714 Ref C: 2023-07-10T17:42:55Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/3116868/domain/thestar.com/ 36 B
374 B 57ms
9ms XHR
application/json 2600:9000:20eb:2a00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/3116868/domain/thestar.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:2a00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:41:42 GMT
content-encoding: gzip
via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 72
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: w-xKSpiXF9RuRQqUyeKnnfGh-g3pIFKZEbrT3RcveR5-sOAkeEQjaQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-supp...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-supp...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1689010975726%26url%3Dhttps%253A%252F%252Fwww.thestar.com%252Fen...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-supp...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-sup...

0
266 B

215ms
179ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&cookiesTest=true&liSync=true&e_ipv6=AQLoYsLFON62-wAAAYlA5jbUDsZdvFdlp4jXQo3aQzTJ2sCbOIz8eh_PzKl9E2iOmy6PDo05
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:55 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6AD85E98DFE7409D90BCB5795348ACC9 Ref B: FRAEDGE1510 Ref C: 2023-07-10T17:42:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYAJYNJ0ADyqin2GNMppQ==

Redirect headers

date: Mon, 10 Jul 2023 17:42:55 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 6F92D89737A64EF6A2A59880A039507D Ref B: FRAEDGE1414 Ref C: 2023-07-10T17:42:56Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1689010975726&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&cookiesTest=true&liSync=true&e_ipv6=AQLoYsLFON62-wAAAYlA5jbUDsZdvFdlp4jXQo3aQzTJ2sCbOIz8eh_PzKl9E2iOmy6PDo05
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYAJYNGBe6sj7/RbhGt5Q==

POST
H2 200 / Show response
www.facebook.com/tr/ Frame D19A 0
49 B 8ms
7ms Document
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.thestar.com
Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.thestar.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:55 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 /
www.google.com/pagead/1p-user-list/698108511/ 42 B
455 B 135ms
51ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698108511/?random=1689010975587&cv=11&fst=1689008400000&bg=ffffff&guid=ON&async=1&gtm=45be3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&frm=0&tiba=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2944349196&rmt_tld=0&ipr=y

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/698108511/ 42 B
154 B 50ms
49ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/698108511/?random=1689010975587&cv=11&fst=1689008400000&bg=ffffff&guid=ON&async=1&gtm=45be3750&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&frm=0&tiba=Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%20%7C%20The%20Star&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2944349196&rmt_tld=1&ipr=y

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:55 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fww... Show response
adservice.google.com/ddm/fls/i/ Frame D1C9 634 B
728 B 159ms
75ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Requested by

Host: 10230056.fls.doubleclick.net
URL: https://10230056.fls.doubleclick.net/activityi;dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5eb9c184008b42cb1645378cdcf281ffaf8754e489d994db8038e34abf279e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10230056.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 353
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:55 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fww... Show response
adservice.google.de/ddm/fls/i/ Frame DD8F 194 B
515 B 203ms
76ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CK2-6ZnYhIADFQjbOwIdJO4Kkg;src=10230056;type=ret01;cat=land01;ord=8096023104913;gtm=45fe3750;auiddc=2131353226.1689010976;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:56 GMT
expires: Mon, 10 Jul 2023 17:42:56 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 s99757592601350 Show response
s.thestar.com/b/ss/torontodnnlocal/1/JS-2.23.0-LDQM/ 43 B
330 B 20ms
20ms XHR
image/gif 63.140.62.135
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.thestar.com/b/ss/torontodnnlocal/1/JS-2.23.0-LDQM/s99757592601350

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/409d5273a329/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.135 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-135.data.adobedc.net

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 10 Jul 2023 17:42:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 11 Jul 2023 17:42:56 GMT
server: jag
etag: 3627123453719019520-4619644517719644556
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
expires: Sun, 09 Jul 2023 17:42:56 GMT

GET
H2 200 ct.html Show response
ct.pinterest.com/ Frame E995 565 B
582 B 274ms
274ms Document
text/html 23.206.208.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ct.pinterest.com/ct.html

Requested by

Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.3b72c6cf.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.183 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-183.deploy.static.akamaitechnologies.com

Software

Resource Hash

f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

akamai-grn: 0.cfd5ce17.1689010976.442f794f
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Mon, 10 Jul 2023 17:42:57 GMT
referrer-policy: origin
strict-transport-security: max-age=31536000 ; includeSubDomains ; preload
vary: Accept-Encoding
x-cdn: akamai
x-envoy-upstream-service-time: 0
x-pinterest-rid: 1150437472649833

GET
H2 200 B24540798.279406836;sz=1x2;ord=596858201148 Show response
ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/ 37 KB
15 KB 71ms
71ms Script
text/javascript 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/B24540798.279406836;sz=1x2;ord=596858201148?

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

5afebad1cb4c6f15e5d053a8a228b1a7ad4dd5816cdf83f418518dc8eba05c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 112 KB
43 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-57Q9DV2

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

22fcedc692cb6edc0332e3a84dbf847c3694ff2985690fbe2229e5d244c70e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44114
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 16:05:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jul 2023 17:42:56 GMT

GET
H3 200 __inventory.gif
query.petametrics.com/v1/ 35 B
48 B 116ms
115ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v1/__inventory.gif?ts=1689010976856&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&item=%7B%22content_tier%22%3A%5B%22metered%22%5D%2C%22publisher%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Ftorontostar%22%5D%2C%22published_time%22%3A%5B%222023-06-17T11%3A00%3A00Z%22%5D%2C%22modified_time%22%3A%5B%222023-06-17T11%3A00%3A12.292Z%22%5D%2C%22section%22%3A%5B%22Entertainment%22%5D%2C%22tag%22%3A%5B%22Entertainment%22%5D%2C%22title%22%3A%5B%22The%20Butterfly%20Ball%20raises%20nearly%20%241%20million%20to%20support%20abused%20children%22%5D%2C%22type%22%3A%5B%22article%22%5D%2C%22url%22%3A%5B%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html%22%5D%2C%22description%22%3A%5B%22Boost%20CYAC%E2%80%99s%20annual%20gala%20at%20the%20Four%20Seasons%20featured%20Sangita%20Patel%20and%20Juno-nominated%20Francois%20Klark.%22%5D%2C%22site_name%22%3A%5B%22thestar.com%22%5D%2C%22image%22%3A%5B%22https%3A%2F%2Fimages.thestarimages.com%2F_80kNY6nCugyWE9DbXmx4Ou19jA%3D%2F1280x1024%2Fsmart%2Ffilters%3Acb(1687004985127)%2Fhttps%3A%2F%2Fwww.thestar.com%2Fcontent%2Fdam%2Fthestar%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children%2Fbutterfly_1_gpm_022.jpg%22%5D%2C%22truncatedDescription%22%3A%5B%22Boost%20CYAC%E2%80%99s%20annual%20gala%20at%20the%20Four%20Seasons%20featured%20Sangita%20Patel%20and%20Juno-nominated%20Francois%20Klark.%22%5D%2C%22inHouseArticle%22%3A%5B%22true%22%5D%2C%22enableLivechat%22%3A%5B%22false%22%5D%2C%22images%22%3A%5B%22https%3A%2F%2Fwww.thestar.com%2Fassets%2Fimg%2Fthestar-ribbon.png%22%5D%2C%22noShow%22%3A%5B%22false%22%5D%2C%22enableConversations%22%3A%5B%22true%22%5D%2C%22hasImage%22%3A%5B%22true%22%5D%2C%22abstract%22%3A%5B%22Boost%20CYAC%E2%80%99s%20annual%20gala%20at%20the%20Four%20Seasons%20featured%20Sangita%20Patel%20and%20Juno-nominated%20Francois%20Klark.%22%5D%2C%22asset_id%22%3A%5B%22da1c4fe1-0b68-467e-81c4-cacdef5d78b9%22%5D%2C%22smg_tag%22%3A%5B%22entertainment%22%5D%2C%22enableLivechatadmin%22%3A%5B%22false%22%5D%2C%22thumbor_image%22%3A%5B%22%7B%5C%22imageid%5C%22%3A%5C%22GPB1QU877.3%5C%22%2C%5C%22origImageSize%5C%22%3A%5C%22960x1200%5C%22%2C%5C%22lastmodified%5C%22%3A1686952260591%2C%5C%22fullWindowMainart%5C%22%3Afalse%2C%5C%22forceoriginal%5C%22%3Afalse%2C%5C%22caption%5C%22%3A%5C%22Sangita%20Patel%20and%20stilt%20walker%20Hala%20Zabaneh.%5C%22%2C%5C%22source%5C%22%3A%5C%22%5C%22%2C%5C%22type%5C%22%3A%5C%22image%5C%22%2C%5C%22credit%5C%22%3A%5C%22%5C%22%2C%5C%22mainartSize%5C%22%3A%5C%22medium%5C%22%2C%5C%22url%5C%22%3A%5C%22%2Fcontent%2Fdam%2Fthestar%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children%2Fbutterfly_1_gpm_022.jpg%5C%22%7D%22%5D%2C%22last_modified%22%3A%5B%222023-06-16T21%3A51%3A00.216Z%22%5D%2C%22author_names%22%3A%5B%22George%20Pimentel%22%5D%2C%22authors%22%3A%5B%22%5B%7B%5C%22author%5C%22%3A%5C%22George%20Pimentel%5C%22%7D%5D%22%5D%7D&ttl=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:56 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230705/r20110914/elements/html/ 11 KB
4 KB 115ms
35ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230705/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/B24540798.279406836;sz=1x2;ord=596858201148?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:16:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1572
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:16:44 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ 0
0 177ms
75ms Fetch
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuroZ1CkbHchQCiOY12eaoTOcFiBg5gvaN6rEkmugo6NXpSl1h53F2fJktEZJTr45pQbrv01nmm6dsl0_7vzKSK-6pPqdmXutzSIbO2hYPURQSPVcOoRYlxczsc9v7C_Rw-ZD6v1Bf7uFp-Oo6CFTczrC6q9zLpG6Y35kkr&sai=AMfl-YRDT7mJLeUdaA_BxmX7d5bREsO_2u1Pc2nmu14sw9rvk110iDWeTvxbEls81VNSBGGt1DE-sYXhYNyLij4mS5Gsud7MySxpKt9XWw&sig=Cg0ArKJSzIeFlS6RJsGTEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20230705.17047&arae=0&ftch=1&adurl=

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/B24540798.279406836;sz=1x2;ord=596858201148?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Jul 2023 17:42:57 GMT

GET
H2 200 load-cookie.html Show response
elb.the-ozone-project.com/static/ Frame D1B4 12 KB
5 KB 52ms
52ms Document
text/html 104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Requested by: Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ed4ab2b9d88903a32030c2e8f43d8bb23f9ab9914fdfa7dc45ea7fed518641e

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e4a9b2f8ffc1909-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 10 Jul 2023 17:42:57 GMT
expires: 0
last-modified: Mon, 10 Jul 2023 14:29:41 GMT
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
464 B 127ms
63ms XHR
text/javascript 18.164.47.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=5028&u=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&pid=9lEJp7W9N72WE&cb=0&ws=1600x1200&v=23.612.1758&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-3%22%2C%22s%22%3A%5B%22728x90%22%2C%22728x270%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-4%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-5%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-6%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-7%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-8%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-9%22%2C%22s%22%3A%5B%222x1%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-10%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-entertainment-11%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%2258580620%2Fthestar.com%2Fentertainment%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.47.100 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-47-100.cdg50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 a384caf780263a78fbc93ca2ad4cc5a4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: CDG50-P4
x-amz-rid: EHY7VEBK972FNT2PV9BJ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 4u9-RfLrT1-DBYOPiUzOmqrdJGy-AgFFMvDAqqRKuvG7WGQ92nKi_g==

GET
H2 200 v52afc6f149f6479b8c77fa569edb01181681764108816 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame D1B4 19 KB
7 KB 112ms
72ms Script
text/javascript 2606:4700::6810:3965
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer: https://elb.the-ozone-project.com/
Origin: https://elb.the-ozone-project.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: gzip
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
server: cloudflare
etag: W/2023.4.2
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 7e4a9b302c869110-FRA

POST
H2 200 cookie_sync Show response
elb.the-ozone-project.com/ Frame D1B4 5 KB
2 KB 53ms
52ms XHR
text/plain 104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/cookie_sync
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01ac859f5c0a16acacad9227458906d03ae058df2701f9b693e0eff858b9845b

Request headers

Referer: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://elb.the-ozone-project.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7e4a9b2ff8921909-FRA
expires: 0

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame D1B4 0
239 B 57ms
8ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent=
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 48ms
47ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.thestar.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 129 KB
17 KB 579ms
578ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2881306991064017&correlator=824145195544120&eid=31072019%2C31074947%2C31075905%2C31075338%2C31075340&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fifs&iu_parts=58580620%2Cthestar.com%2Centertainment&enc_prev_ius=0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2%2C0%2F1%2F2&prev_iu_szs=1x1%2C728x90%2C728x90%7C728x270%2C728x90%7C970x250%2C134x170%2C134x170%2C134x170%2C134x170%2C2x1%2C300x250%7C300x600%2C300x250%7C300x600&ifi=1&adks=125911064%2C2247476773%2C3123036175%2C3757455445%2C1753974823%2C1753974822%2C1753974821%2C1753974820%2C308041089%2C3162106565%2C3162106564&sfv=1-0-40&prev_scp=pos%3D1%26refresh%3Dundefined%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2%7Cpos%3D2%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2%7Cpos%3D3%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dfalse%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2%7Cpos%3D2%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=permutive%3D86886%252Crts%26tkspo%3D14%26env%3Dbeta%26referrer%3Dunknown%26environment%3Dproduction%26cutpoint%3Dlarge%26subscribed%3Dno%26registered%3Dno%26author%3Dgeorgepimentel%26assetid%3Dda1c4fe1-0b68-467e-81c4-cacdef5d78b9%26kvng%3Dchildren%252Cfour_seasons%252Cbutterfly_ball%252Cboost_child___youth_advocacy_centre%252Cgala%252Ccharity%252Csangita_patel%252Csmg_entertainment%252CInHouseArticle_thestar%26kvcalais%3Dpogson%26key%3D%2520%26article_b%3Dtrue%26gs_channels%3Dgv_safe%252Cts_fmly_prntng_gnrl%252Cpr_ts_pl_nws_lctns_cnd_ntnl%252Cts_trvl_ldgng_gnrl%252Cts_trvl_ldgng_htl_mtl%252Cgs_entertain%252Cts_ent_evnt_attr_gnrl%252Cts_bz_chrty_gvng%252Cts_fmly_prntng_chldrn%252Cgb_crime_high%252Cgb_crime_high_med%252Cgb_crime_high_med_low%252Cts_pl_nws_lctns_cnd_ntnl%26prmtvsdk%3Dweb&ppid=00594391275565266013540427949491741687&sc=1&cookie_enabled=1&abxe=1&dt=1689010977379&lmt=1689010977&dlt=1689010972484&idt=1163&adxs=0%2C436%2C303%2C303%2C217%2C515%2C812%2C1110%2C1069%2C1083%2C1083&adys=0%2C0%2C3131%2C4287%2C6271%2C6271%2C6271%2C6271%2C2193%2C2239%2C3313&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&frm=20&vis=1&psz=1600x0%7C1600x-1%7C728x90%7C728x90%7C273x0%7C273x0%7C273x0%7C273x0%7C328x1%7C300x-1%7C300x-1&msz=1x-1%7C1600x-1%7C728x90%7C728x90%7C273x0%7C273x0%7C273x0%7C273x0%7C328x1%7C300x-1%7C300x-1&fws=4%2C516%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C516%2C516&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&ga_vid=1826142691.1689010974&ga_sid=1689010977&ga_hid=1338355828&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3b5339abeeb7411d142441595c90261b9489d8a261df963c03596e4de0d5c9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17711
x-xss-protection: 0
google-lineitem-id: -2,-1,-1,-1,-2,-2,-2,-2,-2,-2,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-1,-1,-1,-2,-2,-2,-2,-2,-2,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.thestar.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 157ms
85ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306290101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

340cda18d7ba1d6871bde63b87cf66379a914615214f1411722329ec9d12d4e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11741
x-xss-protection: 0

GET
H2 200 container.html Show response
ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E1F1 6 KB
3 KB 148ms
47ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:57 GMT
expires: Tue, 09 Jul 2024 17:42:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 v1
match.sharethrough.com/universal/ Frame D1B4 0
359 B 109ms
8ms Image
text/plain 35.157.188.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/universal/v1?supply_id=1UfPRnxS&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.188.225 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-188-225.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=24d50dd3-dd32-4be2-baae-8efaf4b9017f

0
701 B

52ms
51ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=openx&uid=24d50dd3-dd32-4be2-baae-8efaf4b9017f
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b31db371909-FRA
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:57 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://elb.the-ozone-project.com/setuid?bidder=openx&uid=24d50dd3-dd32-4be2-baae-8efaf4b9017f
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 140ms
56ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jul 2023 17:42:57 GMT

GET
H/1.1 451
Unavailable For Legal Reasons PrebidServer
crb.kargo.com/api/v1/dsync/ Frame D1B4 0
462 B 38ms
7ms Image
text/plain 52.29.179.154
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crb.kargo.com/api/v1/dsync/PrebidServer?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dkargo%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.179.154 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-179-154.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:57 GMT
X-Accel-Expires: 0
Vary: Origin
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdp...
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=6974405884151981659

0
888 B

53ms
53ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=6974405884151981659
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:57 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b337d901909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=6974405884151981659
date: Mon, 10 Jul 2023 17:42:57 GMT
content-length: 0

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E963 13 KB
5 KB 39ms
37ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:28:18 GMT
expires: Tue, 09 Jul 2024 16:28:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F139 783 B
954 B 50ms
49ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1f95495c0685f4c9932a72d423e70fa61369b4ce32e9c5e9edca8a997d68793c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YJ8gJ02GtZGEZpT8crFJ7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-YJ8gJ02GtZGEZpT8crFJ7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:57 GMT
expires: Mon, 10 Jul 2023 17:42:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame E963 37 KB
15 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 09:57:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27921
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 09:57:36 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=3fd128bb-d16c-43dd-879a-03a8ad82c255

0
968 B

53ms
53ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=3fd128bb-d16c-43dd-879a-03a8ad82c255
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b35180f1909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=3fd128bb-d16c-43dd-879a-03a8ad82c255
access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:58 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F139 0
0 69ms
69ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306290101&jk=2881306991064017&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 container.html Show response
ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A2C1 6 KB
3 KB 40ms
39ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thestar.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:57 GMT
expires: Tue, 09 Jul 2024 17:42:57 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A2C1 0
0 79ms
78ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAtStIUOsZNbJHe6G9u8PnOa9kALJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTgxODg0MzE0MjU1MDk5OTfIAQmpApxeTIt2X7I-4AIAqAMByAMCqgT0Ak_QvY6BSvn0YjJ2mujZoQxO9ecdwWS7kAb8twy_JGFA-gW9lz7cc4WjIvvv8cuczE2_EJ1VrPJZqJmJSPV6_heixVhCLnrUksxHeSsJ6EFFfxAIGdV7uZnDe0jjse96zjXS73UdtfiXz3DGkqJO2LnzQsjhpoO1OobJfisqqbyVziHruOneBkkX4h2dhsIHMu9X5fiFWrhczcCwPA0xmEpG10p4h8n_fGAGZhQNAMpVHCa5AkLBqKzTCnMYShBm6Y9ieAfDHcBc-uI5MLUZTfqitR48bVuf2AhLUl7z7BJJvknDsM_HRHY7H67uUdK2UUDavwHto2Lj-oJzRsnk4MSmBSsnuD83FKtMfWHfzFzDB15TSvDS2jUpUZ6EDu-FYNF2vqHrS7eYciGnfwuenujkZZrfiemEMR6RP2gTCeQbpuyNB0saQwFuOZMd-M0RtRAW2QXReZEuG03tXzbpUGeCLJKTqIzZaAMo-LGNKZ9P-uFXleAEAYAGyaq0r7-z39rWAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAcBABMgLrAjoCgEBIvf3BOoAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi04MTg4NDMxNDI1NTA5OTk3GJSZFA&sigh=GMdBL4YkJz4&uach_m=[UACH]&cid=CAQSTQBygQiDKCdNmzy0M4Cj5KkyUNvI1qzAUz0ScewmtwMKpuScNGiBCP8SwJiFmWP80E4kpZSVdEDrUiUUWKZMHIP66UOTKBpDvgUULe1nGAE
Requested by: Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame A2C1 0
0 166ms
16ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=k8mAFMg12AVanYNiAgIAAAAiSmSFf9LPks7_rIUgm2jlECFDrGT0VlbppSsjLgNtAAASAAAKCkFRVUJEd0VSRHc&wp=ZKxDIQAHZNYH_YNuAA9zHIpj7EoWchllu2tRHw

Requested by

Host: www.thestar.com
URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 146065
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 7F79 132 KB
46 KB 223ms
77ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZKxDIQAHZNYH_YNuAA9zHIpj7EoWchllu2tRHw&u=%7C%2BDZOCBSVT86y%2F5IUK5TWRJepXNobt7gS4lYgtbglGhE%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoL2jxemlko8gG8bsssxCR7BnsVTtTGKmMDXcAzdk4mov_hysDqWkxb3EiedWll_5wTGJmeR5Jr-9FxQWsJMne8VV4uw_a-V_6BDo62dakSTkWC86s2nWreSBbeWfAOTu2oQ3CxotyrhrFAj0lpNqoybU3vDvZKTfufBgqyevS8fbbRMuyWHFO4xBy-EKEWRgr48UWGXkTvRqDG3Nu5wcvj4trOWzYO6NWWSB1yVRu8-qX0XebMixypj59IGrfqtJtN-j0eGA1uHd4yXPMHuMPt0YO4LMvoN6l4s9mZfKuJc4BehsuLm9xrX-BUxd_nlO46nP7sP-XWGtCAzghSFCfn3oAl0MvabkLbzmfFEJ2ZBy8JDzNSjPWYiFx4RQHmGH_jc5QlqhMStlAgUNGRswHK9Vtfx0j-Pb9ANqUby49PrbkjqemqWwm78G150IR58popZ8SO3v8n8o0uu_3DvsIWYqf-tMg5n7JARt4DL6CgUd4HJzwOdw25mGOZe3TohEaLZKSGiQ6ApErG6W4pzFvvAFjnnsOdHPOoJF2RaYmP-oz&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0rJIUOsZNbJHe6G9u8PnOa9kALJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTgxODg0MzE0MjU1MDk5OTfIAQmpApxeTIt2X7I-4AIAqAMByAMCqgT3Ak_QvY6BSvn0YjJ2mujZoQxO9ecdwWS7kAb8twy_JGFA-gW9lz7cc4WjIvvv8cuczE2_EJ1VrPJZqJmJSPV6_heixVhCLnrUksxHeSsJ6EFFfxAIGdV7uZnDe0jjse96zjXS73UdtfiXz3DGkqJO2LnzQsjhpoO1OobJfisqqbyVziHruOneBkkX4h2dhsIHMu9X5fiFWrhczcCwPA0xmEpG10p4h8n_fGAGZhQNAMpVHCa5AkLBqKzTCnMYShBm6Y9ieAfDHcBc-uI5MLUZTfqitR48bVuf2AhLUl7z7BJJvknDsM_HRHY7H67uUdK2UUDavwHto2Lj-oJzRsnk4MSmBSsnuD83FKtMfWHfzFzDB15TSvDS2jUpUZ6EDu-FYNF2vqHrS7eYciGnfwuenujkZZrfiemEMR6RP2gTCeQbpuyNB0saQwFuOZMd-M1TtzGEXopNai6yD-49YpARWXOImpi9sA5toD6OCg6TBYfKUGVEKhWLb-AEAYAGyaq0r7-z39rWAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAcBABMgLrAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3UYCJcQh-owCQf7K-h-QkxrRrjOA%26client%3Dca-pub-8188431425509997%26adurl%3D

Requested by

Host: ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e5bc5b81ccd4bab52a1ed106798f776eaefea14dccdd48c416019ee654eadedf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=cHOdG_9ZoMtvbpGJtR1HIHQheFBVgWqNxFHfANMUv7lFT68LNPGvkHMvIw3Knab8ng1eVnSn_5dLDRb8kGRkDAiN5SrwXZiMBCrMI-Unc2sn9Pyb4joj0WCTCWWToCPRDdcwJsnXmtax6nJgZ6-K5j4YF0Ap4j7K0iHuPyNIEHyd0U5HQfspaMg6KsE_5hGTaU0aOhbkviBog6DXpgoRJJHS8VJgy4WTak8ilWxtLx6YTN-PblUkWs6bozXg_8rfQJMGEA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 60502021
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/ Frame A2C1 3 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/window_focus_fy2021.js

Requested by

Host: ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 14:51:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10269
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 14:51:49 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/ Frame A2C1 20 KB
8 KB 42ms
39ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230705/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:15:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1639
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:15:39 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame A2C1 24 KB
6 KB 43ms
42ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 167849
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jul 2024 19:05:29 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A2C1 179 KB
56 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57266
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688579601580341"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 10 Jul 2023 17:42:58 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame E963 0
10 B 38ms
38ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?pEZOnw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 204 pbsync
ads.yieldmo.com/ Frame D1B4 0
35 B 167ms
33ms Image
text/plain 54.77.165.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/pbsync?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyieldmo%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.165.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-165-80.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT

GET
DATA 200
OK truncated
/ Frame A2C1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 636eab7ee03b6b7bb365094cbdce3c4409c439c4a71b28145ecddcce38ada692

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 7F79 2 KB
1 KB 58ms
19ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZKxDIQAHZNYH_YNuAA9zHIpj7EoWchllu2tRHw&u=%7C%2BDZOCBSVT86y%2F5IUK5TWRJepXNobt7gS4lYgtbglGhE%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXBNl7acqytoL2jxemlko8gG8bsssxCR7BnsVTtTGKmMDXcAzdk4mov_hysDqWkxb3EiedWll_5wTGJmeR5Jr-9FxQWsJMne8VV4uw_a-V_6BDo62dakSTkWC86s2nWreSBbeWfAOTu2oQ3CxotyrhrFAj0lpNqoybU3vDvZKTfufBgqyevS8fbbRMuyWHFO4xBy-EKEWRgr48UWGXkTvRqDG3Nu5wcvj4trOWzYO6NWWSB1yVRu8-qX0XebMixypj59IGrfqtJtN-j0eGA1uHd4yXPMHuMPt0YO4LMvoN6l4s9mZfKuJc4BehsuLm9xrX-BUxd_nlO46nP7sP-XWGtCAzghSFCfn3oAl0MvabkLbzmfFEJ2ZBy8JDzNSjPWYiFx4RQHmGH_jc5QlqhMStlAgUNGRswHK9Vtfx0j-Pb9ANqUby49PrbkjqemqWwm78G150IR58popZ8SO3v8n8o0uu_3DvsIWYqf-tMg5n7JARt4DL6CgUd4HJzwOdw25mGOZe3TohEaLZKSGiQ6ApErG6W4pzFvvAFjnnsOdHPOoJF2RaYmP-oz&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCr0rJIUOsZNbJHe6G9u8PnOa9kALJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTgxODg0MzE0MjU1MDk5OTfIAQmpApxeTIt2X7I-4AIAqAMByAMCqgT3Ak_QvY6BSvn0YjJ2mujZoQxO9ecdwWS7kAb8twy_JGFA-gW9lz7cc4WjIvvv8cuczE2_EJ1VrPJZqJmJSPV6_heixVhCLnrUksxHeSsJ6EFFfxAIGdV7uZnDe0jjse96zjXS73UdtfiXz3DGkqJO2LnzQsjhpoO1OobJfisqqbyVziHruOneBkkX4h2dhsIHMu9X5fiFWrhczcCwPA0xmEpG10p4h8n_fGAGZhQNAMpVHCa5AkLBqKzTCnMYShBm6Y9ieAfDHcBc-uI5MLUZTfqitR48bVuf2AhLUl7z7BJJvknDsM_HRHY7H67uUdK2UUDavwHto2Lj-oJzRsnk4MSmBSsnuD83FKtMfWHfzFzDB15TSvDS2jUpUZ6EDu-FYNF2vqHrS7eYciGnfwuenujkZZrfiemEMR6RP2gTCeQbpuyNB0saQwFuOZMd-M1TtzGEXopNai6yD-49YpARWXOImpi9sA5toD6OCg6TBYfKUGVEKhWLb-AEAYAGyaq0r7-z39rWAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAcBABMgLrAjoCgEBIvf3BOvoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3UYCJcQh-owCQf7K-h-QkxrRrjOA%26client%3Dca-pub-8188431425509997%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 7F79 2 KB
1 KB 58ms
20ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 7F79 308 B
636 B 57ms
21ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 7F79 293 B
621 B 57ms
22ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 7F79 43 B
348 B 53ms
17ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=ifTYEHZIOvlU8YpBwgHq9i5QrR8gJCBQ_TFLWZ2nohjHkW0H-fVn-WXZSgNXpMLOWa-u6jnkuwo6v1Kan1ILr0IiBdbHtoJb6icSyIdw28o2gz4ZfJX9UfvgoSwBL8wjI3YgByeJXaYpfMPfOX782hMPe5Dm7XRkgHsYPpqYSViJ98UtfAZpWkoKUPM6zsiWejTMqJKiCilaSYXPAH4MVeiaT-t0UDO2Y6_VphsLIZBZqkGvRuh9nZoJwOpH7Cesb1K7me1xu8BF3QyKJ6mitHWOs806DCb-_w3sFXtTNZsO-rr59t2Ii0pfQATtQN1LxDSks_Eu0Vh-0BizvgerKtXdQLUoOtSoIdjxfcizS5dTtESVvVP6bQw9yNraejuyHtzj_3dkF-ht7jazLlAmcKOTseToUT1VH9PzJDzqnZhkCojK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1974167
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 7F79 12 KB
6 KB 45ms
18ms Script
text/javascript 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 7F79 3 KB
4 KB 59ms
19ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=92162&q=80&r=0&u=https%3A%2F%2Fwww.delta-v.de%2Fout%2Fpictures%2Fgenerated%2Fproduct%2F1%2F665_665_75%2F04_ct_ws_001.jpg&v=3&w=400&s=BwDG61ZxFtXDigiap_BZJcTm&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1e56bcdec1dda0daa1b9e31e78ce7c4db1acced2d36bd8af2dca9f2792c801a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
content-length: 3432
expires: Thu, 13 Jul 2023 19:50:18 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 7F79 5 KB
5 KB 58ms
18ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=92162&q=80&r=0&u=https%3A%2F%2Fwww.delta-v.de%2Fout%2Fpictures%2Fgenerated%2Fproduct%2F1%2F665_665_75%2F04_ct_bu_001.jpg&v=3&w=400&s=es5TgLXAkI8dxV7D5TyLtAw9&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1cc9a0c49cb81573634c28ba64f51b1a1f075899f018be455876b43b90736bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
content-length: 5434
expires: Thu, 03 Aug 2023 13:46:45 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 7F79 80 KB
80 KB 80ms
41ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=92162&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F92162%2F220726%2F88090d6a5444467e823e84c7064ddeca_dv_bannerset_04_showcase_proactiv_c_1200x628..jpg&v=3&w=1200&s=vhPVZHFrfRK1yob35Rgxn0dJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7f2916a38fe1949268f05a812eadc2c235ff57c84b6d7429e8d6d447ec098494

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 81414
expires: Sun, 16 Jun 2024 17:35:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 7F79 4 KB
4 KB 72ms
33ms Image
image/png 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=176&m=0&partner=92162&q=80&r=0&u=http%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F92162%2F220726%2F238f1dd2e3cc497eadb1513ac171105d_delta-v_logo_1.png&v=3&w=126&s=tYtvvLHmFs-SXlb91Q213ww4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6052e07b78f476905c93b503746553cb916f98603d70c8afd49edb79bd707104

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
content-length: 3891
expires: Sat, 15 Jun 2024 07:04:40 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 7F79 0
128 B 87ms
18ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=cHOdG_9ZoMtvbpGJtR1HIHQheFBVgWqNxFHfANMUv7lFT68LNPGvkHMvIw3Knab8ng1eVnSn_5dLDRb8kGRkDAiN5SrwXZiMBCrMI-Unc2sn9Pyb4joj0WCTCWWToCPRDdcwJsnXmtax6nJgZ6-K5j4YF0Ap4j7K0iHuPyNIEHyd0U5HQfspaMg6KsE_5hGTaU0aOhbkviBog6DXpgoRJJHS8VJgy4WTak8ilWxtLx6YTN-PblUkWs6bozXg_8rfQJMGEA&sds=2&rev=87360&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 7F79 2 KB
1 KB 26ms
20ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 7F79 2 KB
1 KB 25ms
25ms Image
image/svg+xml 2a02:2638:d::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 04 Jul 2024 17:42:58 GMT

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26...
https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26...
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-PvwZBlVE2uEdB5MJVs1MMi8fmMji4c2odBGQ7XI-~A&gdpr=0

0
1 KB

67ms
66ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-PvwZBlVE2uEdB5MJVs1MMi8fmMji4c2odBGQ7XI-~A&gdpr=0
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b379b941909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-PvwZBlVE2uEdB5MJVs1MMi8fmMji4c2odBGQ7XI-~A&gdpr=0
date: Mon, 10 Jul 2023 17:42:58 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame D1B4 70 B
265 B 112ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H/1.1 200
OK attention-event Show response
sr.studiostack.com/track/ 0
396 B 21ms
20ms XHR
text/plain 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Requested by: Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:42:58 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 0
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

OPTIONS
H/1.1 200
OK attention-event
sr.studiostack.com/track/ Frame 0
0 27ms
26ms Preflight
text/html 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Allow: POST
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 4
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Jul 2023 17:42:58 GMT
ETag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
Expires: 0
Pragma: no-cache
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

GET
H2 200 cookie
cm.adform.net/ Frame D1B4 43 B
106 B 92ms
25ms Image
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:58 GMT
server: nginx
content-length: 43
content-type: image/gif

GET 101995
dmx.districtm.io/s/v1/img/s/ Frame D1B4 0
0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Felb.the-ozone-project.com%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D0%2526gdpr_consent%253D%2526uid%253D%2524UID
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=7433993571469477067

0
1 KB

47ms
47ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=7433993571469477067
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b399e371909-FRA
content-length: 0
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
an-x-request-uuid: 477256d2-0e1c-4ea1-9a93-2ee6e695e93c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=7433993571469477067
x-proxy-origin: 185.213.155.186; 185.213.155.186; 1001.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 75ms
74ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306290101&jk=2881306991064017&bg=!XF-lXwvNAAb90kgr3dI7ADkAdvg8WhY9l-DxzmL2oRE2nsDabzAB-XP4F0igR2_NEGiMMEU2e1M7XSe5WYVOOOQHialiW7LGwH0CAAABNlIAAAAUaAEHCgAkJKwXrVL6uT6mLxy1eAT7LbSzbb9-Og0nV9QHx9CLe_HI3SQbmQKhQiI4mAm1cJ5vfI9skaSAWo32JVPw8GH0eZ38-lDEk5GWKVqteTaT54AouWlw9GtytuZxG0d0vg2rwkOtlDLds7dXi1ZOFpu-fqT9Yo_gufLOM1VDpYFIIgDgndrjypfZWM-m_ZA_ElCwJiY3IJuyzGuyvZkhtVpskfkPQZut_fbNEBPk1f1IiwCvFso9k5bkPEXdKt0TxVlDV34V1atnKW2tDaKbeJygC4fDmm9E4OPjoT106hJ8ybuVmp_vdcUestng3ix3Kzak5EmRSQS8Xoy0ewsxoqiBZVg8Wz6TbBQB2bKjBzJib6d3oXP496l37KkZXiXwrVOGNein70pwoUjXA92ZMmKwSh40odMZh_ck3fIkHB8zEUQSTXurwdjGNJrq2YNp9wVuFQ8nqOQX8aBp6CaLLPg098RBNv7BtsD44-Yd1YI9PEgP_qXEbLRkrROalpJcvHdO0lAApZiBHtV3rvLHQSEfLS5tFxnK964KVsXUe3joFK780GTRWV7YHQeWBr1pqhxP-hegz7jgI5JCgiTvGO9QAmQbkSPJDQiBidgSDLmDBwAxoJgeGBzUixIevToS6JD4wIR9yv7xPLqMfW-m0v9e24IbpTOwT0vU2dcyOUCoKaDijbUM9O-NiQdbOhUoRDiOufcYDx-iOpJR_QNrJCEdjcGujqkcZFZPbRx5LV9s-cu6uknTtk_MnLxMyY_ztvYqGnSxm51-TyljpjWnBudDMjZdqhZO5OHZfuRjwyg0mP6F9sWkAzrk96CFXt7SzgnF_C1izSeDhuItPzMDpk-no6qO78thDBQuMZqjQCCxJ8CrYI0XqIoD_m3G6HUVJw6-7AoWRbxWXuzVYKoCTnOIoWGVNHPDTuNpDYZNXTa3OiiYI0soQGt96w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-...
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=9eda8b9a-5f6d-4396-b018-1b6ab992f4c9

0
1 KB

57ms
57ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=9eda8b9a-5f6d-4396-b018-1b6ab992f4c9
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b3a2efb1909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=9eda8b9a-5f6d-4396-b018-1b6ab992f4c9
date: Mon, 10 Jul 2023 17:42:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%...
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=f02eae1f-fb20-472a-988a-775aaf07cb35

0
1 KB

53ms
53ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=f02eae1f-fb20-472a-988a-775aaf07cb35
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b3c29851909-FRA
content-length: 0
expires: 0

Redirect headers

Location: https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=f02eae1f-fb20-472a-988a-775aaf07cb35
Date: Mon, 10 Jul 2023 17:42:59 GMT
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
Content-Length: 151
Content-Type: text/html; charset=utf-8

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=88943481766289253631

0
2 KB

50ms
49ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=88943481766289253631
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b3cca4b1909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=88943481766289253631
date: Mon, 10 Jul 2023 17:42:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A2C1 42 B
64 B 71ms
70ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsurNpBxjcRYzh1c3bCWLPv06Je1vBPNJrZ8mMAoMEBLgXHcS6izAsfXUFV1zGkE_IjqkOe9BuWts3b4ZD5bKVZp8uk&sig=Cg0ArKJSzOzxbiN3FqgQEAE&id=lidar2&mcvt=1000&p=10,436,100,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230705&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2247476773&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689010978042&rpt=270&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame D1B4 0
277 B 61ms
18ms Image
text/plain 216.52.2.30
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 10 Jul 2023 17:42:59 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

POST
H2 200 all
csm.eu.criteo.net/ Frame 7F79 0
127 B 16ms
16ms Ping
text/plain 2a02:2638:d::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:42:59 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame B155 16 KB
6 KB 47ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://elb.the-ozone-project.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=80096
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 10 Jul 2023 17:42:59 GMT
expires: Tue, 11 Jul 2023 15:57:55 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame B155 2 KB
3 KB 65ms
14ms Script
text/html 198.47.127.19
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=81391654&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e88dd6b06e17bd254baf48417e07df477efcf98595553d4e156d9483ea1b7c7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Mon, 10 Jul 2023 17:42:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 961C 43 B
363 B 66ms
15ms Document
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 17:42:59 GMT
expires: Mon, 10 Jul 2023 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 257661
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0CD7
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828766967001

42 B
424 B

76ms
16ms

Document
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828766967001
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 10 Jul 2023 17:42:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Mon, 10 Jul 2023 17:42:59 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433828766967001
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 3E58
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=826918622181378742

42 B
194 B

26ms
16ms

Document
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=826918622181378742
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 10 Jul 2023 17:42:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=826918622181378742
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H/1.1

200
OK

dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame A372
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

191ms
191ms

Document
image/gif

67.220.224.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.224.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Mon, 10 Jul 2023 17:42:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: RWYTB19AKHPE6WHJ38W6

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Mon, 10 Jul 2023 17:42:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 9KQ0A8V87BV70X4ACJQJ

GET
H2 200 setuid Show response
elb.the-ozone-project.com/ Frame 5941 0
2 KB 52ms
51ms Document
text/plain 104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7e4a9b3e5cc21909-FRA
content-length: 0
date: Mon, 10 Jul 2023 17:42:59 GMT
expires: 0
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YSSKAgnpRs-_8RKpXcO_Kg%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

7ms
7ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:59 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=80096
accept-ranges: bytes
content-length: 5554
expires: Tue, 11 Jul 2023 15:57:55 GMT

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame B155 49 B
265 B 99ms
29ms Image
image/gif 99.80.74.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.74.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-80-74-242.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.20.60
content-length: 49
expires: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame B155
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=926490003
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=61248A02-09E9-46CF-BFF1-12A95DC3BF2A

0
284 B

68ms
19ms

Image
text/plain

34.111.131.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=61248A02-09E9-46CF-BFF1-12A95DC3BF2A
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Server: 34.111.131.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.131.111.34.bc.googleusercontent.com
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:58 GMT
via: 1.1 google
last-modified: Mon, 10 Jul 2023 17:42:59 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=61248A02-09E9-46CF-BFF1-12A95DC3BF2A
date: Mon, 10 Jul 2023 17:42:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200

p
a.audrte.com/ Frame B155
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=ZTllSTZqdDMtRFNRZDZnaHRFVkQzM3JYdw==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=8252916355776753685&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
https://a.audrte.com/p

68 B
424 B

105ms
105ms

Image
image/png

54.156.96.96
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: HTTP/1.1
Server: 54.156.96.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-96-96.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:43:00 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Mon, 10 Jul 2023 17:43:00 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjEyNDhBMDItMDlFOS00NkNGLUJGRjEtMTJBOTVEQzNCRjJB&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

16ms
16ms

Image
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 10 Jul 2023 17:42:59 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame B155
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOFbeVJLlxhB-IDglOgW5D8&google_cver=1

42 B
300 B

16ms
15ms

Image
image/gif

185.64.191.210
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOFbeVJLlxhB-IDglOgW5D8&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Server: 185.64.191.210 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 10 Jul 2023 17:42:59 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEOFbeVJLlxhB-IDglOgW5D8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame B155 43 B
611 B 64ms
17ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:59 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 09 Jul 2023 17:42:59 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame B155
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8252916355776753685

42 B
473 B

55ms
17ms

Image
image/gif

198.47.127.205
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8252916355776753685
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Server: 198.47.127.205 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 10 Jul 2023 17:42:59 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=8252916355776753685
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame B155 70 B
264 B 34ms
31ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 10 Jul 2023 17:42:59 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 61248A02-09E9-46CF-BFF1-12A95DC3BF2A
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame B155 43 B
604 B 111ms
34ms Image
image/gif 2a05:d018:d29:3605:dd30:da7f:d6fe:8bcf
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/61248A02-09E9-46CF-BFF1-12A95DC3BF2A?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:dd30:da7f:d6fe:8bcf Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:42:59 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
129 B 21ms
21ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 9b764d5e2da90a60d12b37367fab9c800dfc17b83d26f8e6686e4763d5151aaa

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 10 Jul 2023 17:43:00 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.thestar.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_pr...
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D&gdpr=0&gdpr_consent=&s=1...
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZKxDJHyd2WYBGaWA7UU.4QAA%261121

0
2 KB

49ms
48ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZKxDJHyd2WYBGaWA7UU.4QAA%261121
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:43:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b43fc4f1909-FRA
content-length: 0
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 10 Jul 2023 17:43:00 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZKxDJHyd2WYBGaWA7UU.4QAA%261121
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H2

200

setuid
elb.the-ozone-project.com/ Frame D1B4
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADW6k7JWIYAACMGEKwOMw

0
2 KB

54ms
54ms

Image
text/plain

104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADW6k7JWIYAACMGEKwOMw
Requested by: Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
Protocol: H2
Server: 104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://elb.the-ozone-project.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jul 2023 17:43:00 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin, Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
cf-ray: 7e4a9b455e301909-FRA
content-length: 0
expires: 0

Redirect headers

location: https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADW6k7JWIYAACMGEKwOMw
Date: Mon, 10 Jul 2023 17:43:00 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

POST
H2 204 rum Show response
elb.the-ozone-project.com/cdn-cgi/ Frame D1B4 0
212 B 10ms
10ms XHR
text/plain 104.18.43.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://elb.the-ozone-project.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=d86bc11d-6c15-41aa-a265-1282402dee69&publisherId=TKN100000001&siteId=4204204311&cb=1689010974202&bidder=ozone
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type: application/json

Response headers

date: Mon, 10 Jul 2023 17:43:00 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://elb.the-ozone-project.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 7e4a9b45be931909-FRA

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame B155 0
260 B 64ms
15ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:43:00 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
257 B 30ms
29ms Image
image/gif 54.155.18.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1689010982779&plid=1269431&idsite=thestar.com&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2200594391275565266013540427949491741687%22%2C%22_scrollIncrement%22%3A2%2C%22_scrollMethod%22%3A%22setinterval%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A8395%2C%22_trustBar%22%3A4397%7D&sid=1&surl=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&sref=&sts=1689010973572&slts=0&title=Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children+%7C+The+Star&date=Mon+Jul+10+2023+17%3A43%3A02+GMT%2B0000+(GMT)&action=_scroll&pvid=30310845&u=pid%3Dbe879833f0202e6ebca54ff48b4ec873
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.18.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-18-159.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 10 Jul 2023 17:43:02 GMT
Cache-Control: no-cache
Last-Modified: Monday, 10-Jul-2023 17:43:02 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/ 35 B
49 B 113ms
112ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/q9fqmmutk5a97trs/8576f776-0455-4946-d155-5027cb2db6f7/__activity.gif?e=stuck_10s&ct=The+Butterfly+Ball+raises+nearly+%241+million+to+support+abused+children&ccu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&tspl=11350&blst=680&ist=1342&iet=1351&bdst=680&bdet=914&bcttt=38&jsfv=nbc&ts=1689010983447&jsk=q9fqmmutk5a97trs&jsv=20230329&cu=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&uid=8576f776-0455-4946-d155-5027cb2db6f7&sid=50679951-e1d7-44e2-d61b-4e109aca0b83&pvid=2ad2a202-e471-4b21-a08e-e291bc956ecf&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.198+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&tzo=0&w=null&source=null&sdk=bc-pixel
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.thestar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 10 Jul 2023 17:43:03 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

POST
H/1.1 200
OK attention-event Show response
sr.studiostack.com/track/ 0
396 B 28ms
28ms XHR
text/plain 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Requested by: Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thestar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 10 Jul 2023 17:43:03 GMT
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 0
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

OPTIONS
H/1.1 200
OK attention-event
sr.studiostack.com/track/ Frame 0
0 21ms
20ms Preflight
text/html 51.104.28.77
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.studiostack.com/track/attention-event
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.104.28.77 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.thestar.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin: *
Allow: POST
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 4
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Jul 2023 17:43:03 GMT
ETag: W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
Expires: 0
Pragma: no-cache
request-context: appId=cid-v1:872aa76c-939e-4ab5-93a1-49e977059583

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dmx.districtm.io
URL: https://dmx.districtm.io/s/v1/img/s/101995

Verdicts & Comments Add Verdict or Comment

247 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

116 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
z737.thestar.com/DG/DEFAULT	1970-01-20 22:46:10	Name: BCSessionID Value: f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9
torstar.blueconic.net/DG/DEFAULT	1970-01-20 21:55:46	Name: BCSessionID Value: f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9
www.thestar.com/	1970-01-20 21:55:46	Name: last_visit_bc Value: 1689010972645
.thestar.com/	1970-01-20 21:55:46	Name: bc_tstgrp Value: 6
.thestar.com/	1970-01-20 21:57:13	Name: _vwo_uuid_v2 Value: DB5913B3A39035B4F7CFAAB4A69B7D6A9\|c19a47fab7fade62e97f6d229fe86d85
.thestar.com/	1970-01-20 17:35:08	Name: permutive-id Value: a7993808-aff0-4238-9592-885322906a32
.be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/	1970-01-20 15:22:39	Name: pxid Value: 544e35fd-91c5-46aa-b50c-aa474c443209
www.thestar.com/	1970-01-20 13:53:22	Name: AccessToken Value: idv2ljx5ivn25gqxvuwdlf2hrbknru8btd
www.thestar.com/	1969-12-31 23:59:59	Name: userSegmentLogin Value: false
.thestar.com/	1969-12-31 23:59:59	Name: _igt Value: 50679951-e1d7-44e2-d61b-4e109aca0b83
.thestar.com/	1970-01-20 21:55:46	Name: _ig Value: 8576f776-0455-4946-d155-5027cb2db6f7
.demdex.net/	1970-01-20 17:29:22	Name: demdex Value: 00625390981284679713544092244171602429
.thestar.com/	1969-12-31 23:59:59	Name: AMCVS_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 1
.thestar.com/	1970-01-20 13:10:12	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html%22%2C%22sref%22:%22%22%2C%22sts%22:1689010973572%2C%22slts%22:0}
.thestar.com/	1970-01-20 22:46:10	Name: s_ecid Value: MCMID%7C00594391275565266013540427949491741687
.viafoura.co/	1969-12-31 23:59:59	Name: vfThirdpartyCookiesEnabled Value: true
.viafoura.co/	1970-01-20 13:53:22	Name: VfSess Value: 8f0dh4or4aptdc6eq7ue2sqh9l
.thestar.com/	1969-12-31 23:59:59	Name: __psid Value: 1689010973665
.everesttech.net/	1970-01-20 21:55:46	Name: everest_g_v2 Value: g_surferid~ZKxDHQAAAFuFYQN6
.thestar.com/	1970-01-20 22:46:10	Name: local_ga_B4CQN4KW3R Value: GS1.1.1689010973.1.0.1689010973.60.0.0
.thestar.com/	1970-01-20 22:46:10	Name: local_ga Value: GA1.1.1826142691.1689010974
www.thestar.com/	1970-01-20 13:53:22	Name: _pbjs_userid_consent_data Value: 3524755945110770
.thestar.com/	1970-01-20 22:46:10	Name: _ga_6FZFMVVWVN Value: GS1.1.1689010973.1.0.1689010973.60.0.0
www.thestar.com/	1970-01-20 21:55:46	Name: _vfa Value: www%2Ethestar%2Ecom.00000000-0000-4000-8000-032a225cd465.3466dd91-7997-40c2-9ae3-7042c06e62c7.1689010973.1689010973.1689010973.1
www.thestar.com/	1970-01-20 13:10:11	Name: _vfz Value: www%2Ethestar%2Ecom.00000000-0000-4000-8000-032a225cd465.1689010973.1.medium=direct\|source=\|sharer_uuid=\|terms=
www.thestar.com/	1970-01-20 13:10:12	Name: _vfb Value: www%2Ethestar%2Ecom.00000000-0000-4000-8000-032a225cd465.2.10.1689010973....
.thestar.com/	1970-01-20 22:46:10	Name: _ga Value: GA1.2.1826142691.1689010974
.thestar.com/	1970-01-20 13:11:37	Name: _gid Value: GA1.2.1920408568.1689010974
.thestar.com/	1970-01-20 13:10:11	Name: _gat_UA-70431129-1 Value: 1
.thestar.com/	1970-01-20 13:10:11	Name: _gat_UA-73335503-3 Value: 1
.dpm.demdex.net/	1970-01-20 17:29:22	Name: dpm Value: 00625390981284679713544092244171602429
.thestar.com/	1970-01-20 22:46:10	Name: AMCV_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 179643557%7CMCIDTS%7C19549%7CMCMID%7C00594391275565266013540427949491741687%7CMCAAMLH-1689615773%7C6%7CMCAAMB-1689615773%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1689018173s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19556%7CvVersion%7C5.5.0
.openx.net/	1970-01-20 21:55:46	Name: i Value: cea7bd45-cd2a-47fc-8bf4-860711c5f00f\|1689010973
www.thestar.com/	1970-01-20 21:55:46	Name: selectedPersonalizedCategories Value: []
www.thestar.com/	1970-01-20 21:55:46	Name: personalizedListModeEnabled Value: true
www.thestar.com/	1969-12-31 23:59:59	Name: latestContentTier Value: 0
.thestar.com/	1970-01-20 22:39:34	Name: _parsely_visitor Value: {%22id%22:%22pid=be879833f0202e6ebca54ff48b4ec873%22%2C%22session_count%22:1%2C%22last_session_ts%22:1689010973572}
www.thestar.com/	1970-01-20 21:55:46	Name: rememberMeML Value: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html
.the-ozone-project.com/	1970-01-20 13:10:12	Name: __cf_bm Value: Bgrk7m1RIfRfhWjJuOFxqUqPyfyXFaz5K4xNKvSr6us-1689010974-0-ATKSTSSBNt7fE++LczDtYMwWyBcWWavhJyLtCnKS7B+f6fDMfhtm3jQQZZOIn/CLiF4t1RfffwROHRc5vbyovJ4=
www.thestar.com/	1969-12-31 23:59:59	Name: BCSessionID Value: f5690c3c-a57b-4fa5-80ef-cda28a7cd1b9
torstar.blueconic.net/	1970-01-20 13:20:15	Name: AWSALBCORS Value: 0c26DCqphiM2CZLMD75BKv+edxDmT5iS+y1j5i9DvvnmycLCWeQT4iqgu4rsZgddmSixVuMIQrRPZr6AcGUWmgCP12+/79S5Ed5AIG8zNvTCePgzdfLe6VNyuU8s
.thestar.com/	1970-01-20 15:19:46	Name: _fbp Value: fb.1.1689010975243.775714420
.thestar.com/	1970-01-20 15:19:46	Name: _gcl_au Value: 1.1.2131353226.1689010976
z737.thestar.com/	1970-01-20 13:20:15	Name: AWSALB Value: mPaQaxTnPxF10Pz5adpFhYSUlUTx7+Ikho8E/OZ0KlqZWq0rk3YTyH5TcDDdnK/NHx68x9kkWxU2OYTZ8TF4vmwn8hYMe9EhBayvKoNBg00Rj+lEOdoOfI6hW6HM
z737.thestar.com/	1970-01-20 13:20:15	Name: AWSALBCORS Value: mPaQaxTnPxF10Pz5adpFhYSUlUTx7+Ikho8E/OZ0KlqZWq0rk3YTyH5TcDDdnK/NHx68x9kkWxU2OYTZ8TF4vmwn8hYMe9EhBayvKoNBg00Rj+lEOdoOfI6hW6HM
.thestar.com/	1970-01-20 15:19:46	Name: _rdt_uuid Value: 1689010975711.da122943-4773-4bf8-8397-503225f15e8b
.twitter.com/	1970-01-20 22:46:10	Name: guest_id_marketing Value: v1%3A168901097565574313
.twitter.com/	1970-01-20 22:46:10	Name: guest_id_ads Value: v1%3A168901097565574313
.twitter.com/	1970-01-20 22:46:10	Name: personalization_id Value: "v1_yGlYod9TJ1qVUNLpgzUPFA=="
.twitter.com/	1970-01-20 22:46:10	Name: guest_id Value: v1%3A168901097565574313
.thestar.com/	1970-01-20 13:11:37	Name: _uetsid Value: 33cc7d201f4911eea6d5d5a59d069946
.thestar.com/	1970-01-20 22:31:46	Name: _uetvid Value: 33cc9ad01f4911eea469b1e52358e263
.bing.com/	1970-01-20 22:31:46	Name: MUID Value: 1CBC30711521638A280E233B1421626B
.thestar.com/	1970-01-20 21:55:46	Name: _pin_unauth Value: dWlkPVlqVmlPVEpqTldZdE1HWXlZUzAwTm1JM0xUZzFOVGN0TWpjM09Ua3dOV1pqTkROaA
.t.co/	1970-01-20 22:46:10	Name: muc_ads Value: 9d0ce97d-f4e9-4f52-a89f-531505c78d04
www.thestar.com/	1970-01-20 13:11:37	Name: ln_or Value: eyIzMTE2ODY4IjoiZCJ9
.linkedin.com/	1970-01-20 15:19:46	Name: li_sugr Value: 8fcfd03e-8291-4cd4-b363-6377072f2681
.linkedin.com/	1970-01-20 21:55:46	Name: bcookie Value: "v=2&59d1d81f-829b-43c2-8904-562ad6b5dc73"
.linkedin.com/	1970-01-20 13:11:37	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2910:u=1:x=1:i=1689010975:t=1689097375:v=2:sig=AQEDdLQXRDRmdGJZtxs8XrIJOJEVmXtS"
.linkedin.com/	1970-01-20 13:53:22	Name: UserMatchHistory Value: AQJT4ySqYFfIZAAAAYlA5jU7ixPuO1gAB-Vda-F6j_4NSz8vPZYRliqVCT1AkT3cEfX5Mk4QeBlc1A
.linkedin.com/	1970-01-20 13:53:22	Name: AnalyticsSyncHistory Value: AQJzjHxmuOdgNQAAAYlA5jU7Na-EpffHD55jl0N-vKmIWCcnYFBzs4swusd-UeO6iEQq3MbULsltQls1zyYY3A
.www.linkedin.com/	1970-01-20 21:55:46	Name: bscookie Value: "v=1&202307101742562897023c-581a-42ac-89d3-9da84e5d571aAQH3eWlIlSZ8qF_Y4Q_796b9_2ZfvzBZ"
.linkedin.com/	1970-01-20 17:29:22	Name: li_gc Value: MTswOzE2ODkwMTA5NzY7MjswMjFK7dB4Cr9DBylNleiba1iKBMU95mzYPtZWIl0ADSwAAg==
.thestar.com/	1970-01-20 13:53:22	Name: s_nr Value: 1689010976372-New
.thestar.com/	1970-01-20 21:55:46	Name: s_nr2 Value: 1689010976372-New
.thestar.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-20 17:29:22	Name: APC Value: Aa3gxNqBMCVudeeqoZ0PRCZQU-V-uHOgBuFAuld2mhhuBoZ617L8kg
.doubleclick.net/	1970-01-20 22:31:46	Name: IDE Value: AHWqTUme18RJK3j5--aIwbbrODWD2e__2_oGF4aDdMhVjKBvVMFFQfKUCB_YpFR7dLg
.the-ozone-project.com/	1970-01-20 15:19:46	Name: ozone_uid Value: 2SOI0UWxWOdJAwmxfeT7NwXShMf
match.sharethrough.com/	1970-01-20 13:20:15	Name: AWSALBCORS Value: fhkJWKN+BO3decUn39nfIfF9SzcKWuQ+mIn5e244PBjYMnskyL5h3F77jc4nQhejMeJrN30oy5rqbuS9Hkodov80sy9nadJiZEBYZcAchPoErDPINVo3dc8XAB5M
.kargo.com/	1970-01-20 21:55:46	Name: ktcid Value: 3ed3812d-679e-05d9-5156-202188cc1b05
.smartadserver.com/	1970-01-20 22:40:25	Name: pid Value: 6974405884151981659
.thestar.com/	1970-01-20 22:31:46	Name: __gads Value: ID=1f693476e4d51064:T=1689010977:RT=1689010977:S=ALNI_MZYE6lsCyB68EJflICeAHvBaPvgQQ
.thestar.com/	1970-01-20 22:31:46	Name: __gpi Value: UID=00000c3b901af3af:T=1689010977:RT=1689010977:S=ALNI_MbZjBClXGEuejZR9VmV6aDS2m5QYg
.360yield.com/	1970-01-20 15:19:46	Name: tuuid Value: 3fd128bb-d16c-43dd-879a-03a8ad82c255
.360yield.com/	1970-01-20 15:19:46	Name: tuuid_lu Value: 1689010978
.yahoo.com/	1970-01-20 21:56:08	Name: A3 Value: d=AQABBCJDrGQCEPlTVlnxdgwww8ZFHEDBcHUFEgEBAQGUrWS2ZOANyiMA_eMAAA&S=AQAAAt7yIyZ3rlqAiGcZiHZMMjg
.analytics.yahoo.com/	1970-01-20 21:55:46	Name: IDSYNC Value: 19bl~2cp5
.adnxs.com/	1970-01-20 15:19:46	Name: uuid2 Value: 7433993571469477067
.bidswitch.net/	1970-01-20 21:55:46	Name: tuuid Value: 9eda8b9a-5f6d-4396-b018-1b6ab992f4c9
.bidswitch.net/	1970-01-20 21:55:46	Name: c Value: 1689010978
.bidswitch.net/	1970-01-20 21:55:46	Name: tuuid_lu Value: 1689010978
ads.avct.cloud/	1970-01-20 21:55:46	Name: uuid Value: f02eae1f-fb20-472a-988a-775aaf07cb35
.3lift.com/	1970-01-20 15:19:46	Name: tluid Value: 88943481766289253631
.pubmatic.com/	1970-01-20 21:55:46	Name: KADUSERCOOKIE Value: 61248A02-09E9-46CF-BFF1-12A95DC3BF2A
.pubmatic.com/	1970-01-20 15:19:46	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 13:11:37	Name: pi Value: 0:2
.pubmatic.com/	1970-01-20 15:19:46	Name: DPSync3 Value: 1690156800%3A201_245_241_235
.pubmatic.com/	1970-01-20 15:19:46	Name: SyncRTB3 Value: 1690243200%3A35%7C1690156800%3A56_46_161_251_220_21_13_71_54
.simpli.fi/	1970-01-20 21:57:13	Name: suid Value: A4351E791A624CE8B201D86D2C99519A
.rfihub.com/	1970-01-20 22:31:46	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwsjA3M7M0MzcwMBTiM9Q1TSsLNU9JLff2c84BAPCwKYUlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwsjA3M7M0MzcwMBTiM9Q1TSsLNU9JLff2c84BAPCwKYUlAAAA
.rfihub.com/	1970-01-20 22:31:46	Name: eud Value: H4sIAAAAAAAA_9vEyGtoZmFpYGhgaW5pZmQJAJc_ug8QAAAA
.weborama.fr/	1970-01-20 22:36:06	Name: AFFICHE_W Value: 8a8ORABAYBzx59
.de17a.com/	1970-01-20 21:48:34	Name: guid Value: 1.826918622181378742
.adform.net/	1970-01-20 13:54:49	Name: C Value: 1
.adform.net/	1970-01-20 14:36:34	Name: uid Value: 8252916355776753685
.pubmatic.com/	1970-01-20 13:53:22	Name: KRTBCOOKIE_18 Value: 22947-5107433828766967001
.pubmatic.com/	1970-01-20 13:53:22	Name: KRTBCOOKIE_336 Value: 5844-826918622181378742
.pubmatic.com/	1970-01-20 13:53:22	Name: KRTBCOOKIE_80 Value: 16514-CAESEOFbeVJLlxhB-IDglOgW5D8&KRTB&22987-CAESEOFbeVJLlxhB-IDglOgW5D8&KRTB&23025-CAESEOFbeVJLlxhB-IDglOgW5D8&KRTB&23386-CAESEOFbeVJLlxhB-IDglOgW5D8
.pubmatic.com/	1970-01-20 13:53:22	Name: KRTBCOOKIE_391 Value: 22924-8252916355776753685&KRTB&23263-8252916355776753685&KRTB&23481-8252916355776753685
.pubmatic.com/	1970-01-20 13:53:22	Name: PugT Value: 1689010978
.amazon-adsystem.com/	1970-01-20 19:33:13	Name: ad-id Value: A9gOfMhOaEXxr7mscAFAItE
.amazon-adsystem.com/	1970-01-20 22:46:10	Name: ad-privacy Value: 0
.audrte.com/	1970-01-20 13:31:46	Name: arcki2 Value: e9eI6jt3-DSQd6ghtEVD33rXw!20220908!1689010979944!ip#185.213.155.186
.audrte.com/	1970-01-20 13:31:46	Name: arcki2_pubmatic Value: 61248A02-09E9-46CF-BFF1-12A95DC3BF2A!20220908!1689010979947
.audrte.com/	1970-01-20 13:31:46	Name: arcki2_ddp2 Value: e9eI6jt3-DSQd6ghtEVD33rXw!20220908!1689010980106
.audrte.com/	1970-01-20 13:31:46	Name: arcki2_adform Value: 8252916355776753685!20220908!1689010980243
.casalemedia.com/	1970-01-20 21:55:46	Name: CMID Value: ZKxDJHyd2WYBGaWA7UU.4QAA
.casalemedia.com/	1970-01-20 15:19:46	Name: CMPS Value: 1121
.casalemedia.com/	1970-01-20 15:19:46	Name: CMPRO Value: 1121
.bidr.io/	1970-01-20 22:38:44	Name: bito Value: AADW6k7JWIYAACMGEKwOMw
.bidr.io/	1970-01-20 22:38:44	Name: bitoIsSecure Value: ok
elb.the-ozone-project.com/	1970-01-20 13:20:15	Name: AWSALBTGCORS Value: q5hPmZyqwnCxwfBq9VFjMwlbq8phUXJ8SQt7PJ8aVL7Uu/dvtt9k/lTS+Qub6ei4Nfc5wopmfeZs5nuf/MH5vnQLh8cO7PliIG8AGCExjefwddPUA00SRtrNyS4HEiGuTWk4RQRKQ6Qhws/imWA4YDr9WXoTyh7GK4tBz9hWe8WX1q9uKDU=
.the-ozone-project.com/	1970-01-20 15:19:46	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiI3NDMzOTkzNTcxNDY5NDc3MDY3IiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTguODM5ODg2NjMxWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJhdm9jZXQiOnsidWlkIjoiZjAyZWFlMWYtZmIyMC00NzJhLTk4OGEtNzc1YWFmMDdjYjM1IiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTkuMjUzMzgzMjIzWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJiZWVzd2F4Ijp7InVpZCI6IkFBRFc2azdKV0lZQUFDTUdFS3dPTXciLCJleHBpcmVzIjoiMjAyMy0wNy0yNFQxNzo0MzowMC43MjM4OTY4OTNaIiwic291cmNlIjoiY29va2llIn0sImdyaWQiOnsidWlkIjoiOWVkYThiOWEtNWY2ZC00Mzk2LWIwMTgtMWI2YWI5OTJmNGM5IiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTguOTQxNTY4MzEzWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJpbXByb3ZlZGlnaXRhbCI6eyJ1aWQiOiIzZmQxMjhiYi1kMTZjLTQzZGQtODc5YS0wM2E4YWQ4MmMyNTUiLCJleHBpcmVzIjoiMjAyMy0wNy0yNFQxNzo0Mjo1OC4xMjUzMjkzNjRaIiwic291cmNlIjoiY29va2llIn0sIml4Ijp7InVpZCI6IlpLeERKSHlkMldZQkdhV0E3VVUuNFFBQVx1MDAyNjExMjEiLCJleHBpcmVzIjoiMjAyMy0wNy0yNFQxNzo0MzowMC41MDY1ODkzODlaIiwic291cmNlIjoiY29va2llIn0sIm9wZW54Ijp7InVpZCI6IjI0ZDUwZGQzLWRkMzItNGJlMi1iYWFlLThlZmFmNGI5MDE3ZiIsImV4cGlyZXMiOiIyMDIzLTA3LTI0VDE3OjQyOjU3LjYwNzcxOTY5OVoiLCJzb3VyY2UiOiJjb29raWUifSwicHVibWF0aWMiOnsidWlkIjoiNjEyNDhBMDItMDlFOS00NkNGLUJGRjEtMTJBOTVEQzNCRjJBIiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTkuNjA2NDA4NjQ5WiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJzbWFydCI6eyJ1aWQiOiI2OTc0NDA1ODg0MTUxOTgxNjU5IiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTcuODcwOTQ3NTU4WiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJ0cmlwbGVsaWZ0Ijp7InVpZCI6Ijg4OTQzNDgxNzY2Mjg5MjUzNjMxIiwiZXhwaXJlcyI6IjIwMjMtMDctMjRUMTc6NDI6NTkuMzQ5NDE1NzIzWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJ5YWhvb3NzcCI6eyJ1aWQiOiJ5LVB2d1pCbFZFMnVFZEI1TUpWczFNTWk4Zm1Namk0YzJvZEJHUTdYSS1-QSIsImV4cGlyZXMiOiIyMDIzLTA3LTI0VDE3OjQyOjU4LjUzMzczODk4M1oiLCJzb3VyY2UiOiJjb29raWUifX0sImJkYXkiOiIyMDIzLTA3LTEwVDE3OjQyOjU3LjYwNzcxNjE5NloifQ==
.pubmatic.com/	1970-01-20 13:53:22	Name: SPugT Value: 1689010980

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html(Line 166) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&random=0.2558681945884367, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.thestar.com/entertainment/2023/06/17/the-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html(Line 166) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thestar.com%2Fentertainment%2F2023%2F06%2F17%2Fthe-butterfly-ball-raises-nearly-1-million-to-support-abused-children.html&random=0.2558681945884367, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/B24540798.279406836;sz=1x2;ord=596858201148? Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.doubleclick.net/ddm/adj/N7050.197812.NSO.CODESRV/B24540798.279406836;sz=1x2;ord=596858201148?(Line 142) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://crb.kargo.com/api/v1/dsync/PrebidServer?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dkargo%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID Message: Failed to load resource: the server responded with a status of 451 (Unavailable For Legal Reasons)
other	warning	URL: https://ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://dmx.districtm.io/s/v1/img/s/101995 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=61248A02-09E9-46CF-BFF1-12A95DC3BF2A&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10230056.fls.doubleclick.net
a.audrte.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
accounts.google.com
ad-delivery.net
ad.doubleclick.net
ad2.360yield.com
ads.avct.cloud
ads.eu.criteo.com
ads.pubmatic.com
ads.yieldmo.com
adserver.pressboard.ca
adservice.google.com
adservice.google.de
alb.reddit.com
analytics.twitter.com
ap.lijit.com
api.btloader.com
api.parsely.com
api.permutive.com
api.thestar.com
api.viafoura.co
bat.bing.com
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co
btloader.com
c.amazon-adsystem.com
c1.adform.net
cat.nl3.eu.criteo.com
cdn.id5-sync.com
cdn.linkedin.oribi.io
cdn.parsely.com
cdn.petametrics.com
cdn.prod.uidapi.com
cdn.viafoura.net
cm.adform.net
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cr.frontend.weborama.fr
crb.kargo.com
csm.eu.criteo.net
ct.pinterest.com
d1nxn87txdj54y.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
d5p.de17a.com
dev.visualwebsiteoptimizer.com
dis.criteo.com
dmp.adform.net
dmx.districtm.io
dpm.demdex.net
ea4fc63e85e267cb044b394f80f8ef6a.safeframe.googlesyndication.com
eb2.3lift.com
elb.the-ozone-project.com
engagefront.theweathernetwork.com
events.kumulos.com
fundingchoicesmessages.google.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image6.pubmatic.com
imageproxy.eu.criteo.net
images.thestarimages.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
news.google.com
oa.openxcdn.net
oajs.openx.net
p.rfihub.com
p1.parsely.com
pagead2.googlesyndication.com
pixel.rubiconproject.com
pixel.thestar.com
play.google.com
pr-bh.ybp.yahoo.com
prebid.the-ozone-project.com
push.kumulos.com
px.ads.linkedin.com
px4.ads.linkedin.com
query.petametrics.com
region1.analytics.google.com
resources.thestar.com
rtb.fr3.eu.criteo.com
rtb.openx.net
s.pinimg.com
s.thestar.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
snap.licdn.com
sr.studiostack.com
ssbsync-global.smartadserver.com
ssum.casalemedia.com
static.ads-twitter.com
static.app.delivery
static.cloudflareinsights.com
static.criteo.net
stats.g.doubleclick.net
sync.crwdcntrl.net
t.co
torontostarnewspaperslimited.demdex.net
torstar.blueconic.net
torstar.gscontxt.net
torstar.sb.blueconic.net
tpc.googlesyndication.com
um.simpli.fi
unpkg.com
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.redditstatic.com
www.thestar.com
x.bidswitch.net
z.moatads.com
z737.thestar.com
dmx.districtm.io
104.18.43.178
104.244.42.197
104.244.42.67
13.107.42.14
13.225.30.130
13.32.118.217
13.32.121.102
13.32.121.21
130.211.23.194
141.95.98.65
142.250.186.134
142.250.186.66
142.250.186.70
146.75.116.157
150.136.157.133
151.139.128.10
178.250.1.6
178.250.1.9
18.164.47.100
18.66.100.58
18.66.112.98
18.66.97.82
185.64.191.210
185.80.39.216
185.86.138.154
193.0.160.130
198.47.127.19
198.47.127.20
198.47.127.205
2001:4860:4802:34::36
213.155.156.185
216.52.2.30
23.206.208.183
23.32.185.123
23.35.236.201
2600:1f18:1430:9001:1204:1fc7:cf2c:18bb
2600:1f18:44f0:4847:78ed:de6e:2e51:d042
2600:9000:20eb:2a00:2:53b2:240:93a1
2600:9000:2250:ec00:a:e047:753:be1
2600:9000:236e:4800:16:970:b940:93a1
2600:9000:2450:9800:8:2ae1:d740:93a1
2606:4700:10::6816:3556
2606:4700:20::681a:68b
2606:4700:20::ac43:4513
2606:4700:20::ac43:490d
2606:4700:4400::6812:29aa
2606:4700::6810:3965
2606:4700::6810:7caf
2606:4700:e4::ac40:a821
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2008
2a00:1450:4001:802::2001
2a00:1450:4001:806::2004
2a00:1450:4001:806::200e
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::2002
2a00:1450:4001:811::200d
2a00:1450:4001:813::2003
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200e
2a00:1450:400c:c0d::9c
2a02:2638:3::12
2a02:2638:d::11
2a02:2638:d::13
2a02:2638:d::2
2a02:2638:d::c
2a02:26f0:3100::1735:28a8
2a02:26f0:3500:883::1931
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
2a03:b0c0:3:d0::be2:3001
2a03:b0c0:3:f0::1bc:5000
2a04:4e42:600::396
2a04:4e42::396
2a05:d018:d29:3605:dd30:da7f:d6fe:8bcf
3.216.196.193
3.248.138.51
3.75.62.37
34.102.146.192
34.107.254.252
34.111.129.221
34.111.131.239
34.120.107.143
34.120.23.223
34.254.57.122
34.96.102.137
34.98.64.218
35.156.133.126
35.157.188.225
35.190.14.224
35.204.74.118
35.227.252.103
35.241.9.51
35.71.131.137
37.157.2.229
37.157.3.30
37.252.171.22
51.104.28.77
52.21.220.26
52.214.14.119
52.222.149.23
52.222.250.8
52.29.179.154
52.48.195.8
52.49.138.0
54.155.18.159
54.156.96.96
54.221.61.97
54.77.165.80
54.77.186.210
63.140.62.135
67.220.224.150
69.173.144.165
76.223.111.18
99.80.74.242
01ac859f5c0a16acacad9227458906d03ae058df2701f9b693e0eff858b9845b
025b9765817ece90e2ac5de98d9af6ed92b1524e1ee816a0202adf51c2669e4d
03568784ef9bf74ec6d2e5119c8afe23fef8e56d328c6b33a1d9bc5cef68170d
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06baf8731b56c087204a153faa13df46136ed4c46d7187cb45c5efd91e7a62fd
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08b459ca6bcbb5be5405c2bbacf689752b725bf93c460f7d5a5af52ce4834d24
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
098ac1fe26b8dcbf76d32aa5db27e6112d093743f9a3e4df1dc529c131df4363
0a26dc8641a51f345b9b84978f8d4fa549cf5e5f6455eb29f9b7241fb21370b9
0bf3dba92fc69ffb3cd602c4fcf47a32bc5693b11b79393b269ef905b8bb97f3
0c254f061ba4d6a785c3bf43a7e4ef73522ec0d41099af4bd0b038a7f2d75bdc
0d0384e698f646fa31641391e650a73c8d93059724cceca65926e736005b28b6
0d6cfe4bf2e972d5e528c5656050f9ad7dca2a6f8c16923bfffd7e5117d198fe
0e6b64435c7e78e839b092860fe86b0021188ef3d744aad267e44d38be55127e
0e7c3dbf8d25622a69944b8dfc589a95188e524b654b1b37f8a4a382c5a6888d
0f677b3de0cb23a99341897bede04bd5be2062b00f79d3e7eeea360f7f433305
0fb5ebef2161e33f83200e08dd783af5e1755460db227b72d48841e56771b985
0fd721f8ec8a6c821bae5a28ec4afcffa1a42496ef27a6384163e35fced3ce9a
101365ad0e2eb2eb542c6137bbd44dc947123d1791d9cbcf29e062ffe6001ef4
120f30328b9fae19c5145f31e18014521e7b9bab12efec98e1b82b13690328d1
133db9ac251d397076f792f5494be34c5ecd658097818c03281f14bbee45a413
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
153c3fec4f811698dd55a879e1544d8911c92bca874f205d73c4d39cab63f024
1578cb04c3fc725e72fd4f1b0999ab86e5e5c9612d83968c46b047e8b8b0febf
159ec23a6b35726aca57348e6615a6db4fa63c8bb12490cca4d260c8e05f9434
18407a06d7abf02ebc49d291cb9e9ae72c5363535b6eda7b7cfd24db66127092
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
194b1d4608a433c162d21a856f417d51188c0adbf4fe2259f8fa46b742cc4c13
1a6610a0faa3df1040fdcc139278a79a983a665c3857b31461dc0b82c0f31d62
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1cc9a0c49cb81573634c28ba64f51b1a1f075899f018be455876b43b90736bca
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e14e9b29a11de964e1c933db58c73cceb4237ae417d42dd8a74436c7cc9a284
1e56bcdec1dda0daa1b9e31e78ce7c4db1acced2d36bd8af2dca9f2792c801a9
1f95495c0685f4c9932a72d423e70fa61369b4ce32e9c5e9edca8a997d68793c
209d05f111316be9096c2dab94712fdff9e43d1334a14271b6f6d028b8230cad
22fcedc692cb6edc0332e3a84dbf847c3694ff2985690fbe2229e5d244c70e6b
230d5ed038370eb3fcf8153be8889227e04026fcd1a4cd4f19f93a6c5a3d4346
242a33de01a52985bdd655a2eb918acdb4bbb0f81d489cc0a50b492b745eab5e
25e5c10cb58300c92e6d6065fa0ea49a206499c58a2f1152af1deea8f34a5066
26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65
27e29a5aebbbc2d82b6f7d9dbbf03ced7ecaf592adf68338a02aff332b3e7bd5
27eb87df8f4eb3164ad81ff266aed79d50a33f6869c249ee27ac80ad0c1e3dc2
287bc2b1a64e255983a2cde3d5af8563daa6c21cfd68917750613a6132ba5ea3
29e053faa66ca93d6473afe625b67205b4e6bf70998efa00864c8d67f6d97cc0
2a501fa4c7eea9c5278ee6e08d653cb5298330e08c3671ef2919109168088421
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2b0590c240f60745d803f276d673d520d88bc3f22a3f51144b19afb91f469149
2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7
2cd8a500a6363b84901eb2ba53ec906208ea33692c18673691200915ee78806c
2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8
2f46926d81be4472495e6dc6a8789d7fc9ffb6acb270b4f6462720e0332fe718
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
30645a83a3e630908fe22cba2a06451131730fd67ee850139dc99d22218ad3cf
30cd4232171448300eccb3e98229539b2b48fc2879c0187812bd4b477a0fd4b7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
340cda18d7ba1d6871bde63b87cf66379a914615214f1411722329ec9d12d4e3
358d09c4121e751c69d45d275883a8643c9b7542ed346a3d1b81d5afb61ce6fe
37534c4877f3333f9a5910f71fffd67b766d39317b7c1800fade39e12d5cdd4d
376685e441eb017bed573aee2c7284ef03d39985dcf859f57b5812511b1fc9ba
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
38254c821b6bec9ee36bb8116cf81a16b0a9c2a51f97cacdb483b4fdeb6e3821
39c5031fa5e04352d50fff0f766f4c5f77f2e30a45fcf73d0470bd41cd041394
3dded79d17f9f05716c571a8ed742637bbc3591e9e0d14e9304917459e1f840d
3e54047a5de69628d87570753a0bfbcae01a1375bc54d1b3819751e211b602b9
3eb2891f7520f0e0c7ea1be09d0668cf3878ff7cedecf09ea12190106f9b3b93
3f1229425f1e6c52fb768051afca5e74e82d650b9df5c7a0af0e7f74d5f5d5da
40725fbbca1fc45d2e96a8a8338b6d76eeda0a3e7f90eb6e5216eecc850ecfb2
410ecc7bc34cd599b4665b22389c30f1e1cd6e61c7c92bb1fbd90ce87ebe79a1
42074d02d49d8fb32f0d83c80ad9fa58fd5ece5cc75b5cda9c68a9865bb60dc4
42820a1db5db7b8f8ba3ab355882a3f3f9e5babcde56f59670b11a351130391f
42c9d1df23e2f7d82d90b2bd6bab3b5398e81889cb9bde1d4a530acc663c9c63
435f25bb7e193cf7ac0df4314519011cb446292022faa04daf26128feef86971
444c796333814e17b9accb5e9820fc75a9dc164e38e36adb4ce2fa5323d58125
4466f366b2897f4839ba95e1b5d96fa3c3e11cadb7fe0096afb3a5a97b872ffb
448edd4a71b4ca28931010c1c2166872801702a420ff549a7c757edf863d7530
459e95cf842f6dee4b6aafa23a5fcc6f65c228390c131da04c47ca997b2b0e94
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4801aa7057c5d58a4ed7544ff547132dec19ca078caef0b545656868809db3f9
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4924e12a30059184d9bd1c36294dcdf957f5f2da452209448b35a93aa785cca5
4b123f8e3a4b0db9c32f6add4b53ac3b66afecd0ac6c0b17a90e1451642f7418
4b866e6dc199e3f4953fd1048f7847814acb78b6cc9249ae61126b5acbbe926a
4c548661ddfabb07e420f0bed137a70e49593bcfba098e93332da4d5239e8aa5
4ce39a658087a488c21428da93b6c35b9712f024a8ac96e2535bddfd58695c52
4da8f4d2d20833c254b092ab30d0ebaee5e3d93716e320773ff55c27c353796b
4dd63c10a1954003739225b98b306fa48534e683ae0311106e9a905a6deb571f
4e055c26ecd439ee73765fc8f167b4f23eb9b92608c70b2068b0bc7c3baeb9dd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6e793850a5e8e917ce972e8110e94eb569cad2939ad166403d71c4f14c36af
4ed4ab2b9d88903a32030c2e8f43d8bb23f9ab9914fdfa7dc45ea7fed518641e
502a19bd8010b390245ee5ce7cab84a4250da24d548828b555a53a68cfbd8db9
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
505dde6e24779ab49ff5db5e710ba7da79a19b363ddd39da123b76e07ca1debb
511d3346713ed97020560193692511e4becc3e2fef79bee7f57661f9d32005e6
52c6b724460d1cc1eef6b6b43f27f26d9f17f392ca2148e0df83f05f3cbc9970
53a304e5ed57e7c99b13b40abdbd2b1db2c7d4d29a00a9c3df267b6aae3c0975
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
57e7c5fdaf03eb2a1448370c4220132a7038b95c51fc8e8d371c486c778425b0
58400f67b2ac1f95b03d3238a5deb2050d1d995fc6b9d6bf3d76e4d7c05aff75
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5afebad1cb4c6f15e5d053a8a228b1a7ad4dd5816cdf83f418518dc8eba05c11
5ba90a1f4ce185e13c563c2f0ac128cae74954078e726c9918eaa717ff1a3f1e
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
5f8f2739eab8542e8316b8d27f96040f31ae37bba3f5247dc55a7a32d1eac773
6052e07b78f476905c93b503746553cb916f98603d70c8afd49edb79bd707104
6118aab3972757bc62c6e4c730c32154718c63b74cffc6c66733af493c730139
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61f9cb335de6f13c959e45a68990fd5c9753c1410bf002670830b9baa0429a0e
62651edf87d2816cb10682476cb72ad3065481fe168cb6b18d91d0e2aa0a64dd
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
636eab7ee03b6b7bb365094cbdce3c4409c439c4a71b28145ecddcce38ada692
66db9f3838bea6b16999c07f06f9cde714dd4ce105d915572d79022b921552e7
6707bbab4dbba0ac7fce42d70d1a036d37a9e2fbeb320156e9d960e193c1d6c9
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
6a5d134ce0702f55663b83e6d4a9d300e38f9328f96f1651419111712f9f02cb
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b7ef196947252a08d6c5250dade0d2a985ebfbb5531e1a5154897149cf718df
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc8906af356ba7aedf2901b5e89bf315ec7934ae1a0588e50d55b25059e3126
6bf0de52c3d53c3321b2314dd75bfacb03d04b829cb1cab3b36e7f77b13d4e33
6c6bd4f1d599be4d43843b7dbf5ec5e134cd7aec0c900ac1c030ead10bbe4ea1
6e5da39229c65c51423f20cf071a35097c659e95481f24b3bc7001da87833066
70b44f4183a1d28a1b73f32d538e1d840edcbad0e3a04e64452f649ebc1557d2
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
73c193b5cf5f9381f5cf17187ba6da391cada081a356c9712f2bf8390c0c3769
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a6afe77b587b36901b089216bbd93e2cde08ca1a700d9f628b1877cd052dbd
764c4af7613917ddadaba4be9891c80caf3b244bf638817f69f6390c8537c0d2
7763b1958ef43e7492eefb840091fe94582b2c1a81aaab0616aff57f83ed82f5
77839f5289da04846994f98eefb49c73ef5e8bbbbc8965344e1bf23d1c60cb3c
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d4ecbe36062e469e7d31e9109f7423b20c6f8c147091afbeee0ce69fed28cf5
7df84adc099a083a3c613b028b5885cd4209d30d5598b0de456561ef06d89c6b
7e11299ee2655d568ec5fe5d973423d0e8d6de65b97f532e51726eca214e722f
7e41416ea440eee0f014c0435cd770f9350e5aca422cca447aaba8538de0a3c3
7f15fe51526173eac3a9273b1b0824cd99323d2ac32e0ea2ca5dcc39b0c47b79
7f2916a38fe1949268f05a812eadc2c235ff57c84b6d7429e8d6d447ec098494
7fa2ff548d010318e271f7f1160d8b7ff588ff0f2721aced839405018b597349
7fe203bc4230858ca2351baf6f23aa604275f41f2feb164b7048cb3b93447017
80fd5e47d21938649d3c7dcb2f070fb984ee398a052150b541b844db5cb34c8c
81213e09ec09abe060a47d101767ef8f2d2cce6f1212b237541cba0445bf730c
8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db
824f2e98b60d2a43082c8a1d742f071a623f92a8ae350eee153c6e51a7ebb48a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
844f3ce91af9e9e2b07f298b912592cb98ee423da6c6dce00cdb59215124e66a
853bca381644d813e309ed7d034c5da6737aec2741dc28f52e5344cd5baf012d
87ca2d8adbd10be0e5e89784dbb7aa8bb67f77247471f437e6af535009955f8c
8966b07f115c55f76167b14a9eb7b8ca82ed3390f82878ee75b47f2c34163ea2
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
9255f9f186056d9c722c47bb75bf71f79690a0a85fdccf83481c6eca62552623
95f4db14172013eb07b61d3933cdcee02d39e70569f86e2d445e637db2d62547
96b573b6e2ddfc45bdd4ae73e9483e0ff188a596f109882e618961b1aa3a8285
975def900b45d55c5b36e28d3f2216cb7f906243b4cd0a8f48d651f159a8e1d5
98a13774757252835f685473e1f3e736386b707e1b75be35d378b99e607fe0c2
99c2257ab0c877ef811c0dde48d17bfb2cf1f1a5bd5bc6a9e9a7f4a114f4df3c
9b764d5e2da90a60d12b37367fab9c800dfc17b83d26f8e6686e4763d5151aaa
9b9ce6977db360907a5d316002297391a7d535ad9211be0589e921a646f36802
a04a64eb55c4a16ed352d149385a8ac8d8c2d3291f0e5b59b0f48375443b5f24
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a0ec8793ecc2c9d97dcceac6cce1de315e1a0cf7b6c5180060916c2d047c9a1c
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a609f7b1319b1f7f0929dd47b99f33a56d1176a67eafe24c66f7b3734cea4653
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a69fcbda95061df08627ed2fcce8db952cbd8c238e89a70ef951a5e08be7e966
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7569d960bc9612d2822c8dec2f2c88f45364b85b312debbaddc82d49316493b
a88716b2e48961b771017aef83ad9bdacb13a354dc0b09c62b880e7a2f72d9c6
a972943594052c4498c98bac3ba76e400dae96e2115a4980df9c1d6f0767c4d4
a9cb488de4345b6f3c3ee5283e099f7c50e2aff89e4b6838cf8a0072804da529
aa6dc1e27f4179085256161eb6018661707fe14bf431bbdaf79917d6174cc851
ac217fa597b7754bca874304308db97d8db94d4733d9027cccae8d7eff7eeceb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af9dbf02c85319fda5ed6e97828a8328ce87a4a11e2a95d506654bf7dee244f4
afa2d43bc5235e019048bf8eeb242859a5beff1fa165621f8deaa6385b799951
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b349185811d997b80dbe3e6013db81e8e2c89c4265756e6416cfafe44768b6c4
b3abab8c0524b6f876d36f99aedd1fb14317c2e3758d2bdf093362d458f6f199
b839a187b30cb9a125a21882271e8bdd1f51099258db845ed2f4d581675c4561
b8dd12b4cc0283b0d20c31c231b8ae14fa61c1b64d594cd8f8c0ed1948acb3b5
b9fc1a81b65555a43367e3237d0070597defdb9d4907ed293a982f77e5cd98a2
bb007a43ae5ab23cea15cb5b20c0eaff435f20b12376b715caa66ac93406b0ef
bc2dee2d7bba673bee2abc6490f270aedec3e93055882daa0cd0a474388265b9
be2277c99594557635d0993ac606fdc4994494e43408bc1be5c6ac9bfabc5dac
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c6a33d7e98f7ac4c2bb7c71f0c1f7e2a3b6c3282dc99ccfe5b46e8a717fb87fe
c92ad4933db24b1c424a7d2a056f5b69dad460e20b0134bf4d0ba75fb42225c7
ca7f3e13e22c27fbc6f11ebaa54dc37f7bbd6dbb059c1b2b854332a1b0793049
ce65195cc421c1ca1f56e1416a4a89d936dfc30bcb589164abbe6675487ff496
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d3406db30c5acf39a067f87b25bfee2fb19eec0a4c76e7ae80076d4858adec8d
d3b5339abeeb7411d142441595c90261b9489d8a261df963c03596e4de0d5c9c
d56c3dd5229edf1ae62f0d253320a9c51ce216622dc6001f5a54c6732f8ca947
d6618d469c7249cf9adb4c694265c9037931f1da70a4c54f8f38fe37f264092f
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d85850c885fe92574f866d77f638250a2747c691aa7f537b4922e28b368cd51a
d8698193addf3c25804f12b649228fe7e20633cfbbc49bb8bacdfb0656b151e7
d8b122f4d395b489fdf67acec120d4b3e47f87af1efe5547a7e9258e2bc6863a
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9d280cee9867539fd657970c2fd0166286ef306a36a8778953c66469347a2cb
d9ff3e3e017eb87c0b0028e28faa8ee28ee10e7f719bb727da5b0820ce964b75
dba0d5bb0d1279f4a9b3fa088d105526b2ab6a66bb60387b58ae140f3122cba5
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deeead4cfa93e8916be5b630104235b4c36967a965c7ea45b4bd1a24138cd4e3
df18b822b58faaaa8d429a60afcd872387b73238f8431de0216a48e781448cdd
e38635002058cff9a4630366e7b07aea82fbe6fc31163e76d2a233971e9e8ac4
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f111cc28228909caaae31c25d4db6546b678371d45ae42e76355b3f3bd7b34
e4058b846286433d019ff33bb22b2eca434c9d36249df436d5a3c623825674d0
e4afed48ed0b54b19b4403524034c0484fd7f59be06a733475ff6490846cf56d
e50c5c7a4bfbc6003a60cc2af3dd381dbfd53e021418084dd666d96ea4521af7
e5bc5b81ccd4bab52a1ed106798f776eaefea14dccdd48c416019ee654eadedf
e6d1acc43378dff625c02b13b7c50fe30f6b11107795c794939c145f300264dd
e780903b840c40b1d3e4f23ed2f60e4564c91f7cdedba8a5e2ab540292d709c5
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e88dd6b06e17bd254baf48417e07df477efcf98595553d4e156d9483ea1b7c7d
ec384bf5e2e66708a87b9d86027448aa4497ad75cffd5d561fdd00d4476f674e
ec39731f213524c0c4fb04959b24ba04ec9855e2d6d916fe1015674e38a1b511
ec3bd99a6cc869c2aee64153dafc98abef7bd3766fd1b8c94775e9d67ef2c28c
ee9c02b6ef7c57f2b83a0e88dab977f839560afb553d57eae49731bc5fa252ad
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01a3bab61e5503ed44d618490b13eda06ee8f99a33086055de1a804c46f48dc
f086cfbf071ec970c51b64f6626a3de2cbc6f68245d6594d51f8e86c48b707be
f15f1f48088c7b933ba1ac9ab9565c5efccc70d4f7d4ebe94125e060c547f1c9
f1dc555b74071c11fb7bbcd86fa650618db83723a8828d04850e90ec73dc5898
f37646655d25e252e7b4d5c9c7cdfc4d042b0cd1136a4025c3703033879c6c5c
f3d0dbf86ff1b2fb8dabd477549e97479ff24a8ef2d4c582960619813e28be4e
f463f345daaaaac7c0bc957aac05de1ae7a1acbd8f371d18a52ee7ca16de05da
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5c8b6a5f2b02a1e809faff709f99f58e13c04e20db58fd694aebf4f243fcc52
f5eb9c184008b42cb1645378cdcf281ffaf8754e489d994db8038e34abf279e5
f5ee1f486d72b4c1b2ba4a16320729616508e9d67b4440aa5fc3a78fd18cd0e0
f7160fe443d32f0e4578d3ab5416de8c267289613297a2d9dbcc75733425dc69
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f948edc8ba9bcb66bf27441bd5ad3601df1572d8446fdf0248a53e6f419c0a17
fc248306922c1b5660c7c40e4e84c51c346249b5836fee7ab35f7ca9824f4587
fcabc48bd0ddf26e9461ff47f7a03f1e4d4336eb59bf2ab363a5475c0149a61a
fe3987dba42400a9775663aeee4b76e9a25c65196bd8d28a241b3aed87c0991a

www.thestar.com Open in urlscan Pro 52.222.149.23 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

348 Requests

93 %HTTPS

39 %IPv6

79 Domains

128 Subdomains

108 IPs

11 Countries

5501 kBTransfer

14635 kBSize

116 Cookies

21 Outgoing links

Redirected requests

348 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.thestar.com Open in urlscan Pro
52.222.149.23 Public Scan

Screenshot
Live screenshot

Full Image

348
Requests

93 %
HTTPS

39 %
IPv6

79
Domains

128
Subdomains

108
IPs

11
Countries

5501 kB
Transfer

14635 kB
Size

116
Cookies

348 HTTP transactions
2 data transactions