se1.vip-dns.fun Open in urlscan Pro
2606:4700:3030::6815:15e2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://se1.vip-dns.fun/
Submission: On February 03 via api (February 3rd 2024, 3:41:11 pm UTC) from US — Scanned from US

Summary HTTP 241 Redirects Links 71 Behaviour Indicators

Summary

This website contacted 66 IPs in 3 countries across 45 domains to perform 241 HTTP transactions. The main IP is 2606:4700:3030::6815:15e2, located in United States and belongs to CLOUDFLARENET, US. The main domain is se1.vip-dns.fun.
TLS certificate: Issued by GTS CA 1P5 on January 20th 2024. Valid for: 3 months.

This is the only time se1.vip-dns.fun was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2606:4700:303... 2606:4700:3030::6815:15e2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
54	104.16.132.24 104.16.132.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:10:... 2606:4700:10::ac43:293c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.160.43.93 34.160.43.93	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2607:f8b0:400... 2607:f8b0:4004:c1b::9b	15169 (GOOGLE) (GOOGLE)
10	2607:f8b0:400... 2607:f8b0:4004:c08::61	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c0b::84	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c06::54	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4004:c1b::71	15169 (GOOGLE) (GOOGLE)
16	54.192.51.12 54.192.51.12	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:9256	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::5f	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:215f:8200:8:2ae1:d740:93a1	16509 (AMAZON-02) (AMAZON-02)
3	3.162.8.154 3.162.8.154	16509 (AMAZON-02) (AMAZON-02)
1	144.21.35.228 144.21.35.228	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	192.104.182.109 192.104.182.109	10668 (LEE-ASN) (LEE-ASN)
3	2607:f8b0:400... 2607:f8b0:4004:c1d::5e	15169 (GOOGLE) (GOOGLE)
3	34.149.155.241 34.149.155.241	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::ac43:1b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
1	68.67.178.10 68.67.178.10	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2600:1f18:44f... 2600:1f18:44f0:4846:5095:755:8694:ede5	14618 (AMAZON-AES) (AMAZON-AES)
1	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2606:4700:20:... 2606:4700:20::ac43:4513	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.251.167.149 142.251.167.149	15169 (GOOGLE) (GOOGLE)
6	34.107.254.252 34.107.254.252	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2607:f8b0:400... 2607:f8b0:4004:c1f::66	15169 (GOOGLE) (GOOGLE)
3	23.20.31.134 23.20.31.134	14618 (AMAZON-AES) (AMAZON-AES)
32	35.190.14.224 35.190.14.224	15169 (GOOGLE) (GOOGLE)
1	54.192.51.26 54.192.51.26	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2607:f8b0:400... 2607:f8b0:4004:c08::5e	15169 (GOOGLE) (GOOGLE)
1	3.161.212.32 3.161.212.32	16509 (AMAZON-02) (AMAZON-02)
2	63.140.39.22 63.140.39.22	14618 (AMAZON-AES) (AMAZON-AES)
1 1	18.215.141.215 18.215.141.215	14618 (AMAZON-AES) (AMAZON-AES)
4	54.192.50.230 54.192.50.230	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c07::66	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	2a04:4e42:200... 2a04:4e42:200::396	54113 (FASTLY) (FASTLY)
1	2600:1402:880... 2600:1402:8800::1728:cf19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a04:4e42:77::84 2a04:4e42:77::84	54113 (FASTLY) (FASTLY)
1	3.162.7.119 3.162.7.119	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c06::65	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c1d::9a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::84	15169 (GOOGLE) (GOOGLE)
2	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	52.85.107.60 52.85.107.60	16509 (AMAZON-02) (AMAZON-02)
1 2	172.253.63.148 172.253.63.148	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::9a	15169 (GOOGLE) (GOOGLE)
1	52.218.178.232 52.218.178.232	16509 (AMAZON-02) (AMAZON-02)
7	2607:f8b0:400... 2607:f8b0:4004:c08::9b	15169 (GOOGLE) (GOOGLE)
1 3	3.162.3.55 3.162.3.55	16509 (AMAZON-02) (AMAZON-02)
4	151.101.64.84 151.101.64.84	54113 (FASTLY) (FASTLY)
2	2607:f8b0:400... 2607:f8b0:4004:c09::6a	15169 (GOOGLE) (GOOGLE)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:143... 2600:1f18:1430:9001:709e:5b7e:3de:fd66	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f10... 2a03:2880:f103:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.81.90.104 35.81.90.104	16509 (AMAZON-02) (AMAZON-02)
1	44.215.65.75 44.215.65.75	14618 (AMAZON-AES) (AMAZON-AES)
3	2607:f8b0:400... 2607:f8b0:4004:c06::84	15169 (GOOGLE) (GOOGLE)
241	66

6 2606:4700:3030::6815:15e2 (United States)

ASN13335 (CLOUDFLARENET, US)

se1.vip-dns.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 104.16.132.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::ac43:293c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.160.43.93 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 93.43.160.34.bc.googleusercontent.com

thestar.solutions.cdn.optable.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c1b::9b (Washington, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4004:c08::61 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c0b::84 (Ashburn, United States)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::54 (Washington, United States)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4004:c1b::71 (Washington, United States)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 54.192.51.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-51-12.yul62.r.cloudfront.net

resources.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9256 (United States)

ASN13335 (CLOUDFLARENET, US)

be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:215f:8200:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.viafoura.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.162.8.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-8-154.yul62.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.21.35.228 (Amsterdam, Netherlands)

ASN31898 (ORACLE-BMC-31898, US)

torstar.gscontxt.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.104.182.109 (United States)

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com

www.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.155.241 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 241.155.149.34.bc.googleusercontent.com

thestar.cloud.optable.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:1b1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.178.10 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:44f0:4846:5095:755:8694:ede5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.167.149 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1f::66 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.20.31.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-31-134.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
torontostarnewspaperslimited.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 35.190.14.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.14.190.35.bc.googleusercontent.com

query.petametrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.51.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-51-26.yul62.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7baf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4004:c08::5e (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.212.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-212-32.yul62.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.39.22 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-22.data.adobedc.net

s.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.215.141.215 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-141-215.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.192.50.230 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-50-230.yul62.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c07::66 (Washington, United States)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1402:8800::1728:cf19 (Atlanta, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:77::84 (United States)

ASN54113 (FASTLY, US)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.162.7.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-7-119.yul62.r.cloudfront.net

d1z2jf7jlzjs58.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::65 (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c1d::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::84 (Washington, United States)

ASN15169 (GOOGLE, US)

7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

conversions-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.107.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-107-60.yul62.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.148 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bi-in-f148.1e100.net

10230056.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::9a (Washington, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.218.178.232 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4004:c08::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.162.3.55 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-3-162-3-55.yul62.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.64.84 (United States)

ASN54113 (FASTLY, US)

ct.pinterest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::6a (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:1430:9001:709e:5b7e:3de:fd66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pixel.thestar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f103:181:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.90.104 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-90-104.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.215.65.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-65-75.compute-1.amazonaws.com

mia-placement-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c06::84 (Washington, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	townnews.com bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 20494	755 KB
33	petametrics.com cdn.petametrics.com — Cisco Umbrella Rank: 13761 query.petametrics.com — Cisco Umbrella Rank: 14681	256 KB
20	thestar.com resources.thestar.com — Cisco Umbrella Rank: 214714 www.thestar.com — Cisco Umbrella Rank: 224139 s.thestar.com — Cisco Umbrella Rank: 350501 pixel.thestar.com — Cisco Umbrella Rank: 390023	111 KB
13	google.com accounts.google.com — Cisco Umbrella Rank: 23 news.google.com — Cisco Umbrella Rank: 6054 ampcid.google.com — Cisco Umbrella Rank: 2967 analytics.google.com — Cisco Umbrella Rank: 154 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 98	156 KB
13	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209 ad.doubleclick.net — Cisco Umbrella Rank: 163 stats.g.doubleclick.net — Cisco Umbrella Rank: 79 10230056.fls.doubleclick.net — Cisco Umbrella Rank: 422651 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	182 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	279 KB
10	googlesyndication.com 7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	104 KB
10	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	752 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 349 www.linkedin.com — Cisco Umbrella Rank: 632 px4.ads.linkedin.com — Cisco Umbrella Rank: 6550	3 KB
6	permutive.com api.permutive.com — Cisco Umbrella Rank: 2271	844 B
6	vip-dns.fun se1.vip-dns.fun	99 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 314 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 591 aax.amazon-adsystem.com — Cisco Umbrella Rank: 395	76 KB
4	pinterest.com ct.pinterest.com — Cisco Umbrella Rank: 871	5 KB
4	segment.com cdn.segment.com — Cisco Umbrella Rank: 1697	35 KB
4	optable.co thestar.solutions.cdn.optable.co — Cisco Umbrella Rank: 443204 thestar.cloud.optable.co — Cisco Umbrella Rank: 278005	7 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 177	3 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 376	14 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 239 torontostarnewspaperslimited.demdex.net — Cisco Umbrella Rank: 334258	5 KB
3	btloader.com 1 redirects btloader.com — Cisco Umbrella Rank: 881 api.btloader.com — Cisco Umbrella Rank: 960	18 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 3040 p1.parsely.com — Cisco Umbrella Rank: 2229	26 KB
2	reddit.com conversions-config.reddit.com — Cisco Umbrella Rank: 673835 alb.reddit.com — Cisco Umbrella Rank: 1450	1 KB
2	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 869	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	149 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 867	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 918	1 KB
2	viafoura.co api.viafoura.co — Cisco Umbrella Rank: 13187	566 B
1	rubiconproject.com mia-placement-server.rubiconproject.com — Cisco Umbrella Rank: 47750	178 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 1326	174 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	185 B
1	amazonaws.com s3.us-west-2.amazonaws.com	35 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 789	724 B
1	t.co t.co — Cisco Umbrella Rank: 656	375 B
1	cloudfront.net d1z2jf7jlzjs58.cloudfront.net	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 783	16 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1335	9 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 745	15 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1278	517 B
1	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 253	700 B
1	prmutv.co be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co — Cisco Umbrella Rank: 432461	217 B
1	gscontxt.net torstar.gscontxt.net — Cisco Umbrella Rank: 303803	103 B
1	viafoura.net cdn.viafoura.net — Cisco Umbrella Rank: 12957	205 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
1	permutive.app be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app — Cisco Umbrella Rank: 319902	129 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 410	10 KB
241	45

	Domain	Requested by
54	bloximages.chicago2.vip.townnews.com	se1.vip-dns.fun bloximages.chicago2.vip.townnews.com
32	query.petametrics.com	cdn.petametrics.com se1.vip-dns.fun
16	resources.thestar.com	se1.vip-dns.fun resources.thestar.com
10	www.googletagmanager.com	se1.vip-dns.fun www.googletagmanager.com
8	www.gstatic.com	news.google.com www.gstatic.com
6	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
6	api.permutive.com	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
6	news.google.com	se1.vip-dns.fun news.google.com www.gstatic.com
6	securepubads.g.doubleclick.net	se1.vip-dns.fun securepubads.g.doubleclick.net pagead2.googlesyndication.com
6	se1.vip-dns.fun	se1.vip-dns.fun
4	ct.pinterest.com	s.pinimg.com se1.vip-dns.fun
4	px.ads.linkedin.com	3 redirects snap.licdn.com
4	cdn.segment.com	se1.vip-dns.fun cdn.segment.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	sb.scorecardresearch.com	1 redirects se1.vip-dns.fun
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	bat.bing.com	se1.vip-dns.fun bat.bing.com
3	thestar.cloud.optable.co	thestar.solutions.cdn.optable.co
3	fonts.gstatic.com	fonts.googleapis.com
3	c.amazon-adsystem.com	se1.vip-dns.fun c.amazon-adsystem.com
2	www.google.com	se1.vip-dns.fun tpc.googlesyndication.com
2	10230056.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	analytics.google.com	www.googletagmanager.com
2	s.pinimg.com	se1.vip-dns.fun s.pinimg.com
2	connect.facebook.net	se1.vip-dns.fun connect.facebook.net
2	s.thestar.com	resources.thestar.com se1.vip-dns.fun
2	unpkg.com	1 redirects se1.vip-dns.fun
2	dpm.demdex.net	resources.thestar.com se1.vip-dns.fun
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ad-delivery.net	se1.vip-dns.fun
2	api.viafoura.co	cdn.viafoura.net
2	btloader.com	1 redirects se1.vip-dns.fun
1	mia-placement-server.rubiconproject.com	s3.us-west-2.amazonaws.com
1	api.segment.io	cdn.segment.com
1	adservice.google.com	10230056.fls.doubleclick.net
1	www.facebook.com	se1.vip-dns.fun
1	pixel.thestar.com	connect.facebook.net
1	p1.parsely.com	se1.vip-dns.fun
1	s3.us-west-2.amazonaws.com	securepubads.g.doubleclick.net
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	cdn.parsely.com	d1z2jf7jlzjs58.cloudfront.net
1	analytics.twitter.com	se1.vip-dns.fun
1	t.co	se1.vip-dns.fun
1	px4.ads.linkedin.com	se1.vip-dns.fun
1	www.linkedin.com	1 redirects
1	alb.reddit.com	se1.vip-dns.fun
1	conversions-config.reddit.com	www.redditstatic.com
1	7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	d1z2jf7jlzjs58.cloudfront.net	se1.vip-dns.fun
1	snap.licdn.com	se1.vip-dns.fun
1	www.redditstatic.com	se1.vip-dns.fun
1	static.ads-twitter.com	se1.vip-dns.fun
1	ampcid.google.com	www.google-analytics.com
1	cm.everesttech.net	1 redirects
1	torontostarnewspaperslimited.demdex.net	resources.thestar.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	ad.doubleclick.net	se1.vip-dns.fun
1	api.btloader.com	btloader.com
1	ib.adnxs.com	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
1	be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
1	cdn.petametrics.com	bloximages.chicago2.vip.townnews.com
1	www.thestar.com	se1.vip-dns.fun
1	torstar.gscontxt.net	se1.vip-dns.fun
1	cdn.viafoura.net	se1.vip-dns.fun
1	fonts.googleapis.com	se1.vip-dns.fun
1	be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app	se1.vip-dns.fun
1	accounts.google.com	se1.vip-dns.fun
1	cdn.ampproject.org	se1.vip-dns.fun
1	thestar.solutions.cdn.optable.co	se1.vip-dns.fun
241	70

This site contains links to these domains. Also see Links.

Domain
torontostar.pressreader.com
www.northstarbets.ca
readerschoice.thestar.com
obituaries.thestar.com
diversions.thestar.com
www.thestar.com
www.tsoffers.ca
toriservices.newscyclecloud.com
careers.smartrecruiters.com
thestarepaper.pressreader.com
www.thestaradvisers.com
www.classroomconnection.ca
pagesofthepast.ca
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com
apps.apple.com
play.google.com
www.microsoft.com
www.google.com
www.mozilla.org
notices.torstar.com

Subject Issuer	Validity	Valid
vip-dns.fun GTS CA 1P5	`2024-01-20` - `2024-04-19`	3 months	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS RSA CA G1	`2023-03-13` - `2024-04-12`	a year	crt.sh
thestar.solutions.cdn.optable.co GTS CA 1D4	`2024-01-27` - `2024-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.thestar.com Amazon RSA 2048 M02	`2023-05-29` - `2024-06-26`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2024-01-05` - `2024-04-04`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
viafoura.com Amazon RSA 2048 M02	`2023-08-08` - `2024-09-06`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-12-30` - `2024-12-04`	a year	crt.sh
*.gscontxt.net DigiCert TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-12-09`	a year	crt.sh
thestar.com GTS CA 1P5	`2024-01-04` - `2024-04-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
join.ca.optable.co R3	`2023-12-17` - `2024-03-16`	3 months	crt.sh
cdn.petametrics.com R3	`2024-01-17` - `2024-04-16`	3 months	crt.sh
*.prmutv.co R3	`2023-11-29` - `2024-02-27`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
api.btloader.com GTS CA 1D4	`2023-12-08` - `2024-03-07`	3 months	crt.sh
ad-delivery.net GTS CA 1P5	`2024-01-20` - `2024-04-19`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
api.permutive.com R3	`2023-12-15` - `2024-03-14`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.liftigniter.com R3	`2023-12-08` - `2024-03-07`	3 months	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2024-01-21` - `2025-02-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
s.thestar.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-24` - `2024-08-23`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-12` - `2024-02-10`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-08` - `2024-07-06`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
*.pinterest.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-15` - `2024-07-13`	6 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-02`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
*.parsely.com Amazon RSA 2048 M02	`2023-05-06` - `2024-06-03`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon RSA 2048 M01	`2024-01-23` - `2024-12-31`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2023-12-11` - `2024-12-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
pixel.thestar.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
*.segment.io Amazon RSA 2048 M03	`2023-12-13` - `2025-01-11`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://se1.vip-dns.fun/
Frame ID: 45870A078F22D3D52FBFFC58C7D9E1E9
Requests: 211 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=1706974864741&publicationId=thestar.com
Frame ID: 05E74D603A55044EC6E90215781677A5
Requests: 11 HTTP requests in this frame

Frame: https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0
Frame ID: C8A81723499B3EC0A40582B241C1FB18
Requests: 1 HTTP requests in this frame

Frame: https://7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 14E3B5BCA9E674F70DC4645D1761EC9B
Requests: 1 HTTP requests in this frame

Frame: https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F
Frame ID: D8BAD107095468BED869AF7896AD2399
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsun3bS2yGhzn04WtcbPp8SrX6VOcTUjNtI--tCSvu1tB0nVCWKYDLzA3KNsCnq9lyXZ0BPCzmFdsFXQy4dru8rq8Rmt1QFvoYwsXyCPwoNXXQ_AUSM1brL_nCS5XDpZJkeYM7IOAztsJPeXwn3CXPWzm4Y-dVFQOKF1_WepcCfq79n0yzumbC_qirRiDhKOza2vhqrk6aNREHjrvCbNbOycGT9qGh6RV9Fya4LFhvqF2eVgbykP7uvuYBzQQv3JY8L6rx46BsNkpYZIVCAEyUZ3X3Sj1oqaZYaWWkTWYv7X6zatthA0T_Zs9nlhLpNKoe9Lxo-FMsJWoz4HUhZaH56iyU6V1vA&sai=AMfl-YTV8VzsIEuLEzsA5ijeaWlm7mtMWqLYK0Mt52ZruT7_47a2N_mv9MYmTO-zDWnRJ6aS3Ef0OPxFWxGI-3kt4tYmQ3omc0livcmAJPTfI7YadA2wE6lnsdHqM1zO7woLf38AVtmM-jS_poZuA5mnql4&sig=Cg0ArKJSzHKS_fgA2EYVEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 80A91AD853D369A28F2961F54CA7FB16
Requests: 7 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: 4DBA78ACDA29B8D410B58183DCE59BC3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 503D85D651BD7C900E38B44D1F7400C8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9217CABA8A20030E038763F0C84FC292
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Breaking News - Headlines & Top Stories | The Star

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

241
Requests

96 %
HTTPS

50 %
IPv6

45
Domains

70
Subdomains

66
IPs

3
Countries

3505 kB
Transfer

11445 kB
Size

46
Cookies

71 Outgoing links

These are links going to different origins than the main page.

URL: https://torontostar.pressreader.com/
Title: Today's paper

Search URL Search Domain Scan URL

URL: https://www.northstarbets.ca/page?key=ej0xMzUyNzc3NCZsPTEzNTI3NzcyJnA9MzQ2MQ%3D%3D&ut[%E2%80%A6]hStarBets__&utm_content=custom/tracking_sportsbettinglogo
Title: Betting

Search URL Search Domain Scan URL

URL: https://readerschoice.thestar.com/readerschoice-toronto/
Title: Readers’ Choice Awards

Search URL Search Domain Scan URL

URL: https://obituaries.thestar.com/
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/
Title: Fun & Games

Search URL Search Domain Scan URL

URL: https://diversions.thestar.com/comics.html
Title: Comics

Search URL Search Domain Scan URL

URL: https://www.thestar.com/subscribe
Title: SALE: Only $0.50/week!

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/jagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford/article_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/europe/uk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is/article_54ee028d-67b6-5efa-bf68-6c30f17031a8.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/what-would-happen-in-the-event-of-king-charless-death/article_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/one-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres/article_90202c0c-ba26-11ee-969f-abf2e50a64a5.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/gta/tessa-virtue-and-morgan-rielly-got-married-with-two-secret-weddings-report/article_e4e88196-c12c-11ee-8764-2b0d0a29358c.html?li_source=LI&li_medium=Recommended

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/indigo-receives-privatization-offer-from-gerald-schwartz/article_32cd423e-120c-5329-967f-54a74c612dbd.html?li_source=LI&li_medium=business
Title: Indigo receives privatization offer from Gerald Schwartz

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/ikea-canada-is-cutting-prices-on-over-1-500-products-here-s-why/article_f0007228-bc6d-11ee-851b-97ce83515f28.html?li_source=LI&li_medium=business
Title: Ikea Canada is cutting prices on over 1,500 products. Here’s why

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/personal-finance/cutting-down-your-food-budget-heres-how-to-save-money-at-the-grocery-store/article_85f439c2-593d-514f-8f3d-037ba533db15.html?li_source=LI&li_medium=business
Title: Cutting down your food budget? Here's how to save money at the grocery store

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/saskatchewan-collector-finds-rare-case-containing-coveted-wayne-gretzky-rookie-cards/article_505f5963-3fb4-57f3-bd07-afbe8dac0bd5.html?li_source=LI&li_medium=business
Title: Saskatchewan collector finds rare case containing coveted Wayne Gretzky rookie cards

Search URL Search Domain Scan URL

URL: https://www.thestar.com/business/trans-mountain-mulling-how-to-remove-obstruction-causing-newest-construction-delay/article_6974ee6b-825c-591c-a83a-978b08001edd.html?li_source=LI&li_medium=business
Title: Trans Mountain mulling how to remove 'obstruction' causing newest construction delay

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/british-columbia/ai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up/article_c805d36e-ad44-5ccb-be9d-588c26463304.html?li_source=LI&li_medium=canada

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/procuring-sex-charge-stayed-against-saskatchewan-mla-after-he-completed-program/article_ce8d7036-3258-58ac-8c61-423fd2a7a2b0.html?li_source=LI&li_medium=canada
Title: Procuring sex charge stayed against Saskatchewan MLA after he completed program

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/a-canadian-school-is-rolling-back-its-nut-ban-why-experts-say-a-complete-ban/article_87e97634-bf98-11ee-9c04-63712c62eb9d.html?li_source=LI&li_medium=canada
Title: A Canadian school is rolling back its nut ban. Why experts say a complete ban isn't as effective as you might think

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/danielle-smiths-action-on-gender-issues-sparks-outrage-from-ndp-liberals-and-thats-fine-by/article_0c9e746c-c154-11ee-a4ef-c3de06f9d9a8.html?li_source=LI&li_medium=canada
Title: Danielle Smith's action on gender issues sparks outrage from NDP, Liberals — and that's fine by her

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/a-rare-total-solar-eclipse-will-be-seen-from-parts-of-ontario-this-spring-heres/article_3842701a-c045-11ee-82c2-1f3f229b6b94.html?li_source=LI&li_medium=canada
Title: A rare total solar eclipse will be seen from parts of Ontario this spring. Here's how to watch

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/completely-overwhelmed-family-doctors-in-alberta-take-concerns-to-social-media/article_a55af333-c3a1-5a17-ae07-a013977bb2de.html?li_source=LI&li_medium=canada
Title: 'Completely overwhelmed': Family doctors in Alberta take concerns to social media

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/canada/groundhog-day-canadas-famous-furry-forecasters-predict-early-spring/article_69607440-31b6-541f-9fff-0e71cac6bce7.html?li_source=LI&li_medium=canada
Title: Groundhog Day: Canada's famous furry forecasters predict early spring

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/protesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert/article_8324db85-37f7-5061-bafe-2de5697979b4.html?li_source=LI&li_medium=politics
Title: Protester's overturned acquittal could have impact on 'Freedom Convoy' case: expert

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/canada-s-dental-benefit-is-expanding-here-s-what-you-need-to-know/article_c9d1f9ce-c072-11ee-823e-2f7bb8e1971d.html?li_source=LI&li_medium=politics
Title: Canada’s dental benefit is expanding. Here’s what you need to know

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/justin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying/article_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html?li_source=LI&li_medium=politics
Title: Justin Trudeau slams Pierre Poilievre for link to Loblaws lobbying

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/federal/justin-trudeau-adviser-defends-use-of-crude-language-in-online-exchange-with-right-wing-group/article_ae84cc8a-bedf-11ee-ab27-df4b248eb880.html?li_source=LI&li_medium=politics
Title: Justin Trudeau adviser defends use of crude language in online exchange with right-wing group

Search URL Search Domain Scan URL

URL: https://www.thestar.com/politics/provincial/10-000-ontario-patients-cut-loose-because-of-staffing-shortages/article_ed9ad508-bc74-11ee-b5ed-b3befb843bae.html?li_source=LI&li_medium=politics
Title: 10,000 Ontario patients cut loose because of staffing shortages

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/asia/pakistans-ex-pm-imran-khan-and-wife-convicted-of-marriage-law-violation-in-a-fourth/article_a10b26a3-ab71-57f2-9c3d-db4376e21390.html?li_source=LI&li_medium=world
Title: Pakistan's ex-PM Imran Khan and wife convicted of marriage law violation in a fourth case

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/japan-wants-everyone-to-know-taylor-swift-will-make-it-in-time-for-the-super/article_a292da49-2101-5210-b7ad-1371e274c6e5.html?li_source=LI&li_medium=world
Title: Japan wants everyone to know: Taylor Swift will make it in time for the Super Bowl

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/united-states/getting-a-dental-x-ray-a-new-recommendation-says-you-dont-need-a-lead-apron/article_5214ad33-2ecd-5a17-bbb2-f01cc873c70e.html?li_source=LI&li_medium=world
Title: Getting a dental X-ray? A new recommendation says you don't need a lead apron

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/europe/16-year-old-killers-of-transgender-teenager-in-england-sentenced-for-sadistic-murder/article_5e2b659f-1a4a-57c6-94bb-346c9f0c6296.html?li_source=LI&li_medium=world
Title: 16-year-old killers of transgender teenager in England sentenced for 'sadistic' murder

Search URL Search Domain Scan URL

URL: https://www.thestar.com/news/world/united-states/the-crane-attacked-potential-mates-but-then-she-fell-for-her-keeper/article_054e6b0d-70f7-5fc2-86d6-2a145a116397.html?li_source=LI&li_medium=world
Title: The crane attacked potential mates. But then she fell for her keeper

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/what-would-happen-in-the-event-of-king-charless-death/article_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html?li_source=LI&li_medium=life

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/health-wellness/its-called-cozy-cardio-in-a-world-seeking-comfort-some-see-a-happier-mode-of/article_0410cbe2-7cab-592a-a6a6-3d740d59c4ae.html?li_source=LI&li_medium=life
Title: It's called 'cozy cardio.' In a world seeking comfort, some see a happier mode of exercise

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/whats-a-rat-snack-and-why-do-we-like-them-so-much-dietitian-breaks-down/article_dbb95608-b6dd-11ee-84cc-33b7d8d76878.html?li_source=LI&li_medium=life
Title: What's a 'rat snack' and why do we like them so much? Dietitian breaks down the viral TikTok trend

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/relationships/my-sister-in-law-has-dementia-and-her-husband-has-a-new-girlfriend-its-making/article_0b0dee34-b09c-11ee-83ee-2b6c4cedf9e8.html?li_source=LI&li_medium=life
Title: My sister-in-law has dementia — and her husband has a new girlfriend. It's making me sick. Ask Ellie

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/beauty-and-fashion/fashion/tessa-virtue-had-three-wedding-dresses-we-spoke-to-the-toronto-designer-who-created-them/article_27c7cfd3-f4b5-5ee1-802b-c2a96236bb84.html?li_source=LI&li_medium=life
Title: Tessa Virtue had three wedding dresses. We spoke to the Toronto designer who created them

Search URL Search Domain Scan URL

URL: https://www.thestar.com/life/relationships/im-engaged-but-my-fianc-and-i-are-never-alone-together-we-work-play-sports/article_8f6f6032-b63b-11ee-bac9-a368c26d139b.html?li_source=LI&li_medium=life
Title: I'm engaged but my fiancé and I are never alone together: we work, play sports and hang out with friends instead. Is our relationship doomed? Ask Lisi

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/nhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home/article_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html?li_source=LI&li_medium=sports

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/montreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets/article_3a19012d-897a-5baa-9d71-b788c2aecfba.html?li_source=LI&li_medium=sports
Title: Montreal Canadiens trade centre Sean Monahan to Winnipeg Jets

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/leafs/oilers-superstar-connor-mcdavid-wins-nhl-all-star-skills-competition-and-1-million-prize/article_633fb034-c239-11ee-b410-4363ff1860db.html?li_source=LI&li_medium=sports
Title: Oilers superstar Connor McDavid wins NHL all-star skills competition and $1 million prize

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/gary-bettman-celebrates-a-non-payday-as-the-nhl-returns-to-the-olympics/article_01fbf86a-bfa9-11ee-9516-67b78e1fc033.html?li_source=LI&li_medium=sports
Title: Gary Bettman celebrates a non-payday as the NHL returns to the Olympics

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/leafs/you-have-to-take-a-look-in-the-mirror-dave-keon-talks-about-the-maple/article_41b07c40-bc63-11ee-9c86-63b369be8ddf.html?li_source=LI&li_medium=sports
Title: "You have to take a look in the mirror." Dave Keon talks about the Maple Leafs' Stanley Cup drought

Search URL Search Domain Scan URL

URL: https://www.thestar.com/sports/hockey/maple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners/article_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html?li_source=LI&li_medium=sports
Title: Maple Leafs have a little fun at the NHL all-star draft — at Mitch Marner's expense

Search URL Search Domain Scan URL

URL: https://www.thestar.com/entertainment/taylor-swift-is-now-living-rent-free-inside-the-broken-brains-of-maga-conspiracists/article_26746a42-bfa4-11ee-81dd-dbcd664f17af.html?li_source=LI&li_medium=entertainment

Search URL Search Domain Scan URL

URL: https://www.thestar.com/entertainment/television/documentary-on-we-are-the-world-goes-deep-inside-recording-session-of-starry-1985-charity/article_ed06c0a9-3e91-5251-8f4e-d6081726707e.html?li_source=LI&li_medium=entertainment

Search URL Search Domain Scan URL

URL: https://www.thestar.com/entertainment/television/muchmusic-doc-pulled-from-crave-months-after-director-says-he-clashed-with-labels/article_a7c64896-bcde-5eb2-a492-2529c9da1d0f.html?li_source=LI&li_medium=entertainment

Search URL Search Domain Scan URL

URL: https://www.tsoffers.ca/
Title: Subscribe to Home Delivery

Search URL Search Domain Scan URL

URL: https://toriservices.newscyclecloud.com/cgi-bin/cmo_tor-c-cmdb-01.sh/custservice/web/login.html?SiteID=TS
Title: Manage Home Delivery Subscription

Search URL Search Domain Scan URL

URL: https://careers.smartrecruiters.com/Torstar/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://thestarepaper.pressreader.com/
Title: Star ePaper Edition

Search URL Search Domain Scan URL

URL: https://www.thestaradvisers.com/Portal/default.aspx
Title: Star Advisers

Search URL Search Domain Scan URL

URL: https://www.classroomconnection.ca/
Title: Classroom Connection

Search URL Search Domain Scan URL

URL: https://pagesofthepast.ca/
Title: Toronto Star Archives

Search URL Search Domain Scan URL

URL: https://www.facebook.com/torontostar
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/torontostar
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/TorontoStar
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/thetorontostar/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://apps.apple.com/ca/app/thestar-com-iphone/id379481068

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.thestar.www&referrer=utm_source%3Dweb-driver%26utm_medium%3Ddriver%26utm_content%3Dfooter

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/edge
Title: Microsoft Edge

Search URL Search Domain Scan URL

URL: https://www.google.com/chrome/
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://www.mozilla.org/en-US/firefox/
Title: Firefox

Search URL Search Domain Scan URL

URL: https://notices.torstar.com/main_terms_of_use_daily_and_community_brands_EN/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://notices.torstar.com/privacy-policy/index.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://btloader.com/tag?o=5071905434894336&upapi=true&async=true HTTP 302
https://btloader.com/tag?o=5071905434894336&upapi=true

Request Chain 112

https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

Request Chain 120

https://cm.everesttech.net/cm/dd?d_uuid=89272844693718507023888797524036730881 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zb5eGwAAAMCNWQOH

Request Chain 195

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1706974865645%26url%3Dhttps%253A%252F%252Fse1.vip-dns.fun%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4gel418hp1gAAAY1voWp6MZfmnr8lZt4bx-dSxqytUSQn-gW89HpmTTz5vD4yhLkijA

Request Chain 200

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F HTTP 302
https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F

Request Chain 223

https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&c9=

241 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
se1.vip-dns.fun/ 526 KB
64 KB 1005ms
926ms Document
text/html 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f547192bde5a219c8f0e5dfcfe7260ad176ec71e0632915546a6c18ea4ef982d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 0
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=60, s-maxage=30, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 84fbc69978e4495a-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 03 Feb 2024 15:41:03 GMT
last-modified: Sat, 03 Feb 2024 15:41:01 GMT
link: <https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.ee95c0b6f1daceb31bf5ef84353968c6.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9yZ9d%2BlERxZ0o5PQv3m%2FL49yCdRxa8hDsa%2Fwxz6DNMZBwmqoGTM9U0ScXNG6aIONRjRhSwHsqQqP3zVwhCkMih95lyE7bKCBJCr2Ck5Bn6%2Bd6Lq%2BzYBL8VnyaEuLyIgzJIJxgmXnuWRD7%2F8LipI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: X-IPCountry, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-loop: 1
x-robots-tag: noarchive
x-tncms: 1.73.1; app3; 0.95s; 7M
x-ua-compatible: IE=edge
x-vcache: HIT
x-xrds-location: https://www.thestar.com/tncms/xrds/
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.d6d18fcf88750a16d256e72626e676a6.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 98 KB
34 KB 122ms
49ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6584122
cross-origin-resource-policy: cross-origin
last-modified: Wed, 07 Jul 2021 20:09:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"60e609f2-1882c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fcee3b3d7-MIA
expires: Fri, 01 Nov 2024 05:37:04 GMT

GET
H2 200 user.js Show response
se1.vip-dns.fun/shared-content/art/tncms/user/ 3 KB
2 KB 791ms
788ms Script
application/x-javascript 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://se1.vip-dns.fun/shared-content/art/tncms/user/user.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32209e964449881b7f2a21086506deccc49063673c2cfff6288598f843fc81c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 29 Jan 2024 15:30:58 GMT
x-vcache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"65b7c4b2-c46"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcRA4R%2BmXE0C3Z54CjG%2FS%2B2dy3OKAafQ8FWt3O%2BFerYAWXgHE7%2BS68PuXKgyjk6lFaXa8HbBHgKlGu4rMMDkQspwaEG1KLdlop1J9RgPpFLCu3j2NYxIY7OZRR%2FW5jJl8ZGnXNOjYH0WLZ11DO4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 84fbc69f5925495a-MIA
alt-svc: h3=":443"; ma=86400
service-worker-allowed: /

GET
H2 200 bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 39 KB
11 KB 149ms
78ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6599606
cross-origin-resource-policy: cross-origin
last-modified: Fri, 06 Sep 2019 14:16:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5d726a23-9bd8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fef13b3d7-MIA
expires: Thu, 18 Jul 2024 22:54:57 GMT

GET
H2 200 common.08a61544f369cc43bf02e71b2d10d49f.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 33 KB
13 KB 149ms
78ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4908103eb097a575d25aecab0b105c51313e35ce211bb70d82ea0ce6e75ed2b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 2185496
cross-origin-resource-policy: cross-origin
last-modified: Thu, 09 Nov 2023 15:29:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf1-841f"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fef11b3d7-MIA
expires: Wed, 27 Nov 2024 07:05:41 GMT

GET
H2 200 tnt.ee95c0b6f1daceb31bf5ef84353968c6.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 11 KB
4 KB 122ms
51ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.ee95c0b6f1daceb31bf5ef84353968c6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b093bf8fe11ce768e5543697030a064da71b347431594daf7efb86f94a201c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 5664979
cross-origin-resource-policy: cross-origin
last-modified: Mon, 27 Nov 2023 14:35:13 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6564a921-2d77"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fceddb3d7-MIA
expires: Thu, 28 Nov 2024 06:46:02 GMT

GET
H2 200 application.3c64d611e594b45dd35b935162e79d85.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 119ms
48ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.3c64d611e594b45dd35b935162e79d85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92fe1cea3df8fc0e2a03f1c8d0099cb105c7d455ac8be20be165ce6bff558365

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 452630
cross-origin-resource-policy: cross-origin
last-modified: Fri, 13 Oct 2023 13:11:31 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65294203-1102"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fcee5b3d7-MIA
expires: Wed, 30 Oct 2024 11:28:53 GMT

GET
H2 200 tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 2 KB
958 B 148ms
77ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e21aad61783d6e6908e5631c43656c05a34a9c7f64eab44dcd7fc58562aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6838732
cross-origin-resource-policy: cross-origin
last-modified: Fri, 27 Oct 2023 21:37:38 GMT
x-vcache: MISS
server: cloudflare
etag: W/"653c2da2-9b8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fef14b3d7-MIA
expires: Thu, 31 Oct 2024 11:35:39 GMT

GET
H2 200 bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 107 KB
18 KB 117ms
46ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.87df60d54091cf1e8f8173c2e568260c.css

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6422652
cross-origin-resource-policy: cross-origin
last-modified: Fri, 27 Oct 2023 21:37:37 GMT
x-vcache: MISS
server: cloudflare
etag: W/"653c2da1-1ac2e"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fceb3b3d7-MIA
expires: Thu, 07 Nov 2024 13:12:14 GMT

GET
H2 200 layout.9509b461cedc7767649ee83a5b35c177.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 154 KB
28 KB 122ms
52ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.9509b461cedc7767649ee83a5b35c177.css

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd2c680964b28dc283f3518e21720cd2f886e7bdb8d2f5b47809ef836c337d52

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 5773156
cross-origin-resource-policy: cross-origin
last-modified: Mon, 27 Nov 2023 14:35:16 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6564a924-26683"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fcec1b3d7-MIA
expires: Wed, 27 Nov 2024 20:01:12 GMT

GET
H2 200 flex-utility-text-promo.945a2efac4892ce469180c513f411107.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 531 B
371 B 121ms
52ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-utility-text-promo.945a2efac4892ce469180c513f411107.css

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

770dcaf045c045c66d6903b436c5b8c6f5d5a466fb3f17b3ba8f778f756b7621

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 170884
cross-origin-resource-policy: cross-origin
last-modified: Thu, 09 Nov 2023 15:29:55 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf3-213"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fcecab3d7-MIA
expires: Sun, 10 Nov 2024 06:18:04 GMT

GET
H2 200 flex-utility-promo-designer.a27bf5e332f0dd667184ad38b7bf1638.css
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 8 KB
2 KB 113ms
44ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1139a764a2eae949ca1358aa7a387a7d6812f277016c070e28279f2639da412

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6422652
cross-origin-resource-policy: cross-origin
last-modified: Fri, 27 Oct 2023 21:37:41 GMT
x-vcache: MISS
server: cloudflare
etag: W/"653c2da5-2021"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fced9b3d7-MIA
expires: Fri, 08 Nov 2024 08:21:08 GMT

GET
H2 200 access.d7adebba498598b0ec2c.js Show response
se1.vip-dns.fun/shared-content/art/tncms/api/ 70 KB
27 KB 1057ms
1057ms Script
application/x-javascript 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://se1.vip-dns.fun/shared-content/art/tncms/api/access.d7adebba498598b0ec2c.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e683a0ae8fc37aeae8fd20643faef0341fe5cf01c30f25f41d6bad28b1a8365

Request headers

Referer: https://se1.vip-dns.fun/
Origin: https://se1.vip-dns.fun
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 22 Jan 2024 14:03:24 GMT
x-vcache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"65ae75ac-1164b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7LCJL3sdAkVFxReUwGZKkU4u6i4SVzK26OcKBVpbM%2B%2BrcxlnOOzZXuN9Zfr6Hj1i%2FNgbGAE45Qa4vTH7DS9Xx1gl7gagThNMW0SFX%2FiGG2quBwkZRCwAw7TXUo8wrp84kCdywj6AQkLzuj0Tf6o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 84fbc69f5926495a-MIA
alt-svc: h3=":443"; ma=86400
service-worker-allowed: /

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://btloader.com/tag?o=5071905434894336&upapi=true&async=true
https://btloader.com/tag?o=5071905434894336&upapi=true

52 KB
18 KB

37ms
36ms

Script
application/javascript

2606:4700:10::ac43:293c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?o=5071905434894336&upapi=true
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Server: 2606:4700:10::ac43:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d86f48fcffe1483df55bdb177ac658caafa4dd1b9da54ce438d89a25c5007c5e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
last-modified: Sat, 03 Feb 2024 15:26:28 GMT
server: cloudflare
age: 876
etag: "6cd7cd49a81355837ec385d96b8701f1"
vary: Origin, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
accept-ranges: bytes
cf-ray: 84fbc6a6aca609c2-MIA
content-length: 18019

Redirect headers

date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 google
cf-cache-status: HIT
server: cloudflare
age: 2691
vary: Origin, Accept-Encoding
content-type: text/html; charset=utf-8
location: /tag?o=5071905434894336&upapi=true
cache-control: public, max-age=3600, must-revalidate
cf-ray: 84fbc6a65c2209c2-MIA

GET
H2 200 thestar-sdk.js Show response
thestar.solutions.cdn.optable.co/public-assets/ 20 KB
7 KB 104ms
34ms Script
text/javascript 34.160.43.93
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.solutions.cdn.optable.co/public-assets/thestar-sdk.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.160.43.93 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 93.43.160.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: ffa5af81b89df8147200d863ec4f65da7554c3f1ce55e201ce0510ab4ca84486

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:01:23 GMT
content-encoding: gzip
via: 1.1 google
age: 2381
x-guploader-uploadid: ABPtcPpLaSN1z-UKI30aXQ4l4NAaTBP1hlTcfMlYJ4kucsZoTcUBfHqXlTX4SRkF454jKKrHO9OJTfyTvQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6661
last-modified: Tue, 23 Jan 2024 18:40:57 GMT
server: UploadServer
etag: "88636da00f7ccacf66b1f645887c78fb"
x-goog-generation: 1706035257162922
x-goog-hash: crc32c=7cNdpw==, md5=iGNtoA98ys9msfZFiHx4+w==
content-type: text/javascript
cache-control: public,max-age=86400,no-transform
x-goog-stored-content-length: 6661
accept-ranges: bytes

GET
H2 200 footer.nav.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 2 KB
643 B 117ms
48ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/footer.nav.js?_dc=1706121063

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3e8f1eb1391780e4d77b2b47e6b25799bfccf566138ce3c3838989065a2776f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:03 GMT
x-vcache: HIT
server: cloudflare
etag: W/"65b15767-8f5"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc69fcedfb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 98 KB
29 KB 195ms
78ms Script
text/javascript 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6e1ad03d3c99c7f6291d59b484cac42bd9055b4cb0615e8e9eab28bf06f75ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29499
x-xss-protection: 0
server: cafe
etag: 65 / 19756 / m202401290101 / config-hash: 8558731290873694684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 235 KB
79 KB 174ms
61ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b21241483c33ff4dbad571288e7dd72effca1665b88eadb2d4b210ae93bfa6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80442
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 207 B
261 B 39ms
38ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64d2ce701b1f0b1d910bff7f252ae7a53d5f90cf3efb970163811c757b889d57

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6678936
cross-origin-resource-policy: cross-origin
last-modified: Thu, 09 Nov 2023 15:29:55 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf3-cf"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a0d905b3d7-MIA
expires: Sun, 10 Nov 2024 09:40:41 GMT

GET
H3 200 tracking.js Show response
se1.vip-dns.fun/shared-content/art/tncms/ 3 KB
2 KB 790ms
790ms Script
application/x-javascript 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://se1.vip-dns.fun/shared-content/art/tncms/tracking.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 29 Jan 2024 15:30:58 GMT
x-vcache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"65b7c4b2-a3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbzI0miPMbpe9p%2F%2FhdCpuLPOplVJxcP9Bd%2Bp33AYUVNCbAdEbWSuUkUHR5ySAbZLQru6LB%2B56fmHuin0HJLHDzR1Ez5HJd9O5LL69kuV%2BQnzp7lMJnR2m2GKlUH0fM9za4J3sJBpmy36n9uVhDE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 84fbc6a0dc92daf9-MIA
alt-svc: h3=":443"; ma=86400
service-worker-allowed: /

GET
H2 200 fontawesome.568f3d1ab17b33ce05854081baadadac.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 268 KB
98 KB 52ms
50ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.568f3d1ab17b33ce05854081baadadac.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7976a9dfe57f9ba6972420500782258da674fcc523c2def08bb6a84ce275c4b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6588001
cross-origin-resource-policy: cross-origin
last-modified: Thu, 09 Nov 2023 15:29:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf1-43130"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a5dbc2b3d7-MIA
expires: Sun, 10 Nov 2024 11:34:09 GMT

GET
H2 200 amp-iframe-0.1.js Show response
cdn.ampproject.org/v0/ 25 KB
10 KB 165ms
55ms Script
text/javascript 2607:f8b0:4004:c0b::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-iframe-0.1.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c0b::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7813f8e7aa4056a1a6bc25c6f593a3dab2d8fe194bcaf98955806679f0d98180

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8924
x-xss-protection: 0
server: sffe
etag: "eb91cfc9dea358d4"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 client Show response
accounts.google.com/gsi/ 206 KB
80 KB 200ms
87ms Script
application/javascript 2607:f8b0:4004:c06::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::54 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dffcbfbe46ea17eb11dda6fe7ddfce75250761d95388959ba7da2de219d8569c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RstutfPzou9ZE8i8F2Fi-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-security-policy: script-src 'report-sample' 'nonce-RstutfPzou9ZE8i8F2Fi-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 206 KB
60 KB 175ms
54ms Script
text/javascript 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb5fef2b74df9432a28f51410a27fce845778826f87fe109d4d830522fe6e7f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:39:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60644
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 16:12:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sat, 03 Feb 2024 16:29:10 GMT

GET
H2 200 launch-9387fe3a1e9f.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/ 346 KB
79 KB 264ms
80ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24148128a2798f06838595df2311ca2819a12886fa4b851f34fa25ce61a0735f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:09 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:44 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"bd5083c679c19a4bfd42ae7491c88825"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 416
x-amz-cf-id: XkTEiOzlavcEBUzFR5NG9_hn36a09BQvRlFSZ7TiDRhmnYcSn4B6rA==

GET
H2 200 be54a597-6b6d-4e2d-9d31-642310a8db25-web.js Show response
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/ 517 KB
129 KB 110ms
43ms Script
application/javascript 2606:4700:4400::ac40:9256
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9256 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b3cf42134c7069baf8bb3becde86e4198002c05ebe928d46feb451238d19ed6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: be54a597-6b6d-4e2d-9d31-642310a8db25
age: 0
x-guploader-uploadid: ABPtcPppg4PyFATUpbfhJvNWgkNU8KhEILqxQ6tOrdn441-WKrPCZq8poQUAjvP0Oe8LHD3E-TCyxbCkGm8qsU4KGDl-J4zQ3gCx
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: br
content-length: 131206
last-modified: Mon, 04 Dec 2023 18:59:04 GMT
server: cloudflare
etag: "4214f8e67313465490e9ea8d6e67d4b7"
vary: Accept-Encoding
x-goog-generation: 1701716344208732
content-type: application/javascript
x-goog-hash: crc32c=kOqrmg==, md5=QhT45nMTRlSQ6eqNbmfUtw==
cache-control: public, max-age=900
x-goog-stored-content-length: 131206
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 84fbc6a6482e098e-MIA
expires: Sat, 03 Feb 2024 15:56:04 GMT

GET
H2 200 css2
fonts.googleapis.com/ 36 KB
2 KB 181ms
71ms Stylesheet
text/css 2607:f8b0:4004:c1b::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=STIX+Two+Text:ital,wght@0,500;0,600;0,700;1,500;1,600;1,700&family=Frank+Ruhl+Libre:wght@300;400;500;600;700;800;900&family=Merriweather+Sans:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

85e1ef3c0d8442b0131cdc81c03f99a175a6b6cd326c8166a5867d1bf15a37d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 03 Feb 2024 15:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:35:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 03 Feb 2024 15:41:03 GMT

GET
H2 200 navigation.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 10 KB
2 KB 39ms
35ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/navigation.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d063ab8701f5932753a12e9b302d8345ed7ba488f2f3ca6d46912fb60ce2815

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-28b1"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1095db3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 pages.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 198 B
217 B 41ms
37ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/pages.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4353442b296c53f51d82efc2617406d68cc278bd08c2ce4ca96daa9fcc2c77e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-c6"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1095fb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 blocks.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 5 KB
1 KB 40ms
37ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/blocks.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02d4a3e3bc55fb2c10464afa89e283d1d017f6a309634709009f0e3ec5455e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-12e6"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10960b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 utilities.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 628 B
436 B 39ms
36ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/utilities.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68684d4e091795123c7797a602e056cac24a3355a95b3b198e4fbd65822afcd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-274"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10963b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 global.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 34 KB
7 KB 45ms
43ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

640ffe794ffc6f498c928232b6433adfc359c060698f38d2eed5f88fe88f9cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-8894"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10965b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 stn.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 3 KB
779 B 42ms
40ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/stn.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

595550d27cabf0dad36e8ddae06a223716e7067ff08607b60e91adab5e06c748

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-ded"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10967b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 storypacks.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 52 KB
5 KB 40ms
38ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/storypacks.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e51d53b4513a76861c42a278ecb208963d19159bd9077c004a980393cb858c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-cf92"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10968b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 utilities.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 33 KB
7 KB 43ms
41ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/utilities.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c03070b837ed5f43fd2b4195034005f828cb8af6a53b05b3fe16ee4cca56fd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-823f"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10969b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 user-controls.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 6 KB
2 KB 41ms
40ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/user-controls.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53426bb3fb09b76cd18d82e241a6b581cd187e3c2c355abda74a072b46a68b95

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-1839"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1096bb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 icons.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 11 KB
992 B 42ms
41ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b22acf3b276d3f419653cda2fcd12b7a8c87d2b0b34e44511b60a23ab72d7e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-2dda"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1096db3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 staronly.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/ 223 B
246 B 40ms
39ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/staronly.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190e1101cde57367a86dd7f3df29194cf2b78968948c793f424d5f144897b9b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-df"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1096fb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 site.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/site/resources/styles/ 339 B
311 B 43ms
42ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/site/resources/styles/site.css?_dc=1671043982

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5348904074ca7f09e3078c2afcabad0f0c9cafcfc751566e93d90ceaa75b887

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6840500
cross-origin-resource-policy: cross-origin
last-modified: Wed, 14 Dec 2022 18:53:02 GMT
x-vcache: MISS
server: cloudflare
etag: W/"639a1b8e-153"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a10972b3d7-MIA
expires: Fri, 01 Nov 2024 08:24:23 GMT

GET
H3 200 tracker.js Show response
se1.vip-dns.fun/shared-content/art/stats/common/ 9 KB
3 KB 782ms
782ms Script
application/x-javascript 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://se1.vip-dns.fun/shared-content/art/stats/common/tracker.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 20 Jul 2023 14:44:35 GMT
x-vcache: HIT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"64b94853-2200"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FuLIEswUNbEiBwDY4f7PmvxAe8Ks02L4IFguZMyg9kVwR0txE90%2F5bhr0JbrTYFs%2BOpSWwK1V2Uipvtbfi7vJovs44AfFXKkDyvw4BSEgsCjufEtsPLmc97sqarkrK9cVujOtdb7Uke5MzeLSaE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 84fbc6a10d32daf9-MIA
alt-svc: h3=":443"; ma=86400
service-worker-allowed: /

GET
H2 200 31c48758-8d44-11ed-8c30-0bcb8697ec11.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 1 KB
1 KB 36ms
36ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/31c48758-8d44-11ed-8c30-0bcb8697ec11.png

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8bba9687afeda017cbf549538f5433e397e901a3b452306988a7999db6f1a8ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 755870
cf-polished: origFmt=png, origSize=1362
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="31c48758-8d44-11ed-8c30-0bcb8697ec11.webp"
content-length: 1086
cf-bgj: imgq:85,h2pri
last-modified: Thu, 05 Jan 2023 21:59:15 GMT
server: cloudflare
x-vcache: MISS
etag: "63b74833-552"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a19aaeb3d7-MIA
expires: Thu, 09 Jan 2025 18:30:10 GMT

GET
H2 200 65bd51f5e0a54.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/bd/0bdcc909-0f22-5905-8c54-2aa88648b755/ 202 KB
202 KB 41ms
41ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/bd/0bdcc909-0f22-5905-8c54-2aa88648b755/65bd51f5e0a54.image.jpg?resize=1200%2C800

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e64359e81821721b21c6f51b9e0194610494fb51368e50ab9ced58364bcccee

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 12956
cf-polished: origSize=210996, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 20:35:02 GMT
server: cloudflare
x-vcache: MISS
etag: "269cd0de9b4f8b70a10e1b56dc9636cb"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1aad4b3d7-MIA
expires: Sat, 01 Feb 2025 21:36:37 GMT

GET
H2 200 65bd41a7b440d.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/69/a696327b-4eaf-53f0-ad31-49f84f328be3/ 70 KB
70 KB 37ms
36ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/69/a696327b-4eaf-53f0-ad31-49f84f328be3/65bd41a7b440d.image.jpg?crop=1763%2C1175%2C0%2C0&resize=1200%2C800&order=crop%2Cresize

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

495386c14ad767d86ce9f5dbec106eb7b4610a431ddfa6cc320e98b854397f80

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 10893
cf-polished: qual=85, origFmt=jpeg, origSize=88236
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65bd41a7b440d.webp"
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 19:25:29 GMT
server: cloudflare
x-vcache: MISS
etag: "d0b1411323704a2642c81335d4e87ed2"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a1cb4cb3d7-MIA
expires: Sun, 02 Feb 2025 10:35:15 GMT

GET
H2 200 2faeee7c-8d44-11ed-8c18-eb5483a10695.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 1 KB
1 KB 37ms
36ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/2faeee7c-8d44-11ed-8c18-eb5483a10695.png

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2ab34321ef0a61378759396e72284c4ee6c055bf11521b655d1e5b5a435a8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6674085
cf-polished: origFmt=png, origSize=1545
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="2faeee7c-8d44-11ed-8c18-eb5483a10695.webp"
content-length: 1228
cf-bgj: imgq:85,h2pri
last-modified: Thu, 05 Jan 2023 21:59:11 GMT
server: cloudflare
x-vcache: MISS
etag: "63b7482f-609"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a27cefb3d7-MIA
expires: Sat, 09 Nov 2024 06:44:58 GMT

GET
H3 200 email-decode.min.js Show response
se1.vip-dns.fun/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 30ms
29ms Script
application/javascript 2606:4700:3030::6815:15e2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://se1.vip-dns.fun/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::6815:15e2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Jan 2024 18:47:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b94449-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2FzERzGFEfBO48MTkAenkDjvdzIkAOOEKwL2TsKA4LRNpFM8X7VR%2BK0cHOIrUfJ3VbmohqcFnL3LrXB1Od4j78suKe63FpkZV2G%2BIzVcZfIAPZpFAkymmxD636j6EUmj4k0ECL%2F5xa2VAwFutoE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 84fbc6a278f1daf9-MIA
expires: Mon, 05 Feb 2024 15:41:03 GMT

GET
H2 200 subscription-landing.css
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/ 11 KB
2 KB 37ms
35ms Stylesheet
text/css 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/subscription-landing.css?_dc=1706121065

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fccb27bed15422298100f23773bbc262d36964eb5381ed360e06799db31b48f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853387
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15769-2b4b"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a2bd6bb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:12 GMT

GET
H2 200 edition-selector.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 8 KB
2 KB 37ms
36ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/edition-selector.js?_dc=1706121063

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7f817d35152e6280e12fa0a2895ec47b65085df83867b00d766f9a0e5595a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:03 GMT
x-vcache: HIT
server: cloudflare
etag: W/"65b15767-2076"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a2bd6cb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 tnt.ads.core.70d412172f30735865838caa3d6f42a0.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 13 KB
5 KB 35ms
35ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.core.70d412172f30735865838caa3d6f42a0.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a23c44de48fb21cbcd562cdf009d5d3049c6e064dea597c2e00f4539487909d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6396681
cross-origin-resource-policy: cross-origin
last-modified: Fri, 27 Oct 2023 21:37:40 GMT
x-vcache: MISS
server: cloudflare
etag: W/"653c2da4-35a7"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a2edd2b3d7-MIA
expires: Thu, 07 Nov 2024 09:42:19 GMT

GET
H2 200 sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 4 KB
2 KB 39ms
39ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47220c4c850d2a71293522af7071da5706951e1cecc6dddce7bc78343f48de1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6845557
cross-origin-resource-policy: cross-origin
last-modified: Thu, 09 Nov 2023 15:29:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"654cfaf1-1010"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a36ebfb3d7-MIA
expires: Sun, 10 Nov 2024 05:55:04 GMT

GET
H2 200 tnt.regions.b44801b45845a81b995eeaad12f4f276.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 36ms
36ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.regions.b44801b45845a81b995eeaad12f4f276.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c4711683ed6f2d79b7aebeb5f9d00be743a943159bdb57faf129412ed1de94c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6416297
cross-origin-resource-policy: cross-origin
last-modified: Fri, 27 Oct 2023 21:37:38 GMT
x-vcache: MISS
server: cloudflare
etag: W/"653c2da2-1021"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a36ecdb3d7-MIA
expires: Fri, 08 Nov 2024 08:01:31 GMT

GET
H2 200 liftigniter.min.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 14 KB
5 KB 46ms
46ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/liftigniter.min.js?_dc=1706121063

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

980c8780366c4be3d8e14ac0a98833e357313bd0c55e9cec1b5f16deec75c049

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15767-37b0"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a3af49b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 promo_popup.min.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 3 KB
889 B 37ms
36ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/promo_popup.min.js?_dc=1706121063

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

516743678b07edcf236561fed911dd419248fe4e6ae651c201b2fbd90f2572b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15767-a04"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a3af4db3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 save.asset.js Show response
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/ 2 KB
684 B 39ms
38ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/save.asset.js?_dc=1706121063

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6ac86cfcd875307be77577d580d25f3e0868dfeebd12080b3fe1044c378dbb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:03 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853492
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:03 GMT
x-vcache: HIT
server: cloudflare
etag: W/"65b15767-721"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a3efcbb3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 vf-v2.js Show response
cdn.viafoura.net/ 874 KB
205 KB 244ms
79ms Script
application/javascript 2600:9000:215f:8200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/vf-v2.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:215f:8200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fd7b0d1513a92c745dd42a9e3d3009d5a88bbc4f1052a1b592eac18c70dd23a3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id: KW14DmUWKsvXGTdXMRE2VvtUxyPCHXUZ
content-encoding: br
via: 1.1 f7a96eacae195ce7e3982601464ebc84.cloudfront.net (CloudFront)
date: Sat, 03 Feb 2024 15:37:26 GMT
x-amz-cf-pop: YUL62-C2
age: 219
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 25 Jan 2024 18:44:44 GMT
server: AmazonS3
etag: W/"d1c01b1df7f6773e666729d176938388"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: 4V7-hMD9zNpoffBXCTY3z3OMGIqBTdaoMnl59XDqSdMwaEbvDmdSvQ==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 286 KB
71 KB 241ms
81ms Script
application/javascript 3.162.8.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.8.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-8-154.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7065a2ec4d3eef56b6e67c96b52f5132184c8f5111742aae0be310c774b16e5d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:11:28 GMT
content-encoding: gzip
via: 1.1 08f45c153a856ff7955174d0e6f60744.cloudfront.net (CloudFront), 1.1 2080aae7ace369c71819923852e1b17e.cloudfront.net (CloudFront)
last-modified: Thu, 01 Feb 2024 21:58:43 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C3, YUL62-P2
age: 1777
x-amz-server-side-encryption: AES256
etag: W/"5a62bfa168fecdfeef387bf7ceaf9693"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: hTfwLu2vDbQ20IH2SDwlIwkyIutBaVh7tQ6nMmQZVbayfKsxw0cb_w==

GET
H/1.1 200
OK channels.cgi Show response
torstar.gscontxt.net/main/ 26 B
103 B 587ms
143ms Script
application/javascript 144.21.35.228
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://torstar.gscontxt.net/main/channels.cgi?url=https%3A%2F%2Fse1.vip-dns.fun%2F
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.21.35.228 Amsterdam, Netherlands, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: /
Resource Hash: 01594e833d67163c5d71c470fb205ab5dcea6c114cb3408c3aed83d139697c36

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 26
Content-Type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 224 KB
76 KB 157ms
157ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WRSZQF8&gtm_auth=74eL4wQLYRNQ18AwQITlNA&gtm_preview=env-1&gtm_cookies_win=x

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3562b97f2ff5b2f77206cd279021943c479abd3c2e219f1a20bd3388463362a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77699
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracker.gif
www.thestar.com/shared-content/art/stats/common/ 0
146 B 202ms
65ms Image
image/gif 192.104.182.109
LEE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thestar.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=170697486430316001200314355601474&tnms_dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&tnms_upage=1&tnms_do=www.thestar.com&tnms_uri=/&tnms_ref=&rt=1706974864307
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.182.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
last-modified: Thu, 16 Oct 2008 20:11:25 GMT
x-vcache: MISS
age: 0
etag: "48f79fed-0"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 0

GET
H2 200 Toronto_Star_logo.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/publication-logos/ 6 KB
2 KB 38ms
37ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/publication-logos/Toronto_Star_logo.svg?_dc=1706121064

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aadfdde0a0aea4dd6e3bfb60868f546b2e30db7f8d5b3549af99915a8e7294f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 853493
cross-origin-resource-policy: cross-origin
last-modified: Wed, 24 Jan 2024 18:31:04 GMT
x-vcache: MISS
server: cloudflare
etag: W/"65b15768-16bb"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a60c01b3d7-MIA
expires: Thu, 23 Jan 2025 18:36:07 GMT

GET
H2 200 2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2
fonts.gstatic.com/s/merriweathersans/v26/ 37 KB
38 KB 162ms
53ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v26/2-c99IRs1JiJN1FRAMjTN5zd9vgsFHX1QjU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=STIX+Two+Text:ital,wght@0,500;0,600;0,700;1,500;1,600;1,700&family=Frank+Ruhl+Libre:wght@300;400;500;600;700;800;900&family=Merriweather+Sans:ital,wght@0,400;0,500;0,600;0,700;0,800;1,400;1,500;1,600;1,700;1,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8a4a852dedcc7e3b6bb2c6acffac1a82a31828a00749ce2a8c2d6dd5f268dd9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://se1.vip-dns.fun
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 17:13:32 GMT
x-content-type-options: nosniff
age: 80852
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38268
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:13:26 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Feb 2025 17:13:32 GMT

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 guest.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 662 B
537 B 38ms
38ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/guest.svg

Requested by

Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1706121065

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0acff355a123d849b520cf5a94fba9e18840b78a57f67e7ff984ad7272821d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1706121065
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6666656
cross-origin-resource-policy: cross-origin
last-modified: Thu, 19 Oct 2023 18:06:51 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6531703b-296"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a62c29b3d7-MIA
expires: Thu, 31 Oct 2024 05:43:24 GMT

GET
H2 200 nbetting.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/ 6 KB
6 KB 34ms
33ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/nbetting.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2c767ec61f3ecd854a3b3aab3ed23168707aa1fc9cee0009643a72362d6bfdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1706121065
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 6672948
cf-polished: origFmt=png, origSize=11103
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="nbetting.webp"
content-length: 6086
cf-bgj: imgq:85,h2pri
last-modified: Thu, 02 Nov 2023 14:33:03 GMT
server: cloudflare
x-vcache: MISS
etag: "6543b31f-2b5f"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a62c2cb3d7-MIA
expires: Sat, 09 Nov 2024 19:00:26 GMT

GET
H2 200 chevron.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 347 B
366 B 36ms
34ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/chevron.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cefee4c660d3fc32a9c8957e4e5a464fde600f95d50d64e533e9c2b73d7ad2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/daily/global.css?_dc=1706121065
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 6414741
cross-origin-resource-policy: cross-origin
last-modified: Tue, 18 Jul 2023 19:58:47 GMT
x-vcache: MISS
server: cloudflare
etag: W/"64b6eef7-15b"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a63c33b3d7-MIA
expires: Thu, 18 Jul 2024 22:55:08 GMT

GET
H2 200 warning-updated.svg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/ 383 B
495 B 36ms
35ms Image
image/svg+xml 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/images/icons/warning-updated.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39af5bc38f03afb9bbcacadacdf8ce2adc5f6745217ef8868696c6cb38e2bfe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/styles/common/icons.css?_dc=1706121065
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 1536637
cross-origin-resource-policy: cross-origin
last-modified: Tue, 14 Nov 2023 18:35:12 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6553bde0-17f"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a63c35b3d7-MIA
expires: Wed, 27 Nov 2024 08:42:02 GMT

GET
H2 200 j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2
fonts.gstatic.com/s/frankruhllibre/v20/ 43 KB
44 KB 203ms
119ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/frankruhllibre/v20/j8_w6_fAw7jrcalD7oKYNX0QfAnPW7Dl4Q.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbc774cb96be46cab2c4f68a761ba7f4b5cfa0bd2d7a9487e1fbed4b60e547c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://se1.vip-dns.fun
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 18:54:50 GMT
x-content-type-options: nosniff
age: 247574
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44476
x-xss-protection: 0
last-modified: Thu, 22 Jun 2023 15:33:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jan 2025 18:54:50 GMT

GET
H2 200 7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.a0b13c4b7a02e09c478fe74111026137.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/7/cf/c38/ 7 KB
7 KB 35ms
34ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/7/cf/c38/7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.a0b13c4b7a02e09c478fe74111026137.png?_dc=1683205896

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

597cf1adbafca51f41aedfbdc509c2e15e81382778e096b1398c66cda6865f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 1397632
cf-polished: origFmt=png, origSize=11530
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="7cfc38ca-9d1a-11ed-8f0b-5cb9017b77dc.webp"
content-length: 7428
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 May 2023 13:11:36 GMT
server: cloudflare
x-vcache: MISS
etag: "6453af08-2d0a"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a67cb5b3d7-MIA
expires: Thu, 09 Jan 2025 19:49:40 GMT

GET
H2 200 4bf41a72-9d1f-11ed-962a-731f98635eec.6456e853912fda7cde5a60abaa0ee692.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/4/bf/41a/ 7 KB
8 KB 36ms
36ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/4/bf/41a/4bf41a72-9d1f-11ed-962a-731f98635eec.6456e853912fda7cde5a60abaa0ee692.png?_dc=1683211417

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51e62bc02cd5fca4b743c497a1b1b06096f90407e772e6acf00d6e0ec60970ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 233692
cf-polished: origFmt=png, origSize=11982
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="4bf41a72-9d1f-11ed-962a-731f98635eec.webp"
content-length: 7582
cf-bgj: imgq:85,h2pri
last-modified: Thu, 04 May 2023 14:43:37 GMT
server: cloudflare
x-vcache: MISS
etag: "6453c499-2ece"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a67cb6b3d7-MIA
expires: Wed, 29 Jan 2025 18:48:49 GMT

GET
H2 200 8cbcdae8-a2b1-11ed-8368-235783807331.15201d93ed13d9a732b495950909e503.png
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/8/cb/cda/ 10 KB
10 KB 37ms
37ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/avatars/8/cb/cda/8cbcdae8-a2b1-11ed-8368-235783807331.15201d93ed13d9a732b495950909e503.png?_dc=1684158577

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf5e49995435884e3de7eb5d4fa3d6c5615b7f04349b0686a4a368e1fc672332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 5898
cf-polished: origFmt=png, origSize=14827
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="8cbcdae8-a2b1-11ed-8368-235783807331.webp"
content-length: 10132
cf-bgj: imgq:85,h2pri
last-modified: Mon, 15 May 2023 13:49:37 GMT
server: cloudflare
x-vcache: MISS
etag: "64623871-39eb"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6a67cb8b3d7-MIA
expires: Thu, 28 Nov 2024 11:23:31 GMT

OPTIONS
H2 403 init
thestar.cloud.optable.co/prod-thestar-com/ Frame 0
0 157ms
76ms Preflight 34.149.155.241
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.155.241 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 241.155.149.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://se1.vip-dns.fun
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 google

POST init
thestar.cloud.optable.co/prod-thestar-com/ 0
0

GET
H2 200 2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2
fonts.gstatic.com/s/merriweathersans/v26/ 37 KB
37 KB 88ms
87ms Font
font/woff2 2607:f8b0:4004:c1d::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/merriweathersans/v26/2-c79IRs1JiJN1FRAMjTN5zd9vgsFHXwcjfj9w.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2736d55a4da2c1d7e1cec02b86d6432aabe15a41f5f86803b5fa5fbe3cae8a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://se1.vip-dns.fun
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 17:16:33 GMT
x-content-type-options: nosniff
age: 253471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37848
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:30:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jan 2025 17:16:33 GMT

GET
H2 200 7noslr035pfb0mvo-nbc.js Show response
cdn.petametrics.com/ 177 KB
49 KB 109ms
38ms Script
application/javascript 2606:4700:10::ac43:1b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Requested by: Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/live/libraries/flex/components/torstar_core/resources/scripts/liftigniter.min.js?_dc=1706121063
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:1b1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79ed49ed2fcc78c231c89ba77da0e9f8829b5b7558f1a84530a3e520e5221179

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
via: 1.1 08d3753c268ae8d178b064cf84c7616c.cloudfront.net (CloudFront)
x-amz-version-id: 60lwNYTvlBCeOMVk3KXP32zq3aG6T.I3
cf-cache-status: HIT
x-amz-cf-pop: MIA3-P7
age: 1021611
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Mon, 22 Jan 2024 19:37:12 GMT
server: cloudflare
etag: W/"8ed98ecedcb7dde52b84c06e0339d50f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=691200, s-maxage=31536000
cf-ray: 84fbc6a7cfef25be-MIA
x-amz-cf-id: NUC1HSArfT7IKu45HZffJjovf2lEO6HYNsC_x0IBr4604PwVrPA_lg==

GET
H2 200 65b2bed7238d0.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/ac/2acf2f85-a033-5baa-b633-6ede9627d6e4/ 7 KB
8 KB 39ms
39ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/ac/2acf2f85-a033-5baa-b633-6ede9627d6e4/65b2bed7238d0.image.jpg?crop=1763%2C1175%2C0%2C0&resize=400%2C267&order=crop%2Cresize

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22708b4a65181f19f491898d8710015e4f4ba610ccc09d0a3773cc344f9d5d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 7105
cf-polished: qual=85, origFmt=jpeg, origSize=9449
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65b2bed7238d0.webp"
cf-bgj: imgq:85,h2pri
last-modified: Thu, 25 Jan 2024 20:04:42 GMT
server: cloudflare
x-vcache: MISS
etag: "4f8e340434636ea2d503194d106552bc"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6a76e35b3d7-MIA
expires: Sun, 02 Feb 2025 10:15:00 GMT

GET
H2 200 pxid Show response
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/ 12 B
217 B 204ms
135ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/pxid?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 481d77f5d1a9c24f102bb6af246ecbff595011e0d73e70b652c39d702565d47d

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32

GET
H2 200 getuidj Show response
ib.adnxs.com/ 11 B
700 B 191ms
62ms XHR
application/json 68.67.178.10
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:04 GMT
an-x-request-uuid: 8c630b1e-f422-458b-9b2d-fcad00be84fc
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 38.132.118.77; 38.132.118.77; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 v2
api.viafoura.co/v2/se1.vip-dns.fun/bootstrap/ Frame 0
0 179ms
52ms Preflight 2600:1f18:44f0:4846:5095:755:8694:ede5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/se1.vip-dns.fun/bootstrap/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4846:5095:755:8694:ede5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://se1.vip-dns.fun
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
access-control-allow-origin: https://se1.vip-dns.fun
access-control-max-age: 1728000
cache-control: max-age=0
date: Sat, 03 Feb 2024 15:41:04 GMT
expires: Sat, 03 Feb 2024 15:41:04 GMT
server: nginx/1.18.0 (Ubuntu)

POST
H2 404 v2 Show response
api.viafoura.co/v2/se1.vip-dns.fun/bootstrap/ 138 B
566 B 159ms
54ms XHR
application/json 2600:1f18:44f0:4846:5095:755:8694:ede5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/se1.vip-dns.fun/bootstrap/v2
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4846:5095:755:8694:ede5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0e396c44938ac792546ac6681c44921a2f64c28e51fe363ddfa43ade287152c4

Request headers

Accept: application/json, text/plain, */*
Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
x-instance-id: i-046a81df44bf926e2

GET
H2 204 state Show response
api.btloader.com/mw/ 0
101 B 130ms
66ms Fetch 130.211.23.194
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/mw/state?bt_env=prod
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5071905434894336&upapi=true&async=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary: Origin

GET
H2 200 px.gif
ad-delivery.net/ 43 B
338 B 107ms
36ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=2
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450460
x-guploader-uploadid: ABPtcPptM6FyMzPanO47L8cyZ5GSFsFP0EqV4-X5T5HR9glMDU47R21ZpDkQ-uFS0rXqwODtJg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cX1VydwkPziwLsQuGY5973D0%2FpRtr9cJ2bDebFYEt%2BpEBWgjmodMlXHUnj3VgmsjLcsqxeYK0hH84iiaA%2BOuhY1S9wH8zjEhczzBTfcLnjD6W759J6asThqs6U0RydQVXlT%2FjrNpm8i4lACXlA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 84fbc6a8c9b84976-MIA
expires: Mon, 29 Jan 2024 10:34:25 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
571 B 154ms
50ms Image
image/x-icon 142.251.167.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.149 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f149.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 19:55:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71140
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Feb 2024 19:55:24 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
911 B 104ms
34ms Image
image/gif 2606:4700:20::ac43:4513
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.5739165365978001
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 450460
x-guploader-uploadid: ABPtcPptM6FyMzPanO47L8cyZ5GSFsFP0EqV4-X5T5HR9glMDU47R21ZpDkQ-uFS0rXqwODtJg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
vary: Accept-Encoding
x-goog-generation: 1620242732037093
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu9QYT3REU2pGX2ijk2PHRFhTz21oDys8%2BfstcgbPMmLa9eBGQWevtJI9XTLU09ed6vNuQjCBvShPMdo1r20tOPJF1GCzAnprXw870sT3%2FnQauuDWNRWZAnTprnYSfQcmsxgGjwLvdWONCFrfg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 84fbc6a8c9b64976-MIA
expires: Mon, 29 Jan 2024 10:34:25 GMT

GET
BLOB 200
OK 149dd1bd-a10e-46a5-a790-04ff94762cd1
https://se1.vip-dns.fun/ 225 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://se1.vip-dns.fun/149dd1bd-a10e-46a5-a790-04ff94762cd1
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72956fed691627b50461a9176d096dbfdebe035fab5f653b8b8098d869919d7f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 230409
Content-Type

GET
BLOB 200
OK be9c027a-5afe-4c52-9387-d847dbace789
https://se1.vip-dns.fun/ 225 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://se1.vip-dns.fun/be9c027a-5afe-4c52-9387-d847dbace789
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72956fed691627b50461a9176d096dbfdebe035fab5f653b8b8098d869919d7f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Length: 230409
Content-Type

OPTIONS
H2 403 targeting
thestar.cloud.optable.co/prod-thestar-com/v2/ Frame 0
0 68ms
67ms Preflight 34.149.155.241
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.155.241 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 241.155.149.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://se1.vip-dns.fun
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 google

GET targeting
thestar.cloud.optable.co/prod-thestar-com/v2/ 0
0

OPTIONS
H2 403 targeting
thestar.cloud.optable.co/prod-thestar-com/v2/ Frame 0
0 69ms
68ms Preflight 34.149.155.241
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.155.241 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 241.155.149.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://se1.vip-dns.fun
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 google

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/ 436 KB
136 KB 54ms
54ms Script
text/javascript 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

208e5d881a92d84ae1c0e296c5bafe669ec7ac8f87ede263ff5a84de441bdb55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 19:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 73487
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139485
x-xss-protection: 0
server: cafe
etag: 9760076492862216199
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 01 Feb 2025 19:16:17 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 60 B
75 B 171ms
67ms XHR
application/json 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=se1.vip-dns.fun

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6a6c72c0d70f8b02866d393ad3af63a475d96d7d8ddf1eb11836307930a03a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51
x-xss-protection: 0
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 18 KB
5 KB 53ms
53ms Stylesheet
text/css 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:17:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5195
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 21:19:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sat, 03 Feb 2024 16:07:41 GMT

GET
H2 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 53ms
53ms Other
image/svg+xml 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 14:52:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2911
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Sat, 03 Feb 2024 15:42:33 GMT

GET
H2 200 serviceiframe Show response
news.google.com/swg/ui/v1/ Frame 05E7 16 KB
8 KB 123ms
121ms Document
text/html 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/ui/v1/serviceiframe?_=1706974864741&publicationId=thestar.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3bdd106e25127f639579492a55bb1a4f56930da30968eb1e3a537e84fb87cd27

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jsnpIRZlmZz-rDJlSW0_cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-jsnpIRZlmZz-rDJlSW0_cQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Sat, 03 Feb 2024 15:41:04 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
reporting-endpoints: default="/swg/_/SubscribewithgoogleClientUi/web-reports?context=eJzjytHikmLw15BicDa_xRT35xZT1OlHTOYJT5m-HXrG9AOI3315ySTw9SWTBBBrAfEOHw-WN-HTWfkiprPG1U1nLQBivnXTWQ3XT2dt-z-dtQOIW6JnsE4DYqf0GawhQLxQ4TzrYiAW4uGYsPfnWjaBhpXXe5kBizIzSA"
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 281 B
386 B 197ms
135ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 3775aaf637f98b3458e5c6693e618184d99dbbf17d21013593b3cf2868aaacd4

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 201

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 2 B
78 B 200ms
139ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 161ms
54ms Script
text/javascript 2607:f8b0:4004:c1f::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::66 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 03 Feb 2024 14:58:39 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2545
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 03 Feb 2024 16:58:39 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 183 KB
64 KB 63ms
62ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

16338c70f3e822ce39edec6aa73c2bd7ae5e314a35034a1dbba3523b5202d52b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65887
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 227 KB
70 KB 72ms
72ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cfdc6de616888b45b0512d78da2f170db95056889243e4b6bdccfa9800d504b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71870
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:04 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 387 B
929 B 163ms
56ms XHR
application/json 23.20.31.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&d_nsid=0&ts=1706974864829

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.20.31.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-31-134.compute-1.amazonaws.com

Software

Resource Hash

471004b40deb095c4400eb0baca42077b89561ce539158c2f5428cb1653bc561

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-1-v053-0b5fd3d7d.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Sat, 03 Feb 2024 15:41:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: 8lKkyYizR4o=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 325
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/ 34 KB
13 KB 76ms
75ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:10 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:33 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"208eb534ea01036a4fca64e6715ccf3f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 415
x-amz-cf-id: U_Awz373Ng2Sxig9TNXXl-xZpnRixaV9Wd1QNcXpWtjjbg9rbVGUQA==

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/ 3 KB
2 KB 78ms
77ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/hostedLibFiles/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:10 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:33 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"f1e098a5dd836ea5fc9726c429c8d71d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 415
x-amz-cf-id: NTELkYZ-sXutz-3vSROA_Q6jZEfg2OCHgnj5-xectj4YzQL4evtmXw==

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 152 KB
27 KB 320ms
257ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 406896b6f448ff769f707b0a09e183da5817a11dea1a2d430362f9dc0e2c2aa5

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 174 KB
26 KB 373ms
311ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: be8e9ffbef2b635acc551ab9849052b3c1c712bf6f414e301d61aec3d06a6609

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 176 KB
23 KB 403ms
316ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 1814639fba8ef3f0073a4b731eb45cda676210dc9cbc24d91094136ea8d42bd3

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 187 KB
25 KB 398ms
311ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: a2c891ccb8576425bd03f5118cdc571f496d60446ad6d3a23f3b29be4f544c3b

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 181 KB
26 KB 318ms
258ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 10097297083eaa36a852807198f7327aa843311126e27b22b52d38aa4516fba0

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 175 KB
27 KB 358ms
297ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 991a2eaf7cb9e40d102632bce0690f88ae504ba6546347d97d321a4718dfbbec

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 172 KB
25 KB 389ms
329ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 798c5de2f80f143d26a5cb250e77df55971cab3eab50184b82158414f4b77d31

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

POST
H2 200 model Show response
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 189 KB
28 KB 380ms
321ms XHR
application/json 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/model
Requested by: Host: cdn.petametrics.com
URL: https://cdn.petametrics.com/7noslr035pfb0mvo-nbc.js?ts=474159
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 9886b3d238d00ab2a2a507d71d35eac1101c8a1cad502d3b690b88715d670ea0

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: application/json

GET
H2 200 5028 Show response
config.aps.amazon-adsystem.com/configs/ 532 B
809 B 228ms
71ms Script
application/javascript 54.192.51.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/5028
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-26.yul62.r.cloudfront.net
Software: CloudFront /
Resource Hash: 095cc79a8d23cf53f4363500b8a08cc1b185ff21bbe2bc81d1168d4bc53e04aa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 14:44:09 GMT
via: 1.1 3bff6c700d376f51ba81ef57dc2bd6e6.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: YUL62-C2
age: 3416
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 532
x-amz-cf-id: kyrbpXGxI0XYv2_6wRagINCQzZKy9pyvSf4BtMW-48c9kDqc5LT7OQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 599 B
954 B 88ms
86ms XHR
application/json 3.162.8.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=5028&u=https%3A%2F%2Fse1.vip-dns.fun
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.8.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-8-154.yul62.r.cloudfront.net
Software: Server /
Resource Hash: c7e791cd90e0a1f79ac0639e79e74527567696f3d5420566415c7234123f432e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:02 GMT
via: 1.1 2080aae7ace369c71819923852e1b17e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: YUL62-P2
age: 1
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 599
x-amz-cf-id: BhJ9RQLVxc-Wd6T0jz3P5l3EQSyaggKxYPf5Ovy_0cRM_rDBmJ1NzQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 323ms
183ms XHR
application/javascript 3.162.8.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.8.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-8-154.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: Iiav1evP-RP8VyjQtfdq3S5vdZunddouSj7_C-J1Vn65c3fry-K8BQ==

GET
H2 200 RC9f725ac8963342e9b34d5612ce298a81-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 440 B
803 B 70ms
70ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC9f725ac8963342e9b34d5612ce298a81-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 02e406be3baa8bc806c3cd234922e40bba42fa77a527b3e110036f387bc5308e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:10 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 415
etag: "8d247933f76a02b58ae3c3c80a91bf2f"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 440
x-amz-cf-id: pXsqGAtrYRbshFQ2sDQFec7OEC1Xi3SBa5UVsz5o-U1GmffaYn2Llw==

GET
H2

200

web-vitals.iife.js Show response
unpkg.com/web-vitals@3.5.2/dist/
Redirect Chain

https://unpkg.com/web-vitals/dist/web-vitals.iife.js
https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

7 KB
3 KB

36ms
36ms

Script
application/javascript

2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/web-vitals@3.5.2/dist/web-vitals.iife.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c0e1f95aa09754b10449fd8cd7f2e76d8f232d1038b6cf7454db558ac79962e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 759481
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01HN15S9TJ0466JRTSE03M5KZF-mia
server: cloudflare
etag: W/"1bff-XBuNuslfZI/SL2xuiJqqum43R9A"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 84fbc6aaffed749e-MIA

Redirect headers

date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01HNQSN44XBGAT54JE2KRJN0NS-mia
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 448
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /web-vitals@3.5.2/dist/web-vitals.iife.js
cache-control: public, s-maxage=600, max-age=60
cf-ray: 84fbc6aa6f2d749e-MIA

GET
H2 200 m=serviceiframeview,_b,_tp
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/ed=1/rs=ABXTjI7FJyXjmzTTbjMZxol-FyHhVCOzBg/ Frame 05E7 745 B
1 KB 162ms
56ms Stylesheet
text/css 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/ed=1/rs=ABXTjI7FJyXjmzTTbjMZxol-FyHhVCOzBg/m=serviceiframeview,_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1706974864741&publicationId=thestar.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1132ef1a0e1e66eb253ec8a331ae9b3607499da22a7ed9e4f4a95d07835fd60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 22:38:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61383
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 400
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/css; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 22:38:02 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/am=gKEY/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=AB... Frame 05E7 198 KB
70 KB 163ms
56ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/am=gKEY/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI4fjbINA15dIn8Zp1CxhWohm_CDRA/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1706974864741&publicationId=thestar.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dff4b6cf2300fce1dff67f2f01a14ad1542910af654b813b573b03a174f7cc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71338
x-xss-protection: 0
last-modified: Sat, 27 Jan 2024 07:51:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sun, 02 Feb 2025 15:00:19 GMT

POST
H3 204 cspreport
news.google.com/swg/_/SubscribewithgoogleClientUi/ Frame 05E7 0
25 B 126ms
126ms Other
text/html 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-noPDE_t70Tp_w74qhyPxZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-noPDE_t70Tp_w74qhyPxZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
356 B 342ms
89ms XHR
text/javascript 3.161.212.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=5028&u=https%3A%2F%2Fse1.vip-dns.fun%2F&pid=mSxg7eOQoQLNI&cb=0&ws=1600x1200&v=24.129.1645&t=2000&slots=%5B%7B%22sd%22%3A%22ad-2827824%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%2C%7B%22sd%22%3A%22ad-2827002%22%2C%22s%22%3A%5B%222x1%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%2C%7B%22sd%22%3A%22ad-2827005%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F58580620%2Fthestar.com%2Fhomepage%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&sm=bb1d8715-1e3a-4320-8b7d-ade0af8c7fb2&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.212.32 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-161-212-32.yul62.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:04 GMT
via: 1.1 ddaa088f1b6b5a9bcdc791a053431534.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: YUL62-P1
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: fGw9Q7S2aI31d1CVVelL34PlXwSwY34t9h7g081gi1X_SZsyvaY9sQ==

GET
H2 200 65bd269b57cf6.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/a1/aa148b39-ae64-50db-95b1-fb93cfb3f669/ 5 KB
5 KB 43ms
42ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/a/a1/aa148b39-ae64-50db-95b1-fb93cfb3f669/65bd269b57cf6.image.jpg?resize=150%2C100

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6f0cd94eefbd434f5552a36b7b4ce1b87daef60c2dc751547f404bd263211f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 4757
cf-polished: origSize=5181, status=webp_bigger
cross-origin-resource-policy: cross-origin
content-length: 5041
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 17:30:03 GMT
server: cloudflare
x-vcache: MISS
etag: "87a8b8131ede3d2086b5ae76b8d893bd"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6aa6b30b3d7-MIA
expires: Sun, 02 Feb 2025 10:20:55 GMT

GET
H2 200 dest5.html Show response
torontostarnewspaperslimited.demdex.net/ Frame C8A8 7 KB
3 KB 55ms
52ms Document
text/html 23.20.31.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.20.31.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-31-134.compute-1.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 03 Feb 2024 15:41:05 GMT
dcs: dcs-prod-va6-2-v053-08ac3cf26.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Sun, 12 Nov 2023 20:32:57 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: yP39dJO8S68=

GET
H2 200 id Show response
s.thestar.com/ 48 B
459 B 279ms
58ms XHR
application/x-javascript 63.140.39.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://s.thestar.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&mid=89286859007042574763889647549960788491&ts=1706974865025

Requested by

Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.22 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-22.data.adobedc.net

Software

jag /

Resource Hash

052b4d85a59a3bd13b75cab7d9cd84e2036cb44924aa86e499ed0f103d958355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://se1.vip-dns.fun
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H2

200

ibs:dpid=411&dpuuid=Zb5eGwAAAMCNWQOH
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=89272844693718507023888797524036730881
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zb5eGwAAAMCNWQOH

42 B
717 B

55ms
55ms

Image
image/gif

23.20.31.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zb5eGwAAAMCNWQOH

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Server

23.20.31.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-20-31-134.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v053-0642e92e6.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: yJ3r+2X8QiE=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zb5eGwAAAMCNWQOH
Date: Sat, 03 Feb 2024 15:41:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 108 KB
29 KB 277ms
80ms Script
text/javascript 54.192.50.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.50.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-50-230.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 315dac8e324eec26e6d3f87c05fd592f76094e2500728401ba3e4b6dd84d291b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id: tW3LAtOBnAWOGgSDe3gsQD71fraKgvxw
content-encoding: br
via: 1.1 90b7b9dc3aa8817f0cef3cfd45fb8916.cloudfront.net (CloudFront)
date: Sat, 03 Feb 2024 15:40:24 GMT
x-amz-cf-pop: YUL62-C2
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 18 Jan 2024 19:46:21 GMT
server: AmazonS3
etag: W/"3daf6f69e018c8eadcd0efdc1b7993bc"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: 5WC9FS7DsnXxFrLrZ61gaUO_ARwzKdejXVhmagSVXH3JVVXmK4kyIA==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 259 KB
88 KB 65ms
65ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

79bc46ccfc5b06dc2f6b1f190a00c766b18578816f706146e1c9ad4fe624a37b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90115
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 03 Feb 2024 15:41:05 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 3 B
368 B 257ms
76ms XHR
application/json 2607:f8b0:4004:c07::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::66 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://se1.vip-dns.fun
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 RC0f1bdacccb3649fa8889eca3a0358cc8-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 1 KB
1 KB 73ms
71ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC0f1bdacccb3649fa8889eca3a0358cc8-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 89934847c372d12ce50d2dfc8c65830943897609ca1cd786afa4561c8b345f4a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:05 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:31 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"f5979fd45382e347a9c45cd0b3aea42f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: WV6wVr6cW9MWooScpPnPMmgj7JK5KY_dVqN1O7pOSNOD4FAYhnTb4w==

GET
H2 200 RC3d6958a6993a47ebb321af62b90ee76e-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 1 KB
988 B 74ms
72ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC3d6958a6993a47ebb321af62b90ee76e-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a32d1b07af89513f45e0c8e201411e4adfe0b332b96739131dc3d77f736691a0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:05 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:31 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"1791d6c7c634657ac60c27a7091e527a"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: CwnvgJxvVZmJwBVmf1oUp8m50LmTqAUXS3iyuX-xKaGYlYbR40O-Lw==

GET
H2 200 RCe44b456ffefb4108827a305381ec57a0-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 1 KB
937 B 75ms
72ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RCe44b456ffefb4108827a305381ec57a0-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38f8f0159d3a0413f14a75d0074c1d8a1ffca1fa8acb818b86684bb11628e3b7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"bd22bd4e3198be5452e588cf0970375f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: HkWuJokfsTv92_2KShixktGeOIYuJAN2OLQl18Emb0yDnVFF5Gs86Q==

GET
H2 200 RC4f709fe392744b9c91df4e7f62a857cf-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 1002 B
952 B 75ms
73ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC4f709fe392744b9c91df4e7f62a857cf-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d33e95af1d7e00a025851cc0fe96c45bc900e06724afb79b28f078592fdf5c2c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:31 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"48646c55337daacc21d363b335ff5d1d"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: fy_7BMRISpv2DiT37oiRaK8qryhXukAXOgJFNfctXCv4qtlwgwraBQ==

GET
H2 200 RCcfe6b6b53be2406fbe89ae856e611799-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 962 B
1 KB 75ms
73ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RCcfe6b6b53be2406fbe89ae856e611799-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 63e160a19d39f11cbf010500b638b69f89cd5414158b7e65c50d419c26a4dfb4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 420
etag: "e11fc42557017641a773cea5c9fc037b"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 962
x-amz-cf-id: -y2poMext-S-Jz7ky09X1v3E8301QZSaTCAQn_dULepBN8UtOii9ow==

GET
H2 200 RC69deb665ae0842ac9db79297e1f79c71-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 1 KB
902 B 75ms
74ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC69deb665ae0842ac9db79297e1f79c71-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 96f7e30a4cc5df94843a8087d01d17d7bbcbf4b771da582a763c8b92f3f35890

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"0ce4f57af6ac139a5e5cdfd57898f772"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: hekgmV_9vMkeSCOOVyXgC6JdYZem2B_mJOwunLGLPyc988Mm45ZQew==

GET
H2 200 RC46b3c3a10db94f02990aa403a742b5bb-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 965 B
1 KB 76ms
75ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC46b3c3a10db94f02990aa403a742b5bb-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f12019df132ad610b28cc02da1b21b792d534213143536ce09d5b8b9433cc99

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:31 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 420
etag: "15370db4865f2d362d83965bf50783e9"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 965
x-amz-cf-id: -hZxXwFJgTdYJzRCERbJUR0GHiVXgaT9M5QE9ZlhN133__ea1CZ8cQ==

GET
H2 200 RC1c8b567dd1b141a5989c8315908f6d83-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 953 B
1 KB 76ms
75ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC1c8b567dd1b141a5989c8315908f6d83-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8fdd8374a779e06a48d7a3f42ffe46ff6776908cba3f2f01fd341fcb1338cd4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:31 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 420
etag: "437e174817d1249d56864f103c0555dc"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 953
x-amz-cf-id: d7A4Jhe00DCvLGdlHKKCqw84o9AA-lBsRvEDtiGUYgF6WmN_0FoAzg==

GET
H2 200 RCc3b7404652e8424481a4953e40b04aeb-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 4 KB
1 KB 76ms
76ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RCc3b7404652e8424481a4953e40b04aeb-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8ffbc359dbfd6b0fe03fc4fe7e521951903c34322e2ef47a2f1216e965e6124d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"28afab2fe4453f0c53e7f6007e85dbbf"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: 0EZwIPpSgrq5-KF2WKtaU5bVuMrMHrDJDia9kqfNjJ7WnzK0DMcvkQ==

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 266 KB
90 KB 75ms
74ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=G-6FZFMVVWVN&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WRSZQF8&gtm_auth=74eL4wQLYRNQ18AwQITlNA&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5d3a2ddbdb98f21fdaeb9b838fc2dc9851d44290919c39ea64177aa8eb598a0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91731
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 166ms
55ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

22cf1baba55eced80d7ebb0de51fc8961757ef581964f8e10ebc8676399eba81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 03 Feb 2024 15:41:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57202
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: sJTmt65iTlOgCRpXFw8j8qdOjou6SvpYLnVVKnQ3H3exg8ZozkQWEY8J25XQXGA8NbwlLQFOXLGdZSgHhmoJ/g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
75 KB 63ms
63ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b2defd52a595242462a19753192204f9fa2e94e091a2291fea25bffa4cf890c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76963
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
75 KB 69ms
69ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-698108511&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e569fcc5ec0c85a907eb139f85cdd26a6657a668fdc9b5697d3b7efabd1c87b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76895
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 184 KB
67 KB 72ms
72ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ddbff4c1aa5d73b2d405ea7e06c70e49875ff21b255772671a26310a41f265f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68593
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 184 KB
67 KB 78ms
78ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10230056&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a68748d776d43bfe747d77a398886e86fafd8e7aa731853d1c06c93758477cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68628
x-xss-protection: 0
last-modified: Sat, 03 Feb 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 175ms
55ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 18:08:41 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kiad7000089-IAD

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 28 KB
9 KB 94ms
26ms Script
application/javascript 2a04:4e42:200::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: eec8fb654765dfbba9b783382bfc8ecda7db21a2e24ffde27d19624ae2287d9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Tue, 30 Jan 2024 22:08:33 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "cdb613b732483a878e5e73924ee9a02f"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 8623

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 43 KB
16 KB 157ms
43ms Script
application/javascript 2600:1402:8800::1728:cf19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1402:8800::1728:cf19 Atlanta, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jan 2024 14:42:29 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=75126
accept-ranges: bytes
content-length: 15732

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 119ms
51ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 03 Feb 2024 15:41:04 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4AFD8B0CF51F4EBE97F12BBF9F1543C7 Ref B: MIAEDGE2712 Ref C: 2024-02-03T15:41:05Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 core.js Show response
s.pinimg.com/ct/ 5 KB
2 KB 181ms
62ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/core.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3e376deaeb30858026260be3d2bd058d03c0b007cb7133c0d6fea15d775afd86

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
x-cdn: fastly
etag: "ba3486175e2b68724e3b47a025fadde7"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
alt-svc: h3=":443";ma=600
content-length: 1861

GET
H/1.1 200
OK p.js Show response
d1z2jf7jlzjs58.cloudfront.net/ 930 B
1 KB 225ms
70ms Script
application/javascript 3.162.7.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.7.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-7-119.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Sat, 03 Feb 2024 10:38:10 GMT
Via: 1.1 4c6036e1a9755ebb992fa03bf694150e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: YUL62-P2
Age: 18176
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 930
Pragma: public
Last-Modified: Wed, 06 May 2020 20:19:48 GMT
Server: nginx
ETag: "5eb31be4-3a2"
Content-Type: application/javascript
Cache-Control: max-age=86400, public
Accept-Ranges: bytes
X-Amz-Cf-Id: eT9ewYDG4YcYV8TYFmt3QRVtKGX_Nz1NIIRHropAB0t81SjnaecevQ==
Expires: Sun, 04 Feb 2024 10:38:09 GMT

GET
H2 200 RC8217f02947be421192d2acbcfdd02c80-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 733 B
1 KB 72ms
71ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RC8217f02947be421192d2acbcfdd02c80-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 48afdb2dec2cb40047f3f7d0b4f0a22e168fba6d299be08bed11e1221b082aa7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 420
etag: "7b16d93f8ac6ef16552375639a79fd3d"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 733
x-amz-cf-id: DMMFkUBGVnXDsM98o-uBYQf6k1zy8A1LSj32GNkcS9U63lZdC5Ywng==

POST
H2 204 collect
analytics.google.com/g/ 0
254 B 167ms
60ms Ping
text/plain 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-4T2EB147B8&gtm=45je41v0v887101457z8861227858za200&_p=1706974864280&_gaz=1&gcd=11l1l1l1l1&npa=0&dma=0&cid=1331817889.1706974865&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&dl=https%3A%2F%2Fse1.vip-dns.fun%2F&sid=1706974865&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.canonical_url=https%3A%2F%2Fwww.thestar.com%2F&epn.townnews_crm_group_id=848&ep.generator=BLOX&ep.generator_version=1.73.1&tfd=3032
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 166ms
60ms Ping
text/plain 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4T2EB147B8&cid=1331817889.1706974865&gtm=45je41v0v887101457z8861227858za200&aip=1&dma=0&gcd=11l1l1l1l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 147ms
82ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3078&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=7&jsfv=nbc&ts=1706974865379&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=437&w=Recommended&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fgta%2Ftessa-virtue-and-morgan-rielly-got-married-with-two-secret-weddings-report%2Farticle_e4e88196-c12c-11ee-8764-2b0d0a29358c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fapple-agrees-to-pay-14-million-battery-settlement-canadian-iphone-owners-can-apply-for-up%2Farticle_1e7c82ae-b093-11ee-9fa2-3300fa5b7462.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 141ms
79ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3096&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=7&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=Recommended&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fgta%2Ftessa-virtue-and-morgan-rielly-got-married-with-two-secret-weddings-report%2Farticle_e4e88196-c12c-11ee-8764-2b0d0a29358c.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fgta%2Ftessa-virtue-and-morgan-rielly-got-married-with-two-secret-weddings-report%2Farticle_e4e88196-c12c-11ee-8764-2b0d0a29358c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fapple-agrees-to-pay-14-million-battery-settlement-canadian-iphone-owners-can-apply-for-up%2Farticle_1e7c82ae-b093-11ee-9fa2-3300fa5b7462.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 120ms
59ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3096&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=7&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=Recommended&source=LI&st=3096&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fgta%2Ftessa-virtue-and-morgan-rielly-got-married-with-two-secret-weddings-report%2Farticle_e4e88196-c12c-11ee-8764-2b0d0a29358c.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 135ms
72ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3101&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=13&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=461&w=business&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Findigo-receives-privatization-offer-from-gerald-schwartz%2Farticle_32cd423e-120c-5329-967f-54a74c612dbd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fikea-canada-is-cutting-prices-on-over-1-500-products-here-s-why%2Farticle_f0007228-bc6d-11ee-851b-97ce83515f28.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fcutting-down-your-food-budget-heres-how-to-save-money-at-the-grocery-store%2Farticle_85f439c2-593d-514f-8f3d-037ba533db15.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fsaskatchewan-collector-finds-rare-case-containing-coveted-wayne-gretzky-rookie-cards%2Farticle_505f5963-3fb4-57f3-bd07-afbe8dac0bd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftrans-mountain-mulling-how-to-remove-obstruction-causing-newest-construction-delay%2Farticle_6974ee6b-825c-591c-a83a-978b08001edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fbiden-administration-raises-concerns-about-aspects-of-quebec-language-law%2Farticle_b441672a-4e5d-56e2-a85a-0d21e2225060.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftheyre-done-theyre-bankrupt-bad-boy-officially-gone-after-failing-to-file-restructuring-plan%2Farticle_356994fa-baf4-11ee-b93c-b315deb3909e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fthe-loud-budgeting-trend-is-taking-over-what-it-is-and-how-to-hold-on%2Farticle_05ffe780-b182-11ee-9833-e333a8ec8395.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftechnology%2Fai-generated-porn-images-of-taylor-swift-flooded-social-media-angering-fans-heres-how-to%2Farticle_9ea5f9c8-bc4c-11ee-80db-9f687d086cf2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Finside-one-of-the-food-industry-s-most-guarded-secrets-the-making-of-private-label%2Farticle_016cf054-8faa-11ee-9816-ef9880c3fcd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Famerican-elites-are-living-in-a-delusional-universe-here-s-why-the-next-crisis-will%2Farticle_7d70f596-b79a-508f-85c6-ffa4d4dca171.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 142ms
81ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3107&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=13&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=business&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Findigo-receives-privatization-offer-from-gerald-schwartz%2Farticle_32cd423e-120c-5329-967f-54a74c612dbd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fikea-canada-is-cutting-prices-on-over-1-500-products-here-s-why%2Farticle_f0007228-bc6d-11ee-851b-97ce83515f28.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fcutting-down-your-food-budget-heres-how-to-save-money-at-the-grocery-store%2Farticle_85f439c2-593d-514f-8f3d-037ba533db15.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fsaskatchewan-collector-finds-rare-case-containing-coveted-wayne-gretzky-rookie-cards%2Farticle_505f5963-3fb4-57f3-bd07-afbe8dac0bd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftrans-mountain-mulling-how-to-remove-obstruction-causing-newest-construction-delay%2Farticle_6974ee6b-825c-591c-a83a-978b08001edd.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Findigo-receives-privatization-offer-from-gerald-schwartz%2Farticle_32cd423e-120c-5329-967f-54a74c612dbd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fikea-canada-is-cutting-prices-on-over-1-500-products-here-s-why%2Farticle_f0007228-bc6d-11ee-851b-97ce83515f28.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fcutting-down-your-food-budget-heres-how-to-save-money-at-the-grocery-store%2Farticle_85f439c2-593d-514f-8f3d-037ba533db15.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fsaskatchewan-collector-finds-rare-case-containing-coveted-wayne-gretzky-rookie-cards%2Farticle_505f5963-3fb4-57f3-bd07-afbe8dac0bd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftrans-mountain-mulling-how-to-remove-obstruction-causing-newest-construction-delay%2Farticle_6974ee6b-825c-591c-a83a-978b08001edd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fbiden-administration-raises-concerns-about-aspects-of-quebec-language-law%2Farticle_b441672a-4e5d-56e2-a85a-0d21e2225060.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftheyre-done-theyre-bankrupt-bad-boy-officially-gone-after-failing-to-file-restructuring-plan%2Farticle_356994fa-baf4-11ee-b93c-b315deb3909e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fthe-loud-budgeting-trend-is-taking-over-what-it-is-and-how-to-hold-on%2Farticle_05ffe780-b182-11ee-9833-e333a8ec8395.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftechnology%2Fai-generated-porn-images-of-taylor-swift-flooded-social-media-angering-fans-heres-how-to%2Farticle_9ea5f9c8-bc4c-11ee-80db-9f687d086cf2.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Finside-one-of-the-food-industry-s-most-guarded-secrets-the-making-of-private-label%2Farticle_016cf054-8faa-11ee-9816-ef9880c3fcd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Famerican-elites-are-living-in-a-delusional-universe-here-s-why-the-next-crisis-will%2Farticle_7d70f596-b79a-508f-85c6-ffa4d4dca171.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 143ms
81ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3107&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=13&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=business&source=LI&st=3107&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fone-of-the-largest-data-breaches-with-over-26-billion-records-has-been-discovered-heres%2Farticle_90202c0c-ba26-11ee-969f-abf2e50a64a5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Findigo-receives-privatization-offer-from-gerald-schwartz%2Farticle_32cd423e-120c-5329-967f-54a74c612dbd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fikea-canada-is-cutting-prices-on-over-1-500-products-here-s-why%2Farticle_f0007228-bc6d-11ee-851b-97ce83515f28.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fpersonal-finance%2Fcutting-down-your-food-budget-heres-how-to-save-money-at-the-grocery-store%2Farticle_85f439c2-593d-514f-8f3d-037ba533db15.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Fsaskatchewan-collector-finds-rare-case-containing-coveted-wayne-gretzky-rookie-cards%2Farticle_505f5963-3fb4-57f3-bd07-afbe8dac0bd5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fbusiness%2Ftrans-mountain-mulling-how-to-remove-obstruction-causing-newest-construction-delay%2Farticle_6974ee6b-825c-591c-a83a-978b08001edd.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 113ms
55ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3110&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=16&jsfv=nbc&ts=1706974865381&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=470&w=canada&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprocuring-sex-charge-stayed-against-saskatchewan-mla-after-he-completed-program%2Farticle_ce8d7036-3258-58ac-8c61-423fd2a7a2b0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-canadian-school-is-rolling-back-its-nut-ban-why-experts-say-a-complete-ban%2Farticle_87e97634-bf98-11ee-9c04-63712c62eb9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fdanielle-smiths-action-on-gender-issues-sparks-outrage-from-ndp-liberals-and-thats-fine-by%2Farticle_0c9e746c-c154-11ee-a4ef-c3de06f9d9a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-rare-total-solar-eclipse-will-be-seen-from-parts-of-ontario-this-spring-heres%2Farticle_3842701a-c045-11ee-82c2-1f3f229b6b94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcompletely-overwhelmed-family-doctors-in-alberta-take-concerns-to-social-media%2Farticle_a55af333-c3a1-5a17-ae07-a013977bb2de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fgroundhog-day-canadas-famous-furry-forecasters-predict-early-spring%2Farticle_69607440-31b6-541f-9fff-0e71cac6bce7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Flotto-max-winning-numbers-for-friday-feb-02-2024%2Farticle_f7693696-b36d-5e35-9536-71b72387371b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fas-sexting-becomes-more-common-among-young-adults-safe-practices-should-be-taught-in-schools%2Farticle_497f6ce2-c1f4-11ee-b2d0-73170b7f95bd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fextremely-dangerous-albertas-proposed-limits-on-trans-youths-access-to-health-care-sports-criticized-by%2Farticle_b2f90870-c13d-11ee-9fb2-271a0a06595f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcanada-issues-travel-advisory-for-bahamas-due-to-crime-following-u-s-warning%2Farticle_50f2701e-bf79-11ee-88ca-f32a39b0a681.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-ghostly-shipwreck-has-emerged-in-newfoundland-and-residents-want-to-know-its-story%2Farticle_ba1c8aeb-5a14-5e5c-92f9-266f0fb761ec.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprovinces-knew-the-deal-when-they-signed-on-to-10-a-day-child-care-liberal%2Farticle_511c9d44-1728-5127-be0a-07dc958f7d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Ftwo-suspects-charged-after-copper-wire-theft-that-knocked-out-phone-and-internet%2Farticle_4156ecca-cf54-51ea-a623-d2ca0c68cec6.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 142ms
81ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3115&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=16&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=canada&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprocuring-sex-charge-stayed-against-saskatchewan-mla-after-he-completed-program%2Farticle_ce8d7036-3258-58ac-8c61-423fd2a7a2b0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-canadian-school-is-rolling-back-its-nut-ban-why-experts-say-a-complete-ban%2Farticle_87e97634-bf98-11ee-9c04-63712c62eb9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fdanielle-smiths-action-on-gender-issues-sparks-outrage-from-ndp-liberals-and-thats-fine-by%2Farticle_0c9e746c-c154-11ee-a4ef-c3de06f9d9a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-rare-total-solar-eclipse-will-be-seen-from-parts-of-ontario-this-spring-heres%2Farticle_3842701a-c045-11ee-82c2-1f3f229b6b94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcompletely-overwhelmed-family-doctors-in-alberta-take-concerns-to-social-media%2Farticle_a55af333-c3a1-5a17-ae07-a013977bb2de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fgroundhog-day-canadas-famous-furry-forecasters-predict-early-spring%2Farticle_69607440-31b6-541f-9fff-0e71cac6bce7.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprocuring-sex-charge-stayed-against-saskatchewan-mla-after-he-completed-program%2Farticle_ce8d7036-3258-58ac-8c61-423fd2a7a2b0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-canadian-school-is-rolling-back-its-nut-ban-why-experts-say-a-complete-ban%2Farticle_87e97634-bf98-11ee-9c04-63712c62eb9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fdanielle-smiths-action-on-gender-issues-sparks-outrage-from-ndp-liberals-and-thats-fine-by%2Farticle_0c9e746c-c154-11ee-a4ef-c3de06f9d9a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-rare-total-solar-eclipse-will-be-seen-from-parts-of-ontario-this-spring-heres%2Farticle_3842701a-c045-11ee-82c2-1f3f229b6b94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcompletely-overwhelmed-family-doctors-in-alberta-take-concerns-to-social-media%2Farticle_a55af333-c3a1-5a17-ae07-a013977bb2de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fgroundhog-day-canadas-famous-furry-forecasters-predict-early-spring%2Farticle_69607440-31b6-541f-9fff-0e71cac6bce7.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Flotto-max-winning-numbers-for-friday-feb-02-2024%2Farticle_f7693696-b36d-5e35-9536-71b72387371b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fas-sexting-becomes-more-common-among-young-adults-safe-practices-should-be-taught-in-schools%2Farticle_497f6ce2-c1f4-11ee-b2d0-73170b7f95bd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fextremely-dangerous-albertas-proposed-limits-on-trans-youths-access-to-health-care-sports-criticized-by%2Farticle_b2f90870-c13d-11ee-9fb2-271a0a06595f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcanada-issues-travel-advisory-for-bahamas-due-to-crime-following-u-s-warning%2Farticle_50f2701e-bf79-11ee-88ca-f32a39b0a681.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-ghostly-shipwreck-has-emerged-in-newfoundland-and-residents-want-to-know-its-story%2Farticle_ba1c8aeb-5a14-5e5c-92f9-266f0fb761ec.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprovinces-knew-the-deal-when-they-signed-on-to-10-a-day-child-care-liberal%2Farticle_511c9d44-1728-5127-be0a-07dc958f7d94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Ftwo-suspects-charged-after-copper-wire-theft-that-knocked-out-phone-and-internet%2Farticle_4156ecca-cf54-51ea-a623-d2ca0c68cec6.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 128ms
68ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3115&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=16&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=canada&source=LI&st=3115&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fbritish-columbia%2Fai-brings-deepfake-pornography-to-the-masses-as-canadian-laws-play-catch-up%2Farticle_c805d36e-ad44-5ccb-be9d-588c26463304.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fprocuring-sex-charge-stayed-against-saskatchewan-mla-after-he-completed-program%2Farticle_ce8d7036-3258-58ac-8c61-423fd2a7a2b0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-canadian-school-is-rolling-back-its-nut-ban-why-experts-say-a-complete-ban%2Farticle_87e97634-bf98-11ee-9c04-63712c62eb9d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fdanielle-smiths-action-on-gender-issues-sparks-outrage-from-ndp-liberals-and-thats-fine-by%2Farticle_0c9e746c-c154-11ee-a4ef-c3de06f9d9a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fa-rare-total-solar-eclipse-will-be-seen-from-parts-of-ontario-this-spring-heres%2Farticle_3842701a-c045-11ee-82c2-1f3f229b6b94.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fcompletely-overwhelmed-family-doctors-in-alberta-take-concerns-to-social-media%2Farticle_a55af333-c3a1-5a17-ae07-a013977bb2de.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fcanada%2Fgroundhog-day-canadas-famous-furry-forecasters-predict-early-spring%2Farticle_69607440-31b6-541f-9fff-0e71cac6bce7.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 130ms
70ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3118&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=19&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=479&w=politics&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcanada-s-dental-benefit-is-expanding-here-s-what-you-need-to-know%2Farticle_c9d1f9ce-c072-11ee-823e-2f7bb8e1971d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-adviser-defends-use-of-crude-language-in-online-exchange-with-right-wing-group%2Farticle_ae84cc8a-bedf-11ee-ab27-df4b248eb880.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2F10-000-ontario-patients-cut-loose-because-of-staffing-shortages%2Farticle_ed9ad508-bc74-11ee-b5ed-b3befb843bae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Foutrageous-privately-justin-trudeaus-toronto-mps-are-furious-at-olivia-chow-over-her-property-tax%2Farticle_ded6c53e-b172-11ee-b3ca-6f9e3f615bc3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fwhats-parental-alienation-why-so-many-feminist-groups-are-urging-justin-trudeau-to-ban-its%2Farticle_959e3db2-b955-11ee-be7d-23e2258524a1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fbest-for-world-if-netanyahu-leaves-office-sooner-rather-than-later-liberal-mp%2Farticle_db9d7fbe-6b23-5ae1-a06b-40d4cf51403f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fford-government-expands-primary-care-teams-in-effort-to-fix-doctor-shortage%2Farticle_e03e129c-c126-11ee-96ee-07875e69f652.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fpolitical-opinion%2Ftheres-one-thing-justin-trudeau-and-pierre-poilievre-agree-on-and-it-isnt-good%2Farticle_61431b30-bfab-11ee-b040-2b4951d0a235.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fpierre-is-going-to-win-pc-insiders-privately-fear-more-mpps-will-abandon-doug-ford%2Farticle_b8ac5f04-c068-11ee-8ebd-3bfa4d19c645.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 143ms
82ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3123&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=19&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=politics&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcanada-s-dental-benefit-is-expanding-here-s-what-you-need-to-know%2Farticle_c9d1f9ce-c072-11ee-823e-2f7bb8e1971d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-adviser-defends-use-of-crude-language-in-online-exchange-with-right-wing-group%2Farticle_ae84cc8a-bedf-11ee-ab27-df4b248eb880.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2F10-000-ontario-patients-cut-loose-because-of-staffing-shortages%2Farticle_ed9ad508-bc74-11ee-b5ed-b3befb843bae.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcanada-s-dental-benefit-is-expanding-here-s-what-you-need-to-know%2Farticle_c9d1f9ce-c072-11ee-823e-2f7bb8e1971d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-adviser-defends-use-of-crude-language-in-online-exchange-with-right-wing-group%2Farticle_ae84cc8a-bedf-11ee-ab27-df4b248eb880.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2F10-000-ontario-patients-cut-loose-because-of-staffing-shortages%2Farticle_ed9ad508-bc74-11ee-b5ed-b3befb843bae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Foutrageous-privately-justin-trudeaus-toronto-mps-are-furious-at-olivia-chow-over-her-property-tax%2Farticle_ded6c53e-b172-11ee-b3ca-6f9e3f615bc3.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fwhats-parental-alienation-why-so-many-feminist-groups-are-urging-justin-trudeau-to-ban-its%2Farticle_959e3db2-b955-11ee-be7d-23e2258524a1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fbest-for-world-if-netanyahu-leaves-office-sooner-rather-than-later-liberal-mp%2Farticle_db9d7fbe-6b23-5ae1-a06b-40d4cf51403f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fford-government-expands-primary-care-teams-in-effort-to-fix-doctor-shortage%2Farticle_e03e129c-c126-11ee-96ee-07875e69f652.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fpolitical-opinion%2Ftheres-one-thing-justin-trudeau-and-pierre-poilievre-agree-on-and-it-isnt-good%2Farticle_61431b30-bfab-11ee-b040-2b4951d0a235.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2Fpierre-is-going-to-win-pc-insiders-privately-fear-more-mpps-will-abandon-doug-ford%2Farticle_b8ac5f04-c068-11ee-8ebd-3bfa4d19c645.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 138ms
78ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3123&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=19&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=politics&source=LI&st=3123&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjagmeet-singh-on-his-new-babys-name-and-why-he-regrets-biking-with-doug-ford%2Farticle_d5413c80-c20b-11ee-bb97-6fb5458bea3b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprotesters-overturned-acquittal-could-have-impact-on-freedom-convoy-case-expert%2Farticle_8324db85-37f7-5061-bafe-2de5697979b4.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fcanada-s-dental-benefit-is-expanding-here-s-what-you-need-to-know%2Farticle_c9d1f9ce-c072-11ee-823e-2f7bb8e1971d.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-slams-pierre-poilievre-for-link-to-loblaws-lobbying%2Farticle_07a4fd52-c201-11ee-aa96-bf6210f2e41c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Ffederal%2Fjustin-trudeau-adviser-defends-use-of-crude-language-in-online-exchange-with-right-wing-group%2Farticle_ae84cc8a-bedf-11ee-ab27-df4b248eb880.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fpolitics%2Fprovincial%2F10-000-ontario-patients-cut-loose-because-of-staffing-shortages%2Farticle_ed9ad508-bc74-11ee-b5ed-b3befb843bae.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 139ms
79ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3125&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=21&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=486&w=world&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fpakistans-ex-pm-imran-khan-and-wife-convicted-of-marriage-law-violation-in-a-fourth%2Farticle_a10b26a3-ab71-57f2-9c3d-db4376e21390.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fjapan-wants-everyone-to-know-taylor-swift-will-make-it-in-time-for-the-super%2Farticle_a292da49-2101-5210-b7ad-1371e274c6e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fgetting-a-dental-x-ray-a-new-recommendation-says-you-dont-need-a-lead-apron%2Farticle_5214ad33-2ecd-5a17-bbb2-f01cc873c70e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2F16-year-old-killers-of-transgender-teenager-in-england-sentenced-for-sadistic-murder%2Farticle_5e2b659f-1a4a-57c6-94bb-346c9f0c6296.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fthe-crane-attacked-potential-mates-but-then-she-fell-for-her-keeper%2Farticle_054e6b0d-70f7-5fc2-86d6-2a145a116397.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fmiddle-east%2Fhamas-shows-signs-of-resurgence-in-parts-of-gaza-where-israeli-troops-largely-withdrew-weeks%2Farticle_541a092d-b309-551c-8463-783161af51bb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Ftrump-spent-76-million-over-last-two-years-on-attorneys-as-legal-troubles-mount-ahead%2Farticle_93e1cd5d-cecb-55a3-adad-59df79c04c1c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fseveral-dead-as-small-plane-crashes-and-burns-in-florida-mobile-home-park%2Farticle_a39b27e5-1c73-55c8-af54-c89e528f16e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fthe-eu-is-providing-ukraine-with-54-billion-how-will-the-money-be-spent%2Farticle_6759a661-5c5c-5b66-85d9-9ffaaeb11b62.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmissing-teenager-found-in-mans-bedroom-under-trap-door%2Farticle_94c3bcc3-80dc-5e24-9518-3ff82386b1e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fkiller-of-pro-cyclist-mo-wilson-was-captured-with-help-of-want-ad-for-yoga%2Farticle_8661ea79-4123-5e54-9375-101dd98859dd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pet-cat-thrown-off-a-train-died-in-cold-weather-now-thousands-want-the%2Farticle_47cf76ae-0456-5133-b424-e5046addad37.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fman-on-trial-for-killing-young-woman-whose-friends-pulled-into-wrong-driveway-says-my%2Farticle_ebd6c89c-28fd-5dbf-9ae6-f33800dc04b9.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 134ms
74ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3130&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=21&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=world&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fpakistans-ex-pm-imran-khan-and-wife-convicted-of-marriage-law-violation-in-a-fourth%2Farticle_a10b26a3-ab71-57f2-9c3d-db4376e21390.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fjapan-wants-everyone-to-know-taylor-swift-will-make-it-in-time-for-the-super%2Farticle_a292da49-2101-5210-b7ad-1371e274c6e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fgetting-a-dental-x-ray-a-new-recommendation-says-you-dont-need-a-lead-apron%2Farticle_5214ad33-2ecd-5a17-bbb2-f01cc873c70e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2F16-year-old-killers-of-transgender-teenager-in-england-sentenced-for-sadistic-murder%2Farticle_5e2b659f-1a4a-57c6-94bb-346c9f0c6296.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fthe-crane-attacked-potential-mates-but-then-she-fell-for-her-keeper%2Farticle_054e6b0d-70f7-5fc2-86d6-2a145a116397.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fpakistans-ex-pm-imran-khan-and-wife-convicted-of-marriage-law-violation-in-a-fourth%2Farticle_a10b26a3-ab71-57f2-9c3d-db4376e21390.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fjapan-wants-everyone-to-know-taylor-swift-will-make-it-in-time-for-the-super%2Farticle_a292da49-2101-5210-b7ad-1371e274c6e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fgetting-a-dental-x-ray-a-new-recommendation-says-you-dont-need-a-lead-apron%2Farticle_5214ad33-2ecd-5a17-bbb2-f01cc873c70e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2F16-year-old-killers-of-transgender-teenager-in-england-sentenced-for-sadistic-murder%2Farticle_5e2b659f-1a4a-57c6-94bb-346c9f0c6296.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fthe-crane-attacked-potential-mates-but-then-she-fell-for-her-keeper%2Farticle_054e6b0d-70f7-5fc2-86d6-2a145a116397.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fmiddle-east%2Fhamas-shows-signs-of-resurgence-in-parts-of-gaza-where-israeli-troops-largely-withdrew-weeks%2Farticle_541a092d-b309-551c-8463-783161af51bb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Ftrump-spent-76-million-over-last-two-years-on-attorneys-as-legal-troubles-mount-ahead%2Farticle_93e1cd5d-cecb-55a3-adad-59df79c04c1c.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fseveral-dead-as-small-plane-crashes-and-burns-in-florida-mobile-home-park%2Farticle_a39b27e5-1c73-55c8-af54-c89e528f16e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fthe-eu-is-providing-ukraine-with-54-billion-how-will-the-money-be-spent%2Farticle_6759a661-5c5c-5b66-85d9-9ffaaeb11b62.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fmissing-teenager-found-in-mans-bedroom-under-trap-door%2Farticle_94c3bcc3-80dc-5e24-9518-3ff82386b1e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fkiller-of-pro-cyclist-mo-wilson-was-captured-with-help-of-want-ad-for-yoga%2Farticle_8661ea79-4123-5e54-9375-101dd98859dd.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fa-pet-cat-thrown-off-a-train-died-in-cold-weather-now-thousands-want-the%2Farticle_47cf76ae-0456-5133-b424-e5046addad37.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fman-on-trial-for-killing-young-woman-whose-friends-pulled-into-wrong-driveway-says-my%2Farticle_ebd6c89c-28fd-5dbf-9ae6-f33800dc04b9.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 117ms
60ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3130&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=21&jsfv=nbc&ts=1706974865382&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=world&source=LI&st=3130&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2Fuk-police-say-a-woman-attacked-with-chemicals-is-doing-very-poorly-the-suspect-is%2Farticle_54ee028d-67b6-5efa-bf68-6c30f17031a8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fasia%2Fpakistans-ex-pm-imran-khan-and-wife-convicted-of-marriage-law-violation-in-a-fourth%2Farticle_a10b26a3-ab71-57f2-9c3d-db4376e21390.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Fjapan-wants-everyone-to-know-taylor-swift-will-make-it-in-time-for-the-super%2Farticle_a292da49-2101-5210-b7ad-1371e274c6e5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fgetting-a-dental-x-ray-a-new-recommendation-says-you-dont-need-a-lead-apron%2Farticle_5214ad33-2ecd-5a17-bbb2-f01cc873c70e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Feurope%2F16-year-old-killers-of-transgender-teenager-in-england-sentenced-for-sadistic-murder%2Farticle_5e2b659f-1a4a-57c6-94bb-346c9f0c6296.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fnews%2Fworld%2Funited-states%2Fthe-crane-attacked-potential-mates-but-then-she-fell-for-her-keeper%2Farticle_054e6b0d-70f7-5fc2-86d6-2a145a116397.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 116ms
60ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3133&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=23&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=493&w=life&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fhealth-wellness%2Fits-called-cozy-cardio-in-a-world-seeking-comfort-some-see-a-happier-mode-of%2Farticle_0410cbe2-7cab-592a-a6a6-3d740d59c4ae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhats-a-rat-snack-and-why-do-we-like-them-so-much-dietitian-breaks-down%2Farticle_dbb95608-b6dd-11ee-84cc-33b7d8d76878.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-sister-in-law-has-dementia-and-her-husband-has-a-new-girlfriend-its-making%2Farticle_0b0dee34-b09c-11ee-83ee-2b6c4cedf9e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fbeauty-and-fashion%2Ffashion%2Ftessa-virtue-had-three-wedding-dresses-we-spoke-to-the-toronto-designer-who-created-them%2Farticle_27c7cfd3-f4b5-5ee1-802b-c2a96236bb84.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fim-engaged-but-my-fianc-and-i-are-never-alone-together-we-work-play-sports%2Farticle_8f6f6032-b63b-11ee-bac9-a368c26d139b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-mom-friend-doesnt-work-but-she-finds-time-to-call-me-constantly-and-complain%2Farticle_af5c9c0a-b09d-11ee-a907-3fcf6cb5bd5f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fis-the-nhl-stylish-now-mitch-marner-and-connor-mcdavid-dress-up-for-the-all%2Farticle_85dfa22c-c1f6-11ee-aeea-bb92b2bff775.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Ffood-and-drink%2Ftiktok-sensation-tiffy-chen-shares-her-favourite-lunar-new-year-recipes%2Farticle_2a6bf296-bf77-11ee-8b75-136b44013d38.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Ffood-and-drink%2Fhere-are-eight-excellent-chardonnays-to-help-you-explore-the-wide-world-of-the-beloved%2Farticle_8fad50ea-bf87-11ee-8e0c-93cad63e8b11.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhy-sophie-gr-goire-trudeau-s-personal-life-is-under-the-microscope-again%2Farticle_6d416a8d-4fda-553e-8574-42131084d7ec.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fheres-why-you-might-want-to-stop-making-your-bed-in-the-morning%2Farticle_d8dae31e-afd7-11ee-a132-eb2ab5d66531.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 116ms
58ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3137&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=23&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=life&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fhealth-wellness%2Fits-called-cozy-cardio-in-a-world-seeking-comfort-some-see-a-happier-mode-of%2Farticle_0410cbe2-7cab-592a-a6a6-3d740d59c4ae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhats-a-rat-snack-and-why-do-we-like-them-so-much-dietitian-breaks-down%2Farticle_dbb95608-b6dd-11ee-84cc-33b7d8d76878.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-sister-in-law-has-dementia-and-her-husband-has-a-new-girlfriend-its-making%2Farticle_0b0dee34-b09c-11ee-83ee-2b6c4cedf9e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fbeauty-and-fashion%2Ffashion%2Ftessa-virtue-had-three-wedding-dresses-we-spoke-to-the-toronto-designer-who-created-them%2Farticle_27c7cfd3-f4b5-5ee1-802b-c2a96236bb84.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fim-engaged-but-my-fianc-and-i-are-never-alone-together-we-work-play-sports%2Farticle_8f6f6032-b63b-11ee-bac9-a368c26d139b.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fhealth-wellness%2Fits-called-cozy-cardio-in-a-world-seeking-comfort-some-see-a-happier-mode-of%2Farticle_0410cbe2-7cab-592a-a6a6-3d740d59c4ae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhats-a-rat-snack-and-why-do-we-like-them-so-much-dietitian-breaks-down%2Farticle_dbb95608-b6dd-11ee-84cc-33b7d8d76878.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-sister-in-law-has-dementia-and-her-husband-has-a-new-girlfriend-its-making%2Farticle_0b0dee34-b09c-11ee-83ee-2b6c4cedf9e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fbeauty-and-fashion%2Ffashion%2Ftessa-virtue-had-three-wedding-dresses-we-spoke-to-the-toronto-designer-who-created-them%2Farticle_27c7cfd3-f4b5-5ee1-802b-c2a96236bb84.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fim-engaged-but-my-fianc-and-i-are-never-alone-together-we-work-play-sports%2Farticle_8f6f6032-b63b-11ee-bac9-a368c26d139b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-mom-friend-doesnt-work-but-she-finds-time-to-call-me-constantly-and-complain%2Farticle_af5c9c0a-b09d-11ee-a907-3fcf6cb5bd5f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fis-the-nhl-stylish-now-mitch-marner-and-connor-mcdavid-dress-up-for-the-all%2Farticle_85dfa22c-c1f6-11ee-aeea-bb92b2bff775.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Ffood-and-drink%2Ftiktok-sensation-tiffy-chen-shares-her-favourite-lunar-new-year-recipes%2Farticle_2a6bf296-bf77-11ee-8b75-136b44013d38.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Ffood-and-drink%2Fhere-are-eight-excellent-chardonnays-to-help-you-explore-the-wide-world-of-the-beloved%2Farticle_8fad50ea-bf87-11ee-8e0c-93cad63e8b11.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhy-sophie-gr-goire-trudeau-s-personal-life-is-under-the-microscope-again%2Farticle_6d416a8d-4fda-553e-8574-42131084d7ec.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fheres-why-you-might-want-to-stop-making-your-bed-in-the-morning%2Farticle_d8dae31e-afd7-11ee-a132-eb2ab5d66531.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 135ms
75ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3137&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=23&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=life&source=LI&st=3137&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhat-would-happen-in-the-event-of-king-charless-death%2Farticle_d7971c4a-bec6-11ee-85b6-1f14e5e84eb5.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fhealth-wellness%2Fits-called-cozy-cardio-in-a-world-seeking-comfort-some-see-a-happier-mode-of%2Farticle_0410cbe2-7cab-592a-a6a6-3d740d59c4ae.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fwhats-a-rat-snack-and-why-do-we-like-them-so-much-dietitian-breaks-down%2Farticle_dbb95608-b6dd-11ee-84cc-33b7d8d76878.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fmy-sister-in-law-has-dementia-and-her-husband-has-a-new-girlfriend-its-making%2Farticle_0b0dee34-b09c-11ee-83ee-2b6c4cedf9e8.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Fbeauty-and-fashion%2Ffashion%2Ftessa-virtue-had-three-wedding-dresses-we-spoke-to-the-toronto-designer-who-created-them%2Farticle_27c7cfd3-f4b5-5ee1-802b-c2a96236bb84.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Flife%2Frelationships%2Fim-engaged-but-my-fianc-and-i-are-never-alone-together-we-work-play-sports%2Farticle_8f6f6032-b63b-11ee-bac9-a368c26d139b.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 131ms
71ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3140&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=25&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=500&w=sports&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Foilers-superstar-connor-mcdavid-wins-nhl-all-star-skills-competition-and-1-million-prize%2Farticle_633fb034-c239-11ee-b410-4363ff1860db.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fgary-bettman-celebrates-a-non-payday-as-the-nhl-returns-to-the-olympics%2Farticle_01fbf86a-bfa9-11ee-9516-67b78e1fc033.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fyou-have-to-take-a-look-in-the-mirror-dave-keon-talks-about-the-maple%2Farticle_41b07c40-bc63-11ee-9c86-63b369be8ddf.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fraptors%2Fraptors-insider-fred-vanvleet-on-his-exit-from-toronto-and-why-it-wasnt-a-surprise%2Farticle_420bdaf4-bf97-11ee-b70c-a3647a00a5bb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fjustin-turner-just-signed-with-the-blue-jays-here-s-the-six-biggest-names-left%2Farticle_c13a5e92-bf95-11ee-8f3d-2f6b1349626a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fraptors%2Fhe-might-be-the-nicest-guy-youve-ever-met-the-private-side-of-the-houston%2Farticle_46cec734-c133-11ee-820a-cfa41a30dee1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Ffootball%2Fthe-chiefs-have-built-one-of-the-nfls-best-defenses-in-part-because-they-traded%2Farticle_7efe644e-aa63-55c5-b00a-0ebd4554221b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fformer-maple-leafs-defenceman-surprises-ttc-riders-with-stanley-cup-on-morning-commute%2Farticle_5ec0466c-b7d6-11ee-9673-d7ae8928a8ff.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fvladimir-putin-grants-former-maple-leafs-forward-russian-citizenship%2Farticle_f42f2876-af16-11ee-94a9-e36c527bd111.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Ffive-games-isnt-nearly-enough-for-what-brendan-gallagher-did-the-nhl-is-embarrassing%2Farticle_3a925914-bc87-11ee-bcac-03429feccc6b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcolumbus-forward-patrik-laine-enters-nhl-nhlpa-player-assistance-program%2Farticle_9de918c0-e33e-530b-9cdd-ea3635219903.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 133ms
73ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3145&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=25&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=sports&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Foilers-superstar-connor-mcdavid-wins-nhl-all-star-skills-competition-and-1-million-prize%2Farticle_633fb034-c239-11ee-b410-4363ff1860db.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fgary-bettman-celebrates-a-non-payday-as-the-nhl-returns-to-the-olympics%2Farticle_01fbf86a-bfa9-11ee-9516-67b78e1fc033.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fyou-have-to-take-a-look-in-the-mirror-dave-keon-talks-about-the-maple%2Farticle_41b07c40-bc63-11ee-9c86-63b369be8ddf.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Foilers-superstar-connor-mcdavid-wins-nhl-all-star-skills-competition-and-1-million-prize%2Farticle_633fb034-c239-11ee-b410-4363ff1860db.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fgary-bettman-celebrates-a-non-payday-as-the-nhl-returns-to-the-olympics%2Farticle_01fbf86a-bfa9-11ee-9516-67b78e1fc033.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fyou-have-to-take-a-look-in-the-mirror-dave-keon-talks-about-the-maple%2Farticle_41b07c40-bc63-11ee-9c86-63b369be8ddf.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fraptors%2Fraptors-insider-fred-vanvleet-on-his-exit-from-toronto-and-why-it-wasnt-a-surprise%2Farticle_420bdaf4-bf97-11ee-b70c-a3647a00a5bb.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fblue-jays%2Fjustin-turner-just-signed-with-the-blue-jays-here-s-the-six-biggest-names-left%2Farticle_c13a5e92-bf95-11ee-8f3d-2f6b1349626a.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fraptors%2Fhe-might-be-the-nicest-guy-youve-ever-met-the-private-side-of-the-houston%2Farticle_46cec734-c133-11ee-820a-cfa41a30dee1.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Ffootball%2Fthe-chiefs-have-built-one-of-the-nfls-best-defenses-in-part-because-they-traded%2Farticle_7efe644e-aa63-55c5-b00a-0ebd4554221b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fformer-maple-leafs-defenceman-surprises-ttc-riders-with-stanley-cup-on-morning-commute%2Farticle_5ec0466c-b7d6-11ee-9673-d7ae8928a8ff.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fvladimir-putin-grants-former-maple-leafs-forward-russian-citizenship%2Farticle_f42f2876-af16-11ee-94a9-e36c527bd111.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Ffive-games-isnt-nearly-enough-for-what-brendan-gallagher-did-the-nhl-is-embarrassing%2Farticle_3a925914-bc87-11ee-bcac-03429feccc6b.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fcolumbus-forward-patrik-laine-enters-nhl-nhlpa-player-assistance-program%2Farticle_9de918c0-e33e-530b-9cdd-ea3635219903.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 139ms
80ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3145&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=25&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=sports&source=LI&st=3145&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fnhlpa-boss-marty-walsh-has-serious-concern-over-coyotes-home%2Farticle_175e8e8e-bfa4-11ee-a01e-eb0d8c34f627.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmontreal-canadiens-trade-centre-sean-monahan-to-winnipeg-jets%2Farticle_3a19012d-897a-5baa-9d71-b788c2aecfba.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Foilers-superstar-connor-mcdavid-wins-nhl-all-star-skills-competition-and-1-million-prize%2Farticle_633fb034-c239-11ee-b410-4363ff1860db.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fgary-bettman-celebrates-a-non-payday-as-the-nhl-returns-to-the-olympics%2Farticle_01fbf86a-bfa9-11ee-9516-67b78e1fc033.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fleafs%2Fyou-have-to-take-a-look-in-the-mirror-dave-keon-talks-about-the-maple%2Farticle_41b07c40-bc63-11ee-9c86-63b369be8ddf.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fsports%2Fhockey%2Fmaple-leafs-have-a-little-fun-at-the-nhl-all-star-draft-at-mitch-marners%2Farticle_68b12c3a-bf98-11ee-a716-9f2ce22c774e.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 140ms
82ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_response&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3147&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=27&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&fst=1706974864865&fstr=2638&pt=1&cl=508&w=entertainment&source=LI&fetchIndex=1&tryIndex=1&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftaylor-swift-is-now-living-rent-free-inside-the-broken-brains-of-maga-conspiracists%2Farticle_26746a42-bfa4-11ee-81dd-dbcd664f17af.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fdocumentary-on-we-are-the-world-goes-deep-inside-recording-session-of-starry-1985-charity%2Farticle_ed06c0a9-3e91-5251-8f4e-d6081726707e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fmuchmusic-doc-pulled-from-crave-months-after-director-says-he-clashed-with-labels%2Farticle_a7c64896-bcde-5eb2-a492-2529c9da1d0f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fis-taylor-swift-a-psy-op-why-right-wing-commentators-want-you-to-think-so%2Farticle_7dc6aeb8-c1ca-11ee-8fb8-d37558737e47.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fcarl-weathers-linebacker-turned-actor-who-starred-in-rocky-movies-and-the-mandalorian-dies%2Farticle_40a8864d-b38c-57a5-b6a2-40d9ab03f3d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fopinion%2Fthe-barbie-oscar-snubs-have-lots-of-company%2Farticle_493cf142-c09f-11ee-aacf-07d26a5880ba.html%22%5D&usedJS=31200000&totalJS=39600000&jsLimit=3760000000&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 140ms
80ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_tracking_items_mismatch&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3150&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=27&jsfv=nbc&ts=1706974865383&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=entertainment&source=LI&errs=initial+segment&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftaylor-swift-is-now-living-rent-free-inside-the-broken-brains-of-maga-conspiracists%2Farticle_26746a42-bfa4-11ee-81dd-dbcd664f17af.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fdocumentary-on-we-are-the-world-goes-deep-inside-recording-session-of-starry-1985-charity%2Farticle_ed06c0a9-3e91-5251-8f4e-d6081726707e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fmuchmusic-doc-pulled-from-crave-months-after-director-says-he-clashed-with-labels%2Farticle_a7c64896-bcde-5eb2-a492-2529c9da1d0f.html%22%5D&responseVisibleItems=%5B%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftaylor-swift-is-now-living-rent-free-inside-the-broken-brains-of-maga-conspiracists%2Farticle_26746a42-bfa4-11ee-81dd-dbcd664f17af.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fdocumentary-on-we-are-the-world-goes-deep-inside-recording-session-of-starry-1985-charity%2Farticle_ed06c0a9-3e91-5251-8f4e-d6081726707e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fmuchmusic-doc-pulled-from-crave-months-after-director-says-he-clashed-with-labels%2Farticle_a7c64896-bcde-5eb2-a492-2529c9da1d0f.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fis-taylor-swift-a-psy-op-why-right-wing-commentators-want-you-to-think-so%2Farticle_7dc6aeb8-c1ca-11ee-8fb8-d37558737e47.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fcarl-weathers-linebacker-turned-actor-who-starred-in-rocky-movies-and-the-mandalorian-dies%2Farticle_40a8864d-b38c-57a5-b6a2-40d9ab03f3d0.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Fopinion%2Fthe-barbie-oscar-snubs-have-lots-of-company%2Farticle_493cf142-c09f-11ee-aacf-07d26a5880ba.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H3 200 __activity.gif
query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/ 35 B
49 B 137ms
79ms Image
image/gif 35.190.14.224
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://query.petametrics.com/v3/7noslr035pfb0mvo/99b2ec79-8fad-4992-90f7-bf68a90df5e4/__activity.gif?e=widget_shown&ct=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&ccu=https%3A%2F%2Fwww.thestar.com%2F&tspl=3151&blst=2297&ist=2632&iet=2636&bdst=2297&bdet=2409&bcttt=27&jsfv=nbc&ts=1706974865384&jsk=7noslr035pfb0mvo&jsv=2024012201&cu=https%3A%2F%2Fse1.vip-dns.fun%2F&uid=99b2ec79-8fad-4992-90f7-bf68a90df5e4&sid=0dd8b4ba-5286-4e19-8d49-cd1abf68dfee&pvid=079d4f79-49f7-4537-8ab4-3651b97aa95a&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F121.0.6167.139+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.4&saveData=false&ctyp=unknown&tzo=600&w=entertainment&source=LI&st=3150&vi=%5B%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftaylor-swift-is-now-living-rent-free-inside-the-broken-brains-of-maga-conspiracists%2Farticle_26746a42-bfa4-11ee-81dd-dbcd664f17af.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fdocumentary-on-we-are-the-world-goes-deep-inside-recording-session-of-starry-1985-charity%2Farticle_ed06c0a9-3e91-5251-8f4e-d6081726707e.html%22%2C%22https%3A%2F%2Fwww.thestar.com%2Fentertainment%2Ftelevision%2Fmuchmusic-doc-pulled-from-crave-months-after-director-says-he-clashed-with-labels%2Farticle_a7c64896-bcde-5eb2-a492-2529c9da1d0f.html%22%5D&sdk=bc-pixel
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 224.14.190.35.bc.googleusercontent.com
Software: openresty/1.13.6.2 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: openresty/1.13.6.2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
content-type: image/gif

GET
H2 200 65bd751321933.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/38/03835b4c-b24d-5607-9cbd-5f925ce75280/ 13 KB
14 KB 41ms
40ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/0/38/03835b4c-b24d-5607-9cbd-5f925ce75280/65bd751321933.image.jpg?resize=540%2C360

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d02b397278e1ec9f9cbf1c4dc2c1fb0a129628b150bc43d0050b0747b974b37b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 11533
cf-polished: qual=85, origFmt=jpeg, origSize=15429
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65bd751321933.webp"
content-length: 13686
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 23:04:52 GMT
server: cloudflare
x-vcache: MISS
etag: "dc4386caa7f73add349a94fb9ea65906"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6acde70b3d7-MIA
expires: Sat, 01 Feb 2025 23:53:55 GMT

GET
H2 200 65bd18887e8f2.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/f/86/f868d955-a0a6-51f6-ac28-4460548b604a/ 41 KB
42 KB 40ms
38ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/f/86/f868d955-a0a6-51f6-ac28-4460548b604a/65bd18887e8f2.image.jpg?resize=540%2C459

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb2f714f6b56241d640749b5c0e8986cd6f72828456d82941f78771216b0f7b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 80726
cf-polished: degrade=85, origSize=43155, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 16:30:00 GMT
server: cloudflare
x-vcache: MISS
etag: "6149b6117be18e915638277125d5786d"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6acde72b3d7-MIA
expires: Sat, 01 Feb 2025 16:46:22 GMT

GET
H2 200 65b7e5dbd1cb2.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/f5/2f5a4c35-5cd4-56bc-9bd1-570ba4829b15/ 21 KB
21 KB 36ms
35ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/2/f5/2f5a4c35-5cd4-56bc-9bd1-570ba4829b15/65b7e5dbd1cb2.image.jpg?resize=540%2C360

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3328ca32ac28da67325604f172c5237ed137f6e3ce6c0095e8104bce1623c9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 408219
cf-polished: qual=85, origFmt=jpeg, origSize=24087
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65b7e5dbd1cb2.webp"
cf-bgj: imgq:85,h2pri
last-modified: Mon, 29 Jan 2024 17:52:29 GMT
server: cloudflare
x-vcache: MISS
etag: "158c6cc4ab058fd6d37686e6802c6c9c"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6acde73b3d7-MIA
expires: Tue, 28 Jan 2025 18:06:53 GMT

GET
H2 200 65b943f424418.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/8/81/881bbaa1-213a-57dc-b21e-a7d271c72dac/ 22 KB
22 KB 40ms
39ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/8/81/881bbaa1-213a-57dc-b21e-a7d271c72dac/65b943f424418.image.jpg?resize=540%2C353

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca291fc96c6a0c82390c67f84a1332316d9aa03932cbbc7a4705a7725083e416

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 169043
cf-polished: qual=85, origFmt=jpeg, origSize=24748
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65b943f424418.webp"
content-length: 22738
cf-bgj: imgq:85,h2pri
last-modified: Tue, 30 Jan 2024 18:46:13 GMT
server: cloudflare
x-vcache: MISS
etag: "c94afe8e274f318c11219d39176a9f91"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6acde75b3d7-MIA
expires: Thu, 30 Jan 2025 13:23:37 GMT

GET
H2 200 65bc41f700879.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/c/9b/c9b61729-4766-5380-bc4e-1c468caf5e4a/ 42 KB
42 KB 37ms
37ms Image
image/jpeg 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/c/9b/c9b61729-4766-5380-bc4e-1c468caf5e4a/65bc41f700879.image.jpg?resize=540%2C376

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2118942ee0d12956100f56f088653b9d22d114dd086d1710e092d20cdb20924

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 130901
cf-polished: origSize=43074, status=webp_bigger
cross-origin-resource-policy: cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Fri, 02 Feb 2024 01:14:34 GMT
server: cloudflare
x-vcache: MISS
etag: "5685e0fa793a2bebd7f7c82e5e6dea73"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 84fbc6acde77b3d7-MIA
expires: Sat, 01 Feb 2025 02:41:23 GMT

GET
H2 200 65bbe50d2b9ed.image.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/d/ba/dba22a04-9948-57c5-9687-b4ddf0ca3409/ 25 KB
25 KB 36ms
36ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/assets/v3/editorial/d/ba/dba22a04-9948-57c5-9687-b4ddf0ca3409/65bbe50d2b9ed.image.jpg?crop=1083%2C813%2C108%2C36&resize=540%2C405&order=crop%2Cresize

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef568fbc01141a9c6d58ac87598529557146f0b393d81b52e49f5572f9124ee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 158187
cf-polished: qual=85, origFmt=jpeg, origSize=26974
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="65bbe50d2b9ed.webp"
content-length: 25404
cf-bgj: imgq:85,h2pri
last-modified: Thu, 01 Feb 2024 18:38:06 GMT
server: cloudflare
x-vcache: MISS
etag: "391dc2e046bd3adfb0aec5ef04f4b699"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6acde7ab3d7-MIA
expires: Fri, 31 Jan 2025 19:44:38 GMT

GET
H2 200 m=W93Wdc Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 131 KB
44 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=W93Wdc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/am=gKEY/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI4fjbINA15dIn8Zp1CxhWohm_CDRA/m=_b,_tp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

252c99e29ed1cc4653fb0d04022ed1f90d2c354a709a970ae6bc1785a3442252

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 09:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45138
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 09:05:47 GMT

GET
H2 200 m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 4 KB
2 KB 69ms
69ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=W93Wdc,_b,_tp/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d134923b5f849cfe96e2c9a6fa1618152c9063610dd025c4648666a54ca2b03b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 13:58:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6167
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1830
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sun, 02 Feb 2025 13:58:18 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 67ms
62ms XHR
text/plain 2607:f8b0:4004:c1f::66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=2097738568&t=pageview&_s=1&dl=https%3A%2F%2Fse1.vip-dns.fun%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgUABAAQCACAAI~&jid=1421976754&gjid=437118330&cid=1331817889.1706974865&tid=UA-54716522-7&_gid=1423099684.1706974865&_slc=1&gtm=45He41v0n71PDQV3Nv72758733za200&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=200&cd9=No&cd10=No&cd12=No&cd13=https%3A%2F%2Fwww.thestar.com%2F&cd15=3.155.0&cd16=No&cd17=Page%20View&cm1=947&gcd=11l1l1l1l1&dma=0&z=1706939666

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::66 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 65ms
60ms XHR
text/plain 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-54716522-7&cid=1331817889.1706974865&jid=1421976754&gjid=437118330&_gid=1423099684.1706974865&_u=YCDAgUABAAQCAGAAI~&z=109341841

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 03 Feb 2024 15:41:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 260ms
259ms Fetch
text/plain 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1302822783678387&correlator=4181892770241490&eid=31079956%2C31080857&output=ldjh&gdfp_req=1&vrg=202401290101&ptt=17&impl=fifs&iu_parts=58580620%2Cthestar.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%2C2x1%2C300x600%7C300x250&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&arp=1&abxe=1&dt=1706974865484&lmt=1706974861&adxs=436%2C799%2C1055&adys=21%2C145%2C1000&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fse1.vip-dns.fun%2F&vis=1&psz=728x-1%7C1600x-1%7C300x600&msz=728x-1%7C1600x-1%7C300x600&fws=516%2C516%2C4&ohw=1600%2C1600%2C1600&ga_vid=1331817889.1706974865&ga_sid=1706974865&ga_hid=2097738568&ga_fc=true&dlt=1706974863235&idt=1737&prev_scp=pos%3D1%26amznbid%3D2%26amznp%3D2%7Cpos%3Dimpact-top%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26amznbid%3D2%26amznp%3D2&cust_params=browser%3DChrome%26k%3Dtoronto%2520star%26page%3Dhomepage%252Capp-editorial%26environment%3Dprod%26cutpoint%3Dlarge%26permutive%3D%26amznbid%3D0%26amznp%3D0%26gs_channels%3Dgx_retry&adks=4245816087%2C3334131667%2C3682374077&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a071edbd33a8e2f0ea098ed016aa4d9ce403ffad9db0346aada942bd24de221

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12987
x-xss-protection: 0
google-lineitem-id: -2,6395607082,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,138445168598,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 14E3 6 KB
3 KB 175ms
54ms Document
text/html 2607:f8b0:4004:c1d::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Feb 2024 15:41:05 GMT
expires: Sun, 02 Feb 2025 15:41:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 61ms
60ms Ping
text/plain 2607:f8b0:4004:c06::65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-6FZFMVVWVN&gtm=45je41v0v873043922z89101115636za200&_p=1706974864280&_gaz=1&gcd=11l1l1l1l1&npa=0&dma=0&cid=1331817889.1706974865&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1706974865&sct=1&seg=0&dl=https%3A%2F%2Fse1.vip-dns.fun%2F&dt=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&en=FCP&_fv=1&_ss=1&ep.web_vitals_measurement_name=FCP&ep.web_vitals_measurement_id=v3-1706974865136-7756854065754&epn.web_vitals_measurement_value=2099.3999996185303&epn.value=2099.3999996185303&ep.CWV_Rating=needs%20improvement&epn.web_vitals_measurement_value2=2099.3999996185303&ep.web_vitals_element=&tfd=3367
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::65 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 60ms
59ms Ping
text/plain 2607:f8b0:4004:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6FZFMVVWVN&cid=1331817889.1706974865&gtm=45je41v0v873043922z89101115636za200&aip=1&dma=0&gcd=11l1l1l1l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=G-6FZFMVVWVN&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1d::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://se1.vip-dns.fun
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RCf9fbf93615df4b4aa748e2328a706496-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 13 KB
3 KB 72ms
71ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RCf9fbf93615df4b4aa748e2328a706496-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 92847fbfa2adaf5f1907b01d1826b39f3fe26420d481337abe1b096109c42236

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
content-encoding: gzip
last-modified: Sat, 03 Feb 2024 15:32:32 GMT
server: AmazonS3
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
etag: W/"9828f4758b3f2acbcebbea99520a48f4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
age: 420
x-amz-cf-id: BpiWFt5cguvqEu3w9xvb7RsDgpj1dQvR0bNS34L-RrIkgX_3nyMMog==

GET
H2 200 RCfdefc67c0ed94b76af30fac1dfc1ce8b-source.min.js Show response
resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/ 621 B
985 B 72ms
72ms Script
text/javascript 54.192.51.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/a6b52c0075b6/RCfdefc67c0ed94b76af30fac1dfc1ce8b-source.min.js
Requested by: Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/55637cf57ed4/launch-9387fe3a1e9f.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.51.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-51-12.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f99bc8a797236529795e9de685a36b88ffaa0d7709371daf535d8b9d9829588a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:34:06 GMT
x-amz-version-id: null
via: 1.1 036a9c4a824b984cd31ef0e9e0ecd306.cloudfront.net (CloudFront)
last-modified: Sat, 03 Feb 2024 15:32:33 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-C2
age: 420
etag: "601d13dcf8c9acec9d4371465512ab34"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 621
x-amz-cf-id: funJ1GwT6xN2HMyc1qGdf-hbR6KtqNUPEC7wDZ5u_Ipb59qBjCJwwg==

GET
H2 200 t2_kcsr8bo_telemetry Show response
conversions-config.reddit.com/v1/pixel/config/ 86 B
424 B 100ms
41ms XHR
application/json 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://conversions-config.reddit.com/v1/pixel/config/t2_kcsr8bo_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
nel: {"report_to":"w3-reporting-nel","max_age":14400,"include_subdomains":false,"success_fraction":0.3,"failure_fraction":0.3}
report-to: {"group":"w3-reporting-nel","max_age":14400,"include_subdomains":false,"endpoints":[{"url":"https://w3-reporting-nel.reddit.com/reports"}]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
content-length: 86
x-served-by: cache-mia-kmia1760082-MIA

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 86ms
27ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1706974865602&id=t2_kcsr8bo&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=98349b3e-f8ff-4662-81bb-7badcddcd196&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_26e8ea0f&dpm=&dpcc=&dprc=
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H2 200 19bca104-b548-11ee-93b5-27d2bd1a5b58.jpg
bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/ 7 KB
8 KB 36ms
35ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/thestar.com/content/tncms/custom/image/19bca104-b548-11ee-93b5-27d2bd1a5b58.jpg?resize=300%2C184

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

741af8d0019a07614a6c6ba62394e9bc564a42e61761510a00c74313ad3ee58c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 140090
cf-polished: qual=85, origFmt=jpeg, origSize=8676
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="19bca104-b548-11ee-93b5-27d2bd1a5b58.webp"
content-length: 7554
cf-bgj: imgq:85,h2pri
last-modified: Wed, 17 Jan 2024 14:52:56 GMT
server: cloudflare
x-vcache: MISS
etag: "410c642673eec8f1d32b20f9a4aeb6f8"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 84fbc6ae2858b3d7-MIA
expires: Fri, 31 Jan 2025 00:12:17 GMT

GET
H2 204 13008914.js Show response
bat.bing.com/p/action/ 0
117 B 52ms
52ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/13008914.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Sat, 03 Feb 2024 15:41:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A7BED1CDC0F46DC8B137EB2379A3E8C Ref B: MIAEDGE2712 Ref C: 2024-02-03T15:41:05Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 115ms
115ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=13008914&Ver=2&mid=a09e2eab-6b1f-43db-8055-7f8ef35089b0&sid=a491db80c2aa11ee8f9549460517ffde&vid=a491f950c2aa11ee8fc3d194aebe47aa&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&kw=toronto%20star&p=https%3A%2F%2Fse1.vip-dns.fun%2F&r=&lt=2305&evt=pageLoad&sv=1&rn=334590

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 03 Feb 2024 15:41:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 85E3B6BCF8D4423B9F3A941379D8B49C Ref B: MIAEDGE2712 Ref C: 2024-02-03T15:41:05Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 4 KB
1 KB 212ms
70ms Fetch
application/json 54.192.50.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.50.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-50-230.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a8b88b817bb9842c3a440c3bf5a377863eaec2de43f66340fd7c3ef053f7ee66

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-amz-version-id: _6iKRvM.Nc81ElVBbaVGniY1Nrh7b_HY
content-encoding: gzip
via: 1.1 8422f3871db2552d4ad0cc9f31e22c2e.cloudfront.net (CloudFront)
date: Sat, 03 Feb 2024 13:57:42 GMT
x-amz-cf-pop: YUL62-C2
age: 6204
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 01 Feb 2024 19:57:38 GMT
server: AmazonS3
etag: W/"d9376493933ff3817b5999882be3b428"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: Azq7EvHrgIZmoyxkVRfTYOCYKjjmwJj6Wi9Atx5EJ9LSnrZiroAERw==

GET
H2 200 main.b3ba56f5.js Show response
s.pinimg.com/ct/lib/ 66 KB
19 KB 58ms
57ms Script
application/javascript 2a04:4e42:77::84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://s.pinimg.com/ct/lib/main.b3ba56f5.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:77::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 45f265d91f0d046e0bf176d32af863a7e497d1c4fa27b488cb0d7a0f539c21e3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
x-cdn: fastly
etag: "672deff0b6e5a9abcd39c208d7373098"
x-amz-server-side-encryption: AES256
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=1209600
alt-svc: h3=":443";ma=600
content-length: 19203

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3116868%26time%3D1706974865645%26url%3Dhttps%253A%252F%252Fse1.vip-dns.fun%252F%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4gel418hp1gAAAY1voWp6MZfmnr8lZt4bx-dSxqytU...

0
485 B

185ms
124ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4gel418hp1gAAAY1voWp6MZfmnr8lZt4bx-dSxqytUSQn-gW89HpmTTz5vD4yhLkijA
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 15562510541C47E4BB291BDCFA172029 Ref B: MIAEDGE2722 Ref C: 2024-02-03T15:41:06Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYQfA6J5TiitXIAxWZpmA==

Redirect headers

date: Sat, 03 Feb 2024 15:41:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 3E8DC72A9702426AB6ADFD7D02161483 Ref B: MIA301000103009 Ref C: 2024-02-03T15:41:06Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3116868&time=1706974865645&url=https%3A%2F%2Fse1.vip-dns.fun%2F&cookiesTest=true&liSync=true&e_ipv6=AQL4gel418hp1gAAAY1voWp6MZfmnr8lZt4bx-dSxqytUSQn-gW89HpmTTz5vD4yhLkijA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYQfA6H0Col5RbC/CdhMw==

GET
H2 200 adsct
t.co/1/i/ 43 B
375 B 128ms
45ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c99892e0-175a-4373-9630-64de25a60a6d&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=67121e5a-980b-4f5d-97e3-8ce18350de74&tw_document_href=https%3A%2F%2Fse1.vip-dns.fun%2F&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.29

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-response-time: 5
date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: e56a7857110e2d20
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: d629f795c6862191ff7da91ae9ee9bbdda443b1865c6c677a9f02140af5630ed
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 135ms
48ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=c99892e0-175a-4373-9630-64de25a60a6d&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=67121e5a-980b-4f5d-97e3-8ce18350de74&tw_document_href=https%3A%2F%2Fse1.vip-dns.fun%2F&tw_iframe_status=0&txn_id=nuz9l&type=javascript&version=2.3.29

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-response-time: 6
date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: d853e0fde2502888
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 9f715034322d1770aafb291b827f644b761cfa8ecbabb6feb134910155125391
content-length: 43

GET
H2 200 s39427874177952
s.thestar.com/b/ss/torontodnnlocal/1/JS-2.25.0-LDQM/ 43 B
202 B 58ms
57ms Image
image/gif 63.140.39.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.thestar.com/b/ss/torontodnnlocal/1/JS-2.25.0-LDQM/s39427874177952?AQB=1&ndh=1&pf=1&t=3%2F1%2F2024%205%3A41%3A5%206%20600&mid=89286859007042574763889647549960788491&aamlh=7&ce=UTF-8&ns=torstardigital&cdp=2&fpCookieDomainPeriods=2&pageName=thestar%7Chome&g=https%3A%2F%2Fse1.vip-dns.fun%2F&cc=CAD&ch=home&server=thestar.com&events=event72&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&h1=D%3D%2B%22thestar%7C%22%2Bh2&c2=home&h2=home&c4=D%3Dg&v4=D%3Dg&c9=breaking%20news%20-%20headlines%20%26%20top%20stories%20%7C%20the%20star&v15=landscape&v16=standard-web-experience&c18=no&c19=D%3Dserver&c24=desktop&c26=not-specified&v29=https%3A%2F%2Fwww.thestar.com%2F&c43=toronto&v49=D%3DpageName&c51=no-adblock-detected&c55=D%3Dmid&c56=no&c57=home&c70=D%3Dserver&v71=9502d5cc-dfc2-4227-bb89-864d8f18346c&v79=no&v80=no&v83=no&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&AQE=1

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.22 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-22.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Sun, 04 Feb 2024 15:41:05 GMT
server: jag
etag: 3665700610360475648-4617800865383997753
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 02 Feb 2024 15:41:05 GMT

GET
H2 200 p.js Show response
cdn.parsely.com/keys/thestar.com/ 73 KB
26 KB 239ms
80ms Script
application/javascript 52.85.107.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/thestar.com/p.js
Requested by: Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.107.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-107-60.yul62.r.cloudfront.net
Software: nginx /
Resource Hash: 4e055c26ecd439ee73765fc8f167b4f23eb9b92608c70b2068b0bc7c3baeb9dd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: public
date: Sat, 03 Feb 2024 09:16:11 GMT
content-encoding: gzip
via: 1.1 0df778cadb5eaa000de4f1d7838b16e0.cloudfront.net (CloudFront)
last-modified: Fri, 24 Jun 2022 01:41:35 GMT
server: nginx
x-amz-cf-pop: YUL62-C2
age: 23094
etag: W/"62b5164f-12236"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: ChKECnbdSoSYS6d9qsg2Z3k51PQHdxYVDpZ3E5NPWnq0yvtOCsadqQ==
expires: Sun, 04 Feb 2024 09:16:11 GMT

GET
H2

200

activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafv... Show response
10230056.fls.doubleclick.net/ Frame D8BA
Redirect Chain

https://10230056.fls.doubleclick.net/activityi;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;u...
https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za20...

491 B
494 B

116ms
115ms

Document
text/html

172.253.63.148
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10230056

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f148.1e100.net

Software

cafe /

Resource Hash

2a1e5cb2e122a0711fa13ef4e37aba5c92dd1701713aff94321eb1e069349680

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 292
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Feb 2024 15:41:06 GMT
expires: Sat, 03 Feb 2024 15:41:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 03 Feb 2024 15:41:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/ 2 KB
2 KB 178ms
72ms Script
text/javascript 2607:f8b0:4004:c19::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698108511/?random=1706974865685&cv=11&fst=1706974865685&bg=ffffff&guid=ON&async=1&gtm=45be41v0v867836103za200&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fse1.vip-dns.fun%2F&hn=www.googleadservices.com&frm=0&tiba=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&npa=0&pscdl=noapi&auid=1630055685.1706974865&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-698108511

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ba4ae92443c9ba28eca1b8ec9518ab540ad3ac55b9d8864cdb050d72f92b212

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1285
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 549886031832745 Show response
connect.facebook.net/signals/config/ 294 KB
91 KB 238ms
237ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/549886031832745?v=2.9.144&r=stable&domain=se1.vip-dns.fun&hme=44ba03e7b4a66084f0064fdada9e7a7b89f6f2cf807a204d10c6509aeae35209&ex_m=62%2C105%2C93%2C97%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C148%2C151%2C162%2C158%2C159%2C161%2C25%2C89%2C45%2C68%2C160%2C143%2C146%2C155%2C156%2C163%2C114%2C13%2C43%2C167%2C166%2C116%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C94%2C96%2C31%2C95%2C26%2C22%2C144%2C147%2C123%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C92%2C38%2C70%2C60%2C98%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C99

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

907bc76e2d90f29830d5d5afc6e28961ec6837594c668c7ac1361c5e980c074b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 03 Feb 2024 15:41:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0"
pragma: public
x-fb-debug: ckWmQs0H1pdYTSaekIYySH9TEVv5Bgi8ejakbVwHrVa7fU2SgqXSuJGUaFLKGfTimvuehRsLJhTGe99zbMF7Kg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 m=LEikZe Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 236 B
186 B 54ms
53ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=FCpbqb,W93Wdc,WhJNk,Wt6vjf,_b,_tp,hhhU8,ws9Tlc/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=LEikZe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

685ee1f5e122fdc218b11e4589efbbfc2c567087e94b65062b13c290aae43a6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 09:24:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108971
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 160
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 09:24:54 GMT

GET
H3 200 m=bm51tf Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 1 KB
811 B 53ms
53ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=FCpbqb,LEikZe,W93Wdc,WhJNk,Wt6vjf,_b,_tp,hhhU8,ws9Tlc/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

568688d51d1e8ffbfe0b034496cf881e43b2ad5e442789a9a54a4ff32c294d2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 09:05:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110124
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 785
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 09:05:41 GMT

GET
H3 200 m=RqjULd Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 19 KB
6 KB 53ms
53ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=FCpbqb,LEikZe,W93Wdc,WhJNk,Wt6vjf,_b,_tp,bm51tf,hhhU8,ws9Tlc/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c069452cbace0c3dcd7e23c99b132f659ae91606f0ba3a8dde094b55efb5c7e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 09:15:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6514
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 09:15:53 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 80A9 0
0 115ms
114ms Fetch
image/gif 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsun3bS2yGhzn04WtcbPp8SrX6VOcTUjNtI--tCSvu1tB0nVCWKYDLzA3KNsCnq9lyXZ0BPCzmFdsFXQy4dru8rq8Rmt1QFvoYwsXyCPwoNXXQ_AUSM1brL_nCS5XDpZJkeYM7IOAztsJPeXwn3CXPWzm4Y-dVFQOKF1_WepcCfq79n0yzumbC_qirRiDhKOza2vhqrk6aNREHjrvCbNbOycGT9qGh6RV9Fya4LFhvqF2eVgbykP7uvuYBzQQv3JY8L6rx46BsNkpYZIVCAEyUZ3X3Sj1oqaZYaWWkTWYv7X6zatthA0T_Zs9nlhLpNKoe9Lxo-FMsJWoz4HUhZaH56iyU6V1vA&sai=AMfl-YTV8VzsIEuLEzsA5ijeaWlm7mtMWqLYK0Mt52ZruT7_47a2N_mv9MYmTO-zDWnRJ6aS3Ef0OPxFWxGI-3kt4tYmQ3omc0livcmAJPTfI7YadA2wE6lnsdHqM1zO7woLf38AVtmM-jS_poZuA5mnql4&sig=Cg0ArKJSzHKS_fgA2EYVEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 03 Feb 2024 15:41:05 GMT

GET
H/1.1 200
OK pub.js Show response
s3.us-west-2.amazonaws.com/application-mia-player-prod.rubiconproject.com/ Frame 80A9 35 KB
35 KB 355ms
131ms Script
application/javascript 52.218.178.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.us-west-2.amazonaws.com/application-mia-player-prod.rubiconproject.com/pub.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.218.178.232 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: efff559f6c86b2f0842abbb9fb798ad2865896f12350c91dddf1be3d9b815eb1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Sat, 03 Feb 2024 15:41:07 GMT
Last-Modified: Thu, 18 Jan 2024 11:16:57 GMT
Server: AmazonS3
x-amz-request-id: HQEKYWSB1ZV0QQ62
ETag: "f5315f3dc621f432b038d4452a462778"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 35670
x-amz-id-2: +MUQwPBotva79YnxWiEwwhCF+5uJAsH5BfxCJPoWmGI8zWA+cDuJVnHiJs5O34HWF0qCXBTaAUs=

GET
H2 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 80A9 205 KB
62 KB 177ms
53ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:09:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1924
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63267
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 03 Feb 2024 16:09:02 GMT

POST
H3 200 batchexecute Show response
news.google.com/swg/_/SubscribewithgoogleClientUi/data/ Frame 05E7 139 B
175 B 152ms
152ms XHR
application/json 2607:f8b0:4004:c1b::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2Fui%2Fv1%2Fserviceiframe&f.sid=8321693382795741536&bl=boq_subscribewithgoogleclientserver_20240129.03_p0&hl=en-US&soc-app=673&soc-platform=1&soc-device=1&_reqid=20466&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::71 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51ce25754c979ab01982de2dd5cc9eabf37e8e14530e3c7d34b6b06bc741d69f

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-encoding: gzip
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 233ms
72ms Script
application/javascript 3.162.3.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-55.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 14:41:55 GMT
content-encoding: gzip
via: 1.1 8b37208e69f78eef4dd958de00423132.cloudfront.net (CloudFront)
last-modified: Thu, 07 Dec 2023 12:13:41 GMT
server: AmazonS3
x-amz-cf-pop: YUL62-P2
age: 3573
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 2LOHBfxiKIYWlLKSelJBghgi8x6kbbvEdBQiG74uDKeWw_3qr1qOTg==

GET
H2 200 / Show response
ct.pinterest.com/user/ 304 B
620 B 145ms
54ms XHR
application/json 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/user/?tid=2612846434758&cb=1706974865883&dep=2%2CPAGE_LOAD
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b3ba56f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 64d82f5d2dfd91262b776894417faaedf2159d900d80de148affcb57beee794d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
content-encoding: gzip
x-cdn: fastly
x-envoy-upstream-service-time: 0
alt-svc: h3=":443";ma=600
x-pinterest-rid: 2514202644843906
content-length: 174
pin-unauth: dWlkPU4yVTRPVE16TVdVdFl6VTFZaTAwTjJNMkxXSmxOamd0WmpneE5tWXpaR0kyTXpSag
pragma: no-cache
referrer-policy: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://se1.vip-dns.fun
access-control-expose-headers: Epik,Pin-Unauth
cache-control: no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials: true
pinterest-version: cfd4e862d9e3481a2f60d0bf6fccc06d9ddb0948
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 segment Show response
api.permutive.com/adv/v2/ 36 B
91 B 146ms
145ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 95ad89143c22c60442bfab4646c8a5e85cef5f091e0f26405a160e2197f73706

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:05 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36
content-type: application/json

GET
H2 200 /
ct.pinterest.com/v3/ 35 B
215 B 138ms
56ms Image
image/gif 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ct.pinterest.com/v3/?tid=2612846434758&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fse1.vip-dns.fun%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%22b3ba56f5%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%2C%22ecm_enabled%22%3Afalse%7D&cb=1706974865892
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:06 GMT
referrer-policy: origin
x-cdn: fastly
content-type: image/gif
access-control-allow-origin: *
pinterest-version: 1874ddb49806027a2d0f19e48eeaf7a1914420d3
cache-control: no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time: 3
alt-svc: h3=":443";ma=600
x-pinterest-rid: 2377716269643080
content-length: 35
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L... Frame 05E7 108 KB
36 KB 54ms
53ms Script
text/javascript 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.zccY2MEiBmI.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.ZI9ocW09NNw.L.B1.O/am=gKEY/d=1/exm=FCpbqb,LEikZe,RqjULd,W93Wdc,WhJNk,Wt6vjf,_b,_tp,bm51tf,hhhU8,ws9Tlc/excm=_b,_tp,serviceiframeview/ed=1/wt=2/ujg=1/rs=ABXTjI5lEHaFROwfnrRX3h29HAyxi6fxjA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e00f72120d1aef5624549a6cd320847b51086db7ece170938a9c8790a8b00fa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 21:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65533
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37132
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:21:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 21:28:52 GMT

GET
H2 200 ajs-destination.bundle.13362ca512563a10e34d.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 72ms
72ms Script
application/javascript 54.192.50.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.13362ca512563a10e34d.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.50.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-50-230.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7e4fde2a7e2da4eb11065a29f03b7f68566665515cf79bf4841168b46508dda5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 15:57:40 GMT
x-amz-version-id: arY3EWu63PxiojkDhSBzxNAjyf4PxNc5
content-encoding: br
via: 1.1 90b7b9dc3aa8817f0cef3cfd45fb8916.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
age: 2850206
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 14 Dec 2023 21:42:44 GMT
server: AmazonS3
etag: W/"0dec480089dae7da1834489f95aca4e7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: H-YjBKpsjc5IdylR7hrFsMkgCqE-PiwW6bKI8brqzvZ04ypGfgcVjw==

GET
H2 200 /
www.google.com/pagead/1p-user-list/698108511/ 42 B
455 B 171ms
64ms Image
image/gif 2607:f8b0:4004:c09::6a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/698108511/?random=1706974865685&cv=11&fst=1706972400000&bg=ffffff&guid=ON&async=1&gtm=45be41v0v867836103za200&u_w=1600&u_h=1200&url=https%3A%2F%2Fse1.vip-dns.fun%2F&frm=0&tiba=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_rSbwQ3toMHt-kt_8P9z-D2JPxeYFWQ&random=3210434488&rmt_tld=0&ipr=y

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::6a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
259 B 225ms
52ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1706974865927&plid=86223043&idsite=thestar.com&url=https%3A%2F%2Fse1.vip-dns.fun%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%22plan%22%3A%22%22%2C%22janrain_uuid%22%3A%22%22%2C%22site_level_uuid%22%3A%22%22%2C%22hub_level_uuid%22%3A%22%22%2C%22adobe_mcid%22%3A%2289286859007042574763889647549960788491%22%2C%22word_count%22%3A%22%22%2C%22_scrollIncrement%22%3A0%2C%22_scrollMethod%22%3A%22pageview%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A11673%7D&sid=1&surl=https%3A%2F%2Fse1.vip-dns.fun%2F&sref=&sts=1706974865920&slts=0&title=Breaking+News+-+Headlines+%26+Top+Stories+%7C+The+Star&date=Sat+Feb+03+2024+05%3A41%3A05+GMT-1000+(Hawaii-Aleutian+Standard+Time)&action=pageview&js=1&pvid=51291802&u=pid%3D865115b1b80faec20d1a748afed8b464
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Sat, 03 Feb 2024 15:41:06 GMT
Cache-Control: no-cache
Last-Modified: Saturday, 03-Feb-2024 15:41:06 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 schemaFilter.bundle.f63551a29dc1697f71b6.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 71ms
71ms Script
application/javascript 54.192.50.230
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.f63551a29dc1697f71b6.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.50.230 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-50-230.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 14:45:44 GMT
x-amz-version-id: NqLtoxal8QgLc3IEduuKdtP19NWPXDko
content-encoding: br
via: 1.1 90b7b9dc3aa8817f0cef3cfd45fb8916.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
age: 2681723
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 02 Jan 2024 23:27:24 GMT
server: AmazonS3
etag: W/"2a359f6227308e4ee31623f9381ae1d7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: p4CvE1uFuLHOHAoPtHfp90Qf_c3FTe8R9PuZ-jv_8JkELwESyFPxTA==

POST
H2 200 0f7814aed0234a03f29fbdb11fedd4d51c1830efd5cf514b18cf0d0e6d4930d1 Show response
pixel.thestar.com/events/ 0
354 B 331ms
52ms XHR
text/plain 2600:1f18:1430:9001:709e:5b7e:3de:fd66
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.thestar.com/events/0f7814aed0234a03f29fbdb11fedd4d51c1830efd5cf514b18cf0d0e6d4930d1
Requested by: Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.144&r=stable&domain=se1.vip-dns.fun&hme=44ba03e7b4a66084f0064fdada9e7a7b89f6f2cf807a204d10c6509aeae35209&ex_m=62%2C105%2C93%2C97%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C148%2C151%2C162%2C158%2C159%2C161%2C25%2C89%2C45%2C68%2C160%2C143%2C146%2C155%2C156%2C163%2C114%2C13%2C43%2C167%2C166%2C116%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C94%2C96%2C31%2C95%2C26%2C22%2C144%2C147%2C123%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C92%2C38%2C70%2C60%2C98%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C99
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1430:9001:709e:5b7e:3de:fd66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://se1.vip-dns.fun
date: Sat, 03 Feb 2024 15:41:06 GMT
access-control-allow-credentials: true
content-length: 0
vary: origin

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 328ms
56ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=549886031832745&ev=PageView&dl=https%3A%2F%2Fse1.vip-dns.fun%2F&rl=&if=false&ts=1706974866077&sw=1600&sh=1200&v=2.9.144&r=stable&ec=0&o=4126&fbp=fb.1.1706974866073.121483585&eid=ob3_plugin-set_e836a75befce8b3dd040c7b6f88e8a24380fdb9e357a27538a7f13c0a4bd267f&cs_est=true&ler=empty&cdl=API_unavailable&it=1706974865728&coo=false&exp=e1&rqm=GET

Requested by

Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 03 Feb 2024 15:41:06 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=*;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=...
adservice.google.com/ddm/fls/z/ Frame D8BA 42 B
401 B 375ms
111ms Image
image/gif 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=*;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F

Requested by

Host: 10230056.fls.doubleclick.net
URL: https://10230056.fls.doubleclick.net/activityi;dc_pre=CJX1k_TAj4QDFcLpWwod91QLog;src=10230056;type=ret01;cat=land01;ord=2416383507841;npa=0;auiddc=1630055685.1706974865;pscdl=noapi;gtm=45fe41v0za200;gcd=11l1l1l1l1;dma=0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fse1.vip-dns.fun%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://10230056.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
174 B 362ms
113ms Fetch
application/json 35.81.90.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.81.90.104 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-81-90-104.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://se1.vip-dns.fun
date: Sat, 03 Feb 2024 15:41:06 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%2...
https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%...

0
225 B

84ms
83ms

Image
text/plain

3.162.3.55
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&c9=
Requested by: Host: se1.vip-dns.fun
URL: https://se1.vip-dns.fun/
Protocol: H2
Server: 3.162.3.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-162-3-55.yul62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
via: 1.1 8b37208e69f78eef4dd958de00423132.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: YUL62-P2
x-amz-cf-id: f-MBZ4RipK3IXR8PoT6Mq_dV_S3VO8CR0mK6bIKQ790g0N-iY1vh5w==
x-cache: Miss from cloudfront

Redirect headers

date: Sat, 03 Feb 2024 15:41:06 GMT
via: 1.1 8b37208e69f78eef4dd958de00423132.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: YUL62-P2
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1706974866107&ns_c=UTF-8&c7=https%3A%2F%2Fse1.vip-dns.fun%2F&c8=Breaking%20News%20-%20Headlines%20%26%20Top%20Stories%20%7C%20The%20Star&c9=
content-length: 0
x-amz-cf-id: EQ4VtV5Q31STFMVtHlp2mpRocsVJxhChaT5VjL3RL5ETETByruJn2g==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 76ms
76ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 03 Feb 2024 15:41:05 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F5BA3D9ED4074F30878FDE6CADA72D98 Ref B: MIA301000103009 Ref C: 2024-02-03T15:41:06Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://se1.vip-dns.fun
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYQfA6L6abjc6xqPwQ79A==

GET
H2 200 placements Show response
mia-placement-server.rubiconproject.com/ Frame 80A9 17 B
178 B 206ms
54ms Fetch
application/json 44.215.65.75
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mia-placement-server.rubiconproject.com/placements?location=https%3A%2F%2Fse1.vip-dns.fun%2F&publisherId=62019&size=xl
Requested by: Host: s3.us-west-2.amazonaws.com
URL: https://s3.us-west-2.amazonaws.com/application-mia-player-prod.rubiconproject.com/pub.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.215.65.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-215-65-75.compute-1.amazonaws.com
Software: /
Resource Hash: b1b1ba9f3d21081238cdd860f56bd67c5f1db21b6deb58d9c32cbb86457b0acb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:06 GMT
content-length: 17
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
DATA 200
OK truncated
/ Frame 80A9 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69cf094d35e4017207b9e178fcb4a2238234f9ce928f19dc42bf6bba6b5b950c

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 80A9 0
0 115ms
115ms Fetch
image/gif 2607:f8b0:4004:c1b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstdWPnJXrqra7QAZ-ANhmYxckUvS2ruVqs0_4sES2yfWAYyxXItzRkYrOVK4cg4zwCaxT-3Lu-NWzqPqZ5ybmY2N2Z43zcmS0gFUaEBhGr-sYtNxtKuKy6UfBGdIxlkDQo52nFIWxwfENXPeoGesHDFR_WryA6KGjROpFaauL__z2UfIBNQiym1OuHArTfRgDAfO6dNACbnBkGvs6Ut6pRqh-FAx_lxub18kSOIPVBQJLynxXpjep46qBtUg-ICc-GF8BnhLkjzxaOpQK5VwB5kR0fTR-Ga9TaK0yJejh7p600_Aoo-fyiQU0TFVhrfvcLtJ0GzI2ucrCH9q18stmqQ8pjKOQsF5w&sai=AMfl-YSWNOmaN3xLX_GqG1VDbgkIg03nBkqDTJC9AhzBZGsGvCthE9p-funVime31Cpy8KuaXnCtIAay9VpTXZw3Hmzh9AUlcXQlPW78Re0bEAV13NUc-7y0Kb4f43iL7n-PTyt7Xok_g4la7PSnDsv0JRY&sig=Cg0ArKJSzNwgFwzuZ5F1EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 03 Feb 2024 15:41:06 GMT

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
128 B 134ms
134ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 8a56dac4c76462f94ce17feba0e6f9dc1701b1578872fdb71d51296d4289fa54

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 186ms
80ms XHR
application/json 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202401290101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b4d761997ba2a3f1ea317d27c2a5a1ce730d575ff860e5e547d91264b2b9ea2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12267
x-xss-protection: 0

GET
H2 200 token_create.js Show response
ct.pinterest.com/static/ct/ 4 KB
4 KB 28ms
28ms Script
application/javascript 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/static/ct/token_create.js
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b3ba56f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5293e3d1f06d73bbd75b83ab1fd1e3020fd5fc1143e2d628d09cd6dc56f9b427

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
x-cdn: fastly
age: 1552
etag: "ac8a351969e6397350708173ca06e5ca"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=7200
timing-allow-origin: https://ct.pinterest.com
alt-svc: h3=":443";ma=600
content-length: 4045

GET
H2 200 ct.html Show response
ct.pinterest.com/ Frame 4DBA 565 B
402 B 54ms
54ms Document
text/html 151.101.64.84
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://ct.pinterest.com/ct.html
Requested by: Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.b3ba56f5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.64.84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443";ma=600
cache-control: max-age=86400
content-encoding: gzip
content-length: 323
content-type: text/html; charset=utf-8
date: Sat, 03 Feb 2024 15:41:06 GMT
pinterest-version: cfd4e862d9e3481a2f60d0bf6fccc06d9ddb0948
referrer-policy: origin
x-cdn: fastly
x-envoy-upstream-service-time: 0
x-pinterest-rid: 8414573853472698

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 164ms
54ms Script
text/javascript 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401290101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 03 Feb 2024 15:41:06 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 503D 13 KB
5 KB 57ms
56ms Document
text/html 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 17747
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 03 Feb 2024 10:45:19 GMT
expires: Sun, 02 Feb 2025 10:45:19 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9217 829 B
985 B 71ms
70ms Document
text/html 2607:f8b0:4004:c09::6a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::6a Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b68de0d4b6196b20faf6934569860f77416ff02a5845c88b951a0d983c3dacf1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-HV5xk2YPzGuNjE01XXkSrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://se1.vip-dns.fun/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-HV5xk2YPzGuNjE01XXkSrw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 03 Feb 2024 15:41:06 GMT
expires: Sat, 03 Feb 2024 15:41:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 503D 39 KB
15 KB 54ms
52ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 23:27:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 58408
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 23:27:38 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9217 0
0 109ms
109ms Image
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202401290101&jk=1302822783678387&rc=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 503D 0
10 B 53ms
52ms Image
text/plain 2607:f8b0:4004:c06::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?vy0BuA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 15:41:07 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 80A9 42 B
64 B 112ms
111ms Fetch
image/gif 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuXRRiGRT7te3Jj9I45HAiM3d_THFFIPzdI4Oh5eebeZFZpGVhiWFZv2PVIIqoxxAA5mXUhgo3xXcdyY_sbByBt9Dzi0BeQml1v7nBvpbqB1Ha3PdRkLFdyFXheR1MN7Jp2VhGplt6MBFxlOVdTYZuT7n5z&sig=Cg0ArKJSzFkNgR0tDyiREAE&id=lidar2&mcvt=1001&p=56,799,57,801&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240201&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3334131667&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=290766600&rst=1706974865840&rpt=535&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Feb 2024 15:41:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
127 B 134ms
133ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 172976347d75b83beeb31a0aa3aaf37e8f4c967b26ef9fd9a7a9d131afb5c796

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

date: Sat, 03 Feb 2024 15:41:07 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://se1.vip-dns.fun
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 112ms
112ms Image
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202401290101&jk=1302822783678387&bg=!u7iluPfNAAa8BdJLnAU7ADQBe5WfOBFpvUQqGdQqyOEfCF4wwaxJf6rXzVD7M8KfS9okDL0unZM7rIumNyoy4pHcG_uLAgAAAF5SAAAAA2gBB5kCx-gWsUkuqQlVFhES4bofF1ggUuYf9TNw0bfQ8Uus29AiKSIih8QZa0TaybhWHbEN7TRxRxfRNzImTkzqOynbo3qtGzCJ9Dwmqe2xwR8ruwa8YhuVGEwZayuzc3_4E6Kfiqx-Fm0dkQ756MRklEFAoSwFurV-Rk79d3x2fwQTyvc9f1yHer_goFQgnhs6S82ZStH8BG4YZPV8esEeUW_WPENhcmi0kEHbpEI3wjxdekayZ1mw4UTgl4ePMivR9fgbumDw8zWU6QA1g45X-yaDSbh4hhwJ_pMp3u6Lh1lkllYISizutzG2Fm1ocKtLNRGV_TYbjNnueqtb-fKoOr0yhcxxg8s8nh1IOi-CsJJa-lnIncwikriHdGy-QoY7ywYvtbW3BaaeMqJGyMahdSXhYd773yMJ2KamIbOkLVxLCdPjZ6r3n3T7UMC9SvEtgOam4I_1ItACBKmfUsWTb8imCyMw2TuQhFkRd6Ck94I_vsNONYlBQn60vNCR9MIoyGHJInJPeLWJC_D3dyVXaveTRmnK-0_tOL_rj0OG55pgpiy7vxe5bNqJo90iKwKYv6gHE1EuZbID7ZiiptCM2MOFcr8IYzlg5j9Mwmx9oJZURkDG3GYwtUqikMqIuweKZakehjsrHd81GS5Z3PFl9gDf6d7XB_jlrNh4VcywQjoDpRKNieAnxb_ZJx9a1Gv0jQeXYFb20apZ3ny40CskXtRDRbGjcygKSKPEBXtgb6LmMtAxRdXJbyMELc4YPlNeVX-bpIbSFThsyPE1mSb9l8ywPWpAmP8w7MzWq6RSnR2__NyBtP4vOVyj4GYXYrsg9XGXAO6NbWT8nzjf5wWuwRgq8x_25oTU17GuKxgn_y93TC57CiCRsTDLvoY7SQOr4OfHEge1gCpESZrnWDNWX1zkV1Pkz0it1BtOx575TCye829OL3Wn6VUFZA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://se1.vip-dns.fun/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 218ms
217ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by: Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://se1.vip-dns.fun/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Sat, 03 Feb 2024 15:41:07 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: thestar.cloud.optable.co
URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1

Domain: thestar.cloud.optable.co
URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1

Domain: thestar.cloud.optable.co
URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1

Verdicts & Comments Add Verdict or Comment

173 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

46 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pixel.thestar.com/events/0f7814aed0234a03f29fbdb11fedd4d51c1830efd5cf514b18cf0d0e6d4930d1	1970-01-20 20:19:10	Name: cee Value: xhurlvP%2FMexvvKm%2BSinZkiDpB4p2Tpw%2B%2FsgMGT%2B2%2F8E%3D.%7B%22cee_id%22%3A%22cee.1706974866386.66422%22%7D
.vip-dns.fun/	1970-01-20 22:31:39	Name: permutive-id Value: 9502d5cc-dfc2-4227-bb89-864d8f18346c
.adnxs.com/	1970-01-21 03:45:34	Name: receive-cookie-deprecation Value: 1
se1.vip-dns.fun/	1969-12-31 23:59:59	Name: _igt Value: 0dd8b4ba-5286-4e19-8d49-cd1abf68dfee
se1.vip-dns.fun/	1970-01-21 02:55:10	Name: _ig Value: 99b2ec79-8fad-4992-90f7-bf68a90df5e4
.vip-dns.fun/	1970-01-20 20:19:10	Name: _gcl_au Value: 1.1.1630055685.1706974865
.demdex.net/	1970-01-20 22:28:46	Name: demdex Value: 89272844693718507023888797524036730881
.vip-dns.fun/	1969-12-31 23:59:59	Name: AMCVS_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 1
.vip-dns.fun/	1970-01-21 03:45:34	Name: _ga_4T2EB147B8 Value: GS1.1.1706974865.1.0.1706974865.60.0.0
.everesttech.net/	1970-01-21 02:55:10	Name: everest_g_v2 Value: g_surferid~Zb5eGwAAAMCNWQOH
.vip-dns.fun/	1970-01-20 18:09:38	Name: AMP_TOKEN Value: %24NOT_FOUND
.vip-dns.fun/	1970-01-20 18:11:01	Name: _gid Value: GA1.2.1423099684.1706974865
.vip-dns.fun/	1970-01-20 18:09:34	Name: _dc_gtm_UA-54716522-7 Value: 1
.dpm.demdex.net/	1970-01-20 22:28:46	Name: dpm Value: 89272844693718507023888797524036730881
.vip-dns.fun/	1970-01-21 03:45:34	Name: AMCV_19A568F454F72DAF0A4C98A6%40AdobeOrg Value: 179643557%7CMCIDTS%7C19757%7CMCMID%7C89286859007042574763889647549960788491%7CMCAAMLH-1707579665%7C7%7CMCAAMB-1707579665%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1706982065s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19764%7CvVersion%7C5.5.0
.vip-dns.fun/	1970-01-21 03:45:34	Name: _ga Value: GA1.1.1331817889.1706974865
.vip-dns.fun/	1970-01-20 20:19:10	Name: _rdt_uuid Value: 1706974865601.98349b3e-f8ff-4662-81bb-7badcddcd196
.vip-dns.fun/	1970-01-20 18:11:01	Name: _uetsid Value: a491db80c2aa11ee8f9549460517ffde
.vip-dns.fun/	1970-01-21 03:31:10	Name: _uetvid Value: a491f950c2aa11ee8fc3d194aebe47aa
.vip-dns.fun/	1969-12-31 23:59:59	Name: s_cc Value: true
.bing.com/	1970-01-21 03:31:10	Name: MUID Value: 22E4EB755AF4634F0CD0FF6F5B4A62F9
.bat.bing.com/	1970-01-20 18:19:39	Name: MR Value: 0
.t.co/	1970-01-21 03:45:34	Name: muc_ads Value: b0a8862e-b3b4-4aee-ae03-34fd4fc344e1
.twitter.com/	1970-01-21 03:45:34	Name: guest_id_marketing Value: v1%3A170697486576378464
.twitter.com/	1970-01-21 03:45:34	Name: guest_id_ads Value: v1%3A170697486576378464
.twitter.com/	1970-01-21 03:45:34	Name: personalization_id Value: "v1_lzlFvcmn+Zg55jveno1F7w=="
.twitter.com/	1970-01-21 03:45:34	Name: guest_id Value: v1%3A170697486576378464
.vip-dns.fun/	1970-01-21 03:31:10	Name: __gads Value: ID=536a950241a0d284:T=1706974865:RT=1706974865:S=ALNI_MZsbEHXlVJLmhHxnuw1ZGbPUgrzVQ
.vip-dns.fun/	1970-01-21 03:31:10	Name: __gpi Value: UID=00000dbd99442824:T=1706974865:RT=1706974865:S=ALNI_MZ5zVUi73E8d7s09dgCpBVMqBhM6A
.linkedin.com/	1970-01-20 20:19:10	Name: li_sugr Value: fe2fe30e-0010-416b-9279-26c8535a3a54
.linkedin.com/	1970-01-21 02:55:10	Name: bcookie Value: "v=2&aa60573e-23c8-40c7-8ff5-b64a885a290c"
.linkedin.com/	1970-01-20 18:11:01	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=3135:u=1:x=1:i=1706974865:t=1707061265:v=2:sig=AQFU8Ug5rWvp-rNIDykjMRkTqhqKlfBF"
.vip-dns.fun/	1970-01-20 22:28:46	Name: __eoi Value: ID=19b9f2e2fd037aa9:T=1706974865:RT=1706974865:S=AA-AfjY1rR92pBcuDcB-S9QqkrV4
.vip-dns.fun/	1970-01-20 18:09:36	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://se1.vip-dns.fun/%22%2C%22sref%22:%22%22%2C%22sts%22:1706974865920%2C%22slts%22:0}
.linkedin.com/	1970-01-20 18:52:46	Name: UserMatchHistory Value: AQIWB61UJig_owAAAY1voWnkrwdO2AgBk0XHgC0gv4oOY33VhBy-aidH5uP-whMfFNfPhyLS-Md5AQ
.linkedin.com/	1970-01-20 18:52:46	Name: AnalyticsSyncHistory Value: AQLk7V4VnzFhnAAAAY1voWnkpKwd3JQDvJ5VDeUnXmKb6BvZYwPfzXxDp13ij512cxl9Bo9MqSB8vMsgNQ7oJw
.vip-dns.fun/	1970-01-21 03:38:58	Name: _parsely_visitor Value: {%22id%22:%22pid=865115b1b80faec20d1a748afed8b464%22%2C%22session_count%22:1%2C%22last_session_ts%22:1706974865920}
.doubleclick.net/	1970-01-21 03:45:34	Name: IDE Value: AHWqTUkQsXXT3YXV-7BjVCMxB3uOrgOEIgEJbaD0SigHepwLqqRk737DPQ0fagiTrH8
.www.linkedin.com/	1970-01-21 02:55:10	Name: bscookie Value: "v=1&20240203154105cf5aa02f-da4a-43a8-8e68-e534b443fd68AQGEMnwm61nvlJMNgUpiBGff_ThgqYIO"
.se1.vip-dns.fun/	1970-01-21 02:55:10	Name: _pin_unauth Value: dWlkPU4yVTRPVE16TVdVdFl6VTFZaTAwTjJNMkxXSmxOamd0WmpneE5tWXpaR0kyTXpSag
.pinterest.com/	1970-01-21 02:55:10	Name: ar_debug Value: 1
.vip-dns.fun/	1970-01-20 20:19:10	Name: _fbp Value: fb.1.1706974866073.121483585
.doubleclick.net/	1970-01-20 22:28:46	Name: receive-cookie-deprecation Value: 1
.vip-dns.fun/	1970-01-21 02:55:10	Name: ajs_anonymous_id Value: 4efc8413-ce9e-403c-9f69-ecc02f4a4e7d
.scorecardresearch.com/	1970-01-21 03:45:34	Name: UID Value: 1C9ea4f1f5a31cdf6f119d21706974866
.vip-dns.fun/	1970-01-21 03:45:34	Name: _ga_6FZFMVVWVN Value: GS1.1.1706974865.1.1.1706974866.59.0.0

72 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://se1.vip-dns.fun/ Message: Access to fetch at 'https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1' from origin 'https://se1.vip-dns.fun' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://thestar.cloud.optable.co/prod-thestar-com/init?cookies=no&passport=&osdk=web-v0.16.1 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://se1.vip-dns.fun/ Message: Access to fetch at 'https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1' from origin 'https://se1.vip-dns.fun' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://se1.vip-dns.fun/ Message: Access to fetch at 'https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1' from origin 'https://se1.vip-dns.fun' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://thestar.cloud.optable.co/prod-thestar-com/v2/targeting?cookies=no&passport=&osdk=web-v0.16.1 Message: Failed to load resource: net::ERR_FAILED
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
network	error	URL: https://api.viafoura.co/v2/se1.vip-dns.fun/bootstrap/v2 Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.144&r=stable&domain=se1.vip-dns.fun&hme=44ba03e7b4a66084f0064fdada9e7a7b89f6f2cf807a204d10c6509aeae35209&ex_m=62%2C105%2C93%2C97%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C148%2C151%2C162%2C158%2C159%2C161%2C25%2C89%2C45%2C68%2C160%2C143%2C146%2C155%2C156%2C163%2C114%2C13%2C43%2C167%2C166%2C116%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C94%2C96%2C31%2C95%2C26%2C22%2C144%2C147%2C123%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C92%2C38%2C70%2C60%2C98%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C99(Line 118) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://se1.vip-dns.fun/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10230056.fls.doubleclick.net
7a683fc424438f916742c2adaeab3bdc.safeframe.googlesyndication.com
aax.amazon-adsystem.com
accounts.google.com
ad-delivery.net
ad.doubleclick.net
adservice.google.com
alb.reddit.com
ampcid.google.com
analytics.google.com
analytics.twitter.com
api.btloader.com
api.permutive.com
api.segment.io
api.viafoura.co
bat.bing.com
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co
bloximages.chicago2.vip.townnews.com
btloader.com
c.amazon-adsystem.com
cdn.ampproject.org
cdn.parsely.com
cdn.petametrics.com
cdn.segment.com
cdn.viafoura.net
cm.everesttech.net
config.aps.amazon-adsystem.com
connect.facebook.net
conversions-config.reddit.com
ct.pinterest.com
d1z2jf7jlzjs58.cloudfront.net
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
ib.adnxs.com
mia-placement-server.rubiconproject.com
news.google.com
p1.parsely.com
pagead2.googlesyndication.com
pixel.thestar.com
px.ads.linkedin.com
px4.ads.linkedin.com
query.petametrics.com
resources.thestar.com
s.pinimg.com
s.thestar.com
s3.us-west-2.amazonaws.com
sb.scorecardresearch.com
se1.vip-dns.fun
securepubads.g.doubleclick.net
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
thestar.cloud.optable.co
thestar.solutions.cdn.optable.co
torontostarnewspaperslimited.demdex.net
torstar.gscontxt.net
tpc.googlesyndication.com
unpkg.com
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.redditstatic.com
www.thestar.com
thestar.cloud.optable.co
104.16.132.24
104.244.42.195
104.244.42.5
13.107.42.14
130.211.23.194
142.251.167.149
144.21.35.228
146.75.28.157
151.101.64.84
151.101.65.140
172.253.63.148
18.215.141.215
192.104.182.109
23.20.31.134
2600:1402:8800::1728:cf19
2600:1f18:1430:9001:709e:5b7e:3de:fd66
2600:1f18:44f0:4846:5095:755:8694:ede5
2600:9000:215f:8200:8:2ae1:d740:93a1
2606:4700:10::ac43:1b1f
2606:4700:10::ac43:293c
2606:4700:20::ac43:4513
2606:4700:3030::6815:15e2
2606:4700:4400::ac40:9256
2606:4700::6810:7baf
2607:f8b0:4004:c06::54
2607:f8b0:4004:c06::65
2607:f8b0:4004:c06::84
2607:f8b0:4004:c07::66
2607:f8b0:4004:c08::5e
2607:f8b0:4004:c08::61
2607:f8b0:4004:c08::9b
2607:f8b0:4004:c09::6a
2607:f8b0:4004:c0b::84
2607:f8b0:4004:c19::9a
2607:f8b0:4004:c1b::5f
2607:f8b0:4004:c1b::71
2607:f8b0:4004:c1b::9b
2607:f8b0:4004:c1d::5e
2607:f8b0:4004:c1d::84
2607:f8b0:4004:c1d::9a
2607:f8b0:4004:c1f::66
2620:1ec:21::14
2620:1ec:c11::200
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
2a04:4e42:200::396
2a04:4e42:77::84
3.161.212.32
3.162.3.55
3.162.7.119
3.162.8.154
34.107.254.252
34.149.155.241
34.160.43.93
35.190.14.224
35.241.9.51
35.81.90.104
44.215.65.75
52.205.167.202
52.218.178.232
52.85.107.60
54.192.50.230
54.192.51.12
54.192.51.26
63.140.39.22
68.67.178.10
01594e833d67163c5d71c470fb205ab5dcea6c114cb3408c3aed83d139697c36
02d4a3e3bc55fb2c10464afa89e283d1d017f6a309634709009f0e3ec5455e26
02e406be3baa8bc806c3cd234922e40bba42fa77a527b3e110036f387bc5308e
052b4d85a59a3bd13b75cab7d9cd84e2036cb44924aa86e499ed0f103d958355
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
095cc79a8d23cf53f4363500b8a08cc1b185ff21bbe2bc81d1168d4bc53e04aa
0acff355a123d849b520cf5a94fba9e18840b78a57f67e7ff984ad7272821d48
0e396c44938ac792546ac6681c44921a2f64c28e51fe363ddfa43ade287152c4
0e51d53b4513a76861c42a278ecb208963d19159bd9077c004a980393cb858c9
10097297083eaa36a852807198f7327aa843311126e27b22b52d38aa4516fba0
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
16338c70f3e822ce39edec6aa73c2bd7ae5e314a35034a1dbba3523b5202d52b
172976347d75b83beeb31a0aa3aaf37e8f4c967b26ef9fd9a7a9d131afb5c796
1814639fba8ef3f0073a4b731eb45cda676210dc9cbc24d91094136ea8d42bd3
190e1101cde57367a86dd7f3df29194cf2b78968948c793f424d5f144897b9b7
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1ba4ae92443c9ba28eca1b8ec9518ab540ad3ac55b9d8864cdb050d72f92b212
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
208e5d881a92d84ae1c0e296c5bafe669ec7ac8f87ede263ff5a84de441bdb55
22708b4a65181f19f491898d8710015e4f4ba610ccc09d0a3773cc344f9d5d79
22cf1baba55eced80d7ebb0de51fc8961757ef581964f8e10ebc8676399eba81
24148128a2798f06838595df2311ca2819a12886fa4b851f34fa25ce61a0735f
252c99e29ed1cc4653fb0d04022ed1f90d2c354a709a970ae6bc1785a3442252
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2736d55a4da2c1d7e1cec02b86d6432aabe15a41f5f86803b5fa5fbe3cae8a64
2935e77ba4a31d658633687964df779e6a6acd911252186240c22eafeba8bc36
296ffff5be5fa17a541df8e925d24e473ced64d535f543542bebc15759b761fd
2a1e5cb2e122a0711fa13ef4e37aba5c92dd1701713aff94321eb1e069349680
315dac8e324eec26e6d3f87c05fd592f76094e2500728401ba3e4b6dd84d291b
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
32209e964449881b7f2a21086506deccc49063673c2cfff6288598f843fc81c4
3775aaf637f98b3458e5c6693e618184d99dbbf17d21013593b3cf2868aaacd4
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
38f8f0159d3a0413f14a75d0074c1d8a1ffca1fa8acb818b86684bb11628e3b7
39af5bc38f03afb9bbcacadacdf8ce2adc5f6745217ef8868696c6cb38e2bfe0
3b21241483c33ff4dbad571288e7dd72effca1665b88eadb2d4b210ae93bfa6a
3bdd106e25127f639579492a55bb1a4f56930da30968eb1e3a537e84fb87cd27
3e376deaeb30858026260be3d2bd058d03c0b007cb7133c0d6fea15d775afd86
3f12019df132ad610b28cc02da1b21b792d534213143536ce09d5b8b9433cc99
406896b6f448ff769f707b0a09e183da5817a11dea1a2d430362f9dc0e2c2aa5
4353442b296c53f51d82efc2617406d68cc278bd08c2ce4ca96daa9fcc2c77e3
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45f265d91f0d046e0bf176d32af863a7e497d1c4fa27b488cb0d7a0f539c21e3
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
471004b40deb095c4400eb0baca42077b89561ce539158c2f5428cb1653bc561
47220c4c850d2a71293522af7071da5706951e1cecc6dddce7bc78343f48de1e
481d77f5d1a9c24f102bb6af246ecbff595011e0d73e70b652c39d702565d47d
48afdb2dec2cb40047f3f7d0b4f0a22e168fba6d299be08bed11e1221b082aa7
4908103eb097a575d25aecab0b105c51313e35ce211bb70d82ea0ce6e75ed2b3
495386c14ad767d86ce9f5dbec106eb7b4610a431ddfa6cc320e98b854397f80
4b093bf8fe11ce768e5543697030a064da71b347431594daf7efb86f94a201c0
4d063ab8701f5932753a12e9b302d8345ed7ba488f2f3ca6d46912fb60ce2815
4e055c26ecd439ee73765fc8f167b4f23eb9b92608c70b2068b0bc7c3baeb9dd
516743678b07edcf236561fed911dd419248fe4e6ae651c201b2fbd90f2572b9
51ce25754c979ab01982de2dd5cc9eabf37e8e14530e3c7d34b6b06bc741d69f
51e62bc02cd5fca4b743c497a1b1b06096f90407e772e6acf00d6e0ec60970ad
5293e3d1f06d73bbd75b83ab1fd1e3020fd5fc1143e2d628d09cd6dc56f9b427
53426bb3fb09b76cd18d82e241a6b581cd187e3c2c355abda74a072b46a68b95
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
568688d51d1e8ffbfe0b034496cf881e43b2ad5e442789a9a54a4ff32c294d2f
595550d27cabf0dad36e8ddae06a223716e7067ff08607b60e91adab5e06c748
597cf1adbafca51f41aedfbdc509c2e15e81382778e096b1398c66cda6865f2d
5b2defd52a595242462a19753192204f9fa2e94e091a2291fea25bffa4cf890c
5c03070b837ed5f43fd2b4195034005f828cb8af6a53b05b3fe16ee4cca56fd7
5d3a2ddbdb98f21fdaeb9b838fc2dc9851d44290919c39ea64177aa8eb598a0a
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
63e160a19d39f11cbf010500b638b69f89cd5414158b7e65c50d419c26a4dfb4
640ffe794ffc6f498c928232b6433adfc359c060698f38d2eed5f88fe88f9cf6
64d2ce701b1f0b1d910bff7f252ae7a53d5f90cf3efb970163811c757b889d57
64d82f5d2dfd91262b776894417faaedf2159d900d80de148affcb57beee794d
685ee1f5e122fdc218b11e4589efbbfc2c567087e94b65062b13c290aae43a6e
68684d4e091795123c7797a602e056cac24a3355a95b3b198e4fbd65822afcd2
69cf094d35e4017207b9e178fcb4a2238234f9ce928f19dc42bf6bba6b5b950c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b22acf3b276d3f419653cda2fcd12b7a8c87d2b0b34e44511b60a23ab72d7e6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf
6dff4b6cf2300fce1dff67f2f01a14ad1542910af654b813b573b03a174f7cc9
6e1ad03d3c99c7f6291d59b484cac42bd9055b4cb0615e8e9eab28bf06f75ad6
7065a2ec4d3eef56b6e67c96b52f5132184c8f5111742aae0be310c774b16e5d
72956fed691627b50461a9176d096dbfdebe035fab5f653b8b8098d869919d7f
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
741af8d0019a07614a6c6ba62394e9bc564a42e61761510a00c74313ad3ee58c
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
770dcaf045c045c66d6903b436c5b8c6f5d5a466fb3f17b3ba8f778f756b7621
7813f8e7aa4056a1a6bc25c6f593a3dab2d8fe194bcaf98955806679f0d98180
7976a9dfe57f9ba6972420500782258da674fcc523c2def08bb6a84ce275c4b5
798c5de2f80f143d26a5cb250e77df55971cab3eab50184b82158414f4b77d31
79bc46ccfc5b06dc2f6b1f190a00c766b18578816f706146e1c9ad4fe624a37b
79ed49ed2fcc78c231c89ba77da0e9f8829b5b7558f1a84530a3e520e5221179
7b3cf42134c7069baf8bb3becde86e4198002c05ebe928d46feb451238d19ed6
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c4711683ed6f2d79b7aebeb5f9d00be743a943159bdb57faf129412ed1de94c
7e4fde2a7e2da4eb11065a29f03b7f68566665515cf79bf4841168b46508dda5
84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b
85e1ef3c0d8442b0131cdc81c03f99a175a6b6cd326c8166a5867d1bf15a37d3
89934847c372d12ce50d2dfc8c65830943897609ca1cd786afa4561c8b345f4a
8a23c44de48fb21cbcd562cdf009d5d3049c6e064dea597c2e00f4539487909d
8a56dac4c76462f94ce17feba0e6f9dc1701b1578872fdb71d51296d4289fa54
8bba9687afeda017cbf549538f5433e397e901a3b452306988a7999db6f1a8ce
8c0e1f95aa09754b10449fd8cd7f2e76d8f232d1038b6cf7454db558ac79962e
8e683a0ae8fc37aeae8fd20643faef0341fe5cf01c30f25f41d6bad28b1a8365
8fccb27bed15422298100f23773bbc262d36964eb5381ed360e06799db31b48f
8fdd8374a779e06a48d7a3f42ffe46ff6776908cba3f2f01fd341fcb1338cd4e
8ffbc359dbfd6b0fe03fc4fe7e521951903c34322e2ef47a2f1216e965e6124d
907bc76e2d90f29830d5d5afc6e28961ec6837594c668c7ac1361c5e980c074b
92847fbfa2adaf5f1907b01d1826b39f3fe26420d481337abe1b096109c42236
92fe1cea3df8fc0e2a03f1c8d0099cb105c7d455ac8be20be165ce6bff558365
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
95ad89143c22c60442bfab4646c8a5e85cef5f091e0f26405a160e2197f73706
96f7e30a4cc5df94843a8087d01d17d7bbcbf4b771da582a763c8b92f3f35890
980c8780366c4be3d8e14ac0a98833e357313bd0c55e9cec1b5f16deec75c049
9886b3d238d00ab2a2a507d71d35eac1101c8a1cad502d3b690b88715d670ea0
991a2eaf7cb9e40d102632bce0690f88ae504ba6546347d97d321a4718dfbbec
9a071edbd33a8e2f0ea098ed016aa4d9ce403ffad9db0346aada942bd24de221
9cefee4c660d3fc32a9c8957e4e5a464fde600f95d50d64e533e9c2b73d7ad2c
9e64359e81821721b21c6f51b9e0194610494fb51368e50ab9ced58364bcccee
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2c767ec61f3ecd854a3b3aab3ed23168707aa1fc9cee0009643a72362d6bfdd
a2c891ccb8576425bd03f5118cdc571f496d60446ad6d3a23f3b29be4f544c3b
a32d1b07af89513f45e0c8e201411e4adfe0b332b96739131dc3d77f736691a0
a3328ca32ac28da67325604f172c5237ed137f6e3ce6c0095e8104bce1623c9f
a68748d776d43bfe747d77a398886e86fafd8e7aa731853d1c06c93758477cff
a6f0cd94eefbd434f5552a36b7b4ce1b87daef60c2dc751547f404bd263211f0
a8a4a852dedcc7e3b6bb2c6acffac1a82a31828a00749ce2a8c2d6dd5f268dd9
a8b88b817bb9842c3a440c3bf5a377863eaec2de43f66340fd7c3ef053f7ee66
aa4391f03da55de95caebed478d3e1183fb01a3e8f1c5891a48e75717ed2bed9
aadfdde0a0aea4dd6e3bfb60868f546b2e30db7f8d5b3549af99915a8e7294f9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1139a764a2eae949ca1358aa7a387a7d6812f277016c070e28279f2639da412
b1b1ba9f3d21081238cdd860f56bd67c5f1db21b6deb58d9c32cbb86457b0acb
b4d761997ba2a3f1ea317d27c2a5a1ce730d575ff860e5e547d91264b2b9ea2a
b5348904074ca7f09e3078c2afcabad0f0c9cafcfc751566e93d90ceaa75b887
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
b68de0d4b6196b20faf6934569860f77416ff02a5845c88b951a0d983c3dacf1
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83
b7f817d35152e6280e12fa0a2895ec47b65085df83867b00d766f9a0e5595a37
bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332
bc0bfc50d3ff4175132b7da1ef0adf7761ded5cb2782e55edb1948da3480abd8
bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938
be8e9ffbef2b635acc551ab9849052b3c1c712bf6f414e301d61aec3d06a6609
bf5e49995435884e3de7eb5d4fa3d6c5615b7f04349b0686a4a368e1fc672332
c069452cbace0c3dcd7e23c99b132f659ae91606f0ba3a8dde094b55efb5c7e9
c2ab34321ef0a61378759396e72284c4ee6c055bf11521b655d1e5b5a435a8b5
c6ac86cfcd875307be77577d580d25f3e0868dfeebd12080b3fe1044c378dbb9
c7e791cd90e0a1f79ac0639e79e74527567696f3d5420566415c7234123f432e
ca291fc96c6a0c82390c67f84a1332316d9aa03932cbbc7a4705a7725083e416
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cf3e21aad61783d6e6908e5631c43656c05a34a9c7f64eab44dcd7fc58562aa8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cfdc6de616888b45b0512d78da2f170db95056889243e4b6bdccfa9800d504b9
d02b397278e1ec9f9cbf1c4dc2c1fb0a129628b150bc43d0050b0747b974b37b
d134923b5f849cfe96e2c9a6fa1618152c9063610dd025c4648666a54ca2b03b
d2118942ee0d12956100f56f088653b9d22d114dd086d1710e092d20cdb20924
d33e95af1d7e00a025851cc0fe96c45bc900e06724afb79b28f078592fdf5c2c
d3e8f1eb1391780e4d77b2b47e6b25799bfccf566138ce3c3838989065a2776f
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d86f48fcffe1483df55bdb177ac658caafa4dd1b9da54ce438d89a25c5007c5e
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
ddbff4c1aa5d73b2d405ea7e06c70e49875ff21b255772671a26310a41f265f7
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dffcbfbe46ea17eb11dda6fe7ddfce75250761d95388959ba7da2de219d8569c
e00f72120d1aef5624549a6cd320847b51086db7ece170938a9c8790a8b00fa9
e1132ef1a0e1e66eb253ec8a331ae9b3607499da22a7ed9e4f4a95d07835fd60
e3562b97f2ff5b2f77206cd279021943c479abd3c2e219f1a20bd3388463362a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e569fcc5ec0c85a907eb139f85cdd26a6657a668fdc9b5697d3b7efabd1c87b8
eec8fb654765dfbba9b783382bfc8ecda7db21a2e24ffde27d19624ae2287d9e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef568fbc01141a9c6d58ac87598529557146f0b393d81b52e49f5572f9124ee6
efff559f6c86b2f0842abbb9fb798ad2865896f12350c91dddf1be3d9b815eb1
f547192bde5a219c8f0e5dfcfe7260ad176ec71e0632915546a6c18ea4ef982d
f6a6c72c0d70f8b02866d393ad3af63a475d96d7d8ddf1eb11836307930a03a2
f83b1a3ea61ad62e47fad82de5495a2547e2f12e591ad8108050538c566ae1e3
f99bc8a797236529795e9de685a36b88ffaa0d7709371daf535d8b9d9829588a
fb2f714f6b56241d640749b5c0e8986cd6f72828456d82941f78771216b0f7b5
fb5fef2b74df9432a28f51410a27fce845778826f87fe109d4d830522fe6e7f7
fbc774cb96be46cab2c4f68a761ba7f4b5cfa0bd2d7a9487e1fbed4b60e547c5
fd2c680964b28dc283f3518e21720cd2f886e7bdb8d2f5b47809ef836c337d52
fd7b0d1513a92c745dd42a9e3d3009d5a88bbc4f1052a1b592eac18c70dd23a3
ffa5af81b89df8147200d863ec4f65da7554c3f1ce55e201ce0510ab4ca84486

se1.vip-dns.fun Open in urlscan Pro 2606:4700:3030::6815:15e2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

241 Requests

96 %HTTPS

50 %IPv6

45 Domains

70 Subdomains

66 IPs

3 Countries

3505 kBTransfer

11445 kBSize

46 Cookies

71 Outgoing links

Redirected requests

241 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

se1.vip-dns.fun Open in urlscan Pro
2606:4700:3030::6815:15e2 Public Scan

Screenshot
Live screenshot

Full Image

241
Requests

96 %
HTTPS

50 %
IPv6

45
Domains

70
Subdomains

66
IPs

3
Countries

3505 kB
Transfer

11445 kB
Size

46
Cookies

241 HTTP transactions
2 data transactions