image5.image2.drinkwithmario.activity.gooficenews.com Open in urlscan Pro
157.230.255.8  Public Scan

URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Submission: On February 21 via automatic, source certstream-suspicious

Summary

This website contacted 26 IPs in 10 countries across 27 domains to perform 143 HTTP transactions. The main IP is 157.230.255.8, located in Singapore and belongs to DIGITALOCEAN-ASN, US. The main domain is image5.image2.drinkwithmario.activity.gooficenews.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on February 21st 2020. Valid for: 3 months.
This is the only time image5.image2.drinkwithmario.activity.gooficenews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
48 157.230.255.8 14061 (DIGITALOC...)
1 2 35.244.167.129 15169 (GOOGLE)
1 35.227.202.26 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
24 2a00:1450:400... 15169 (GOOGLE)
1 143.204.202.66 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 3 23.43.115.95 20940 (AKAMAI-ASN1)
1 13.35.253.69 16509 (AMAZON-02)
18 216.58.207.66 15169 (GOOGLE)
7 2a00:1450:400... 15169 (GOOGLE)
1 13.35.254.43 16509 (AMAZON-02)
3 143.204.202.36 16509 (AMAZON-02)
4 2a03:2880:f01... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
4 13.124.63.120 16509 (AMAZON-02)
6 2606:4700:10:... 13335 (CLOUDFLAR...)
2 13.231.23.26 16509 (AMAZON-02)
1 168.95.245.1 9680 (HINETUSA ...)
1 172.104.37.28 63949 (LINODE-AP...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
4 107.178.241.176 15169 (GOOGLE)
1 1 116.50.36.71 18046 (DONGFONG-...)
2 2 54.229.35.82 16509 (AMAZON-02)
2 2 147.75.102.200 54825 (PACKET)
4 2a00:1450:400... 15169 (GOOGLE)
1 54.205.121.1 14618 (AMAZON-AES)
143 26
Apex Domain
Subdomains
Transfer
48 gooficenews.com
image5.image2.drinkwithmario.activity.gooficenews.com
image3.image2.drinkwithmario.activity.gooficenews.com
image4.image2.drinkwithmario.activity.gooficenews.com
image6.image2.drinkwithmario.activity.gooficenews.com
image1.image2.drinkwithmario.activity.gooficenews.com
image2.image2.drinkwithmario.activity.gooficenews.com
704 KB
21 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
271 KB
13 googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
280 KB
10 googletagservices.com
www.googletagservices.com
231 KB
6 thenewslens.com
tnla.thenewslens.com
ink.thenewslens.com
16 KB
5 google.de
adservice.google.de
www.google.de
801 B
4 ampproject.org
cdn.ampproject.org
96 KB
4 onevision.com.tw
onead.onevision.com.tw
1 KB
4 amnet.tw
a.amnet.tw
24 KB
4 facebook.net
connect.facebook.net
203 KB
3 lndata.com
cdn.lndata.com
cm.lndata.com
s.lndata.com
13 KB
3 google-analytics.com
www.google-analytics.com
18 KB
3 scupio.com
img.scupio.com
13 KB
3 google.com
adservice.google.com
www.google.com
522 B
3 scorecardresearch.com
sb.scorecardresearch.com
2 KB
2 exelator.com
loadus.exelator.com
2 KB
2 adsrvr.org
match.adsrvr.org
901 B
2 facebook.com
www.facebook.com
323 B
2 ematicsolutions.com
api.ematicsolutions.com
sg2-api.ematicsolutions.com
46 KB
2 googletagmanager.com
www.googletagmanager.com
55 KB
2 cloudfront.net
d31qbv1cthcecs.cloudfront.net
d1r1je24p3mdzk.cloudfront.net
2 KB
2 appier.net
apn.c.appier.net
ad2.apx.appier.net
281 B
1 guoshipartners.com
ad-specs.guoshipartners.com
10 KB
1 alexametrics.com
certify.alexametrics.com
549 B
1 youtube.com
www.youtube.com
1 googleapis.com
fonts.googleapis.com
684 B
1 mookie1.com
tw-gmtdmp.mookie1.com
362 B
143 27
Domain Requested by
27 image5.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
18 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
image5.image2.drinkwithmario.activity.gooficenews.com
10 www.googletagservices.com image5.image2.drinkwithmario.activity.gooficenews.com
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
9 image3.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
image5.image2.drinkwithmario.activity.gooficenews.com
cdn.ampproject.org
7 image1.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
6 pagead2.googlesyndication.com securepubads.g.doubleclick.net
pagead2.googlesyndication.com
image5.image2.drinkwithmario.activity.gooficenews.com
5 tnla.thenewslens.com image5.image2.drinkwithmario.activity.gooficenews.com
tnla.thenewslens.com
4 cdn.ampproject.org securepubads.g.doubleclick.net
4 onead.onevision.com.tw ad-specs.guoshipartners.com
image5.image2.drinkwithmario.activity.gooficenews.com
4 a.amnet.tw image5.image2.drinkwithmario.activity.gooficenews.com
a.amnet.tw
4 connect.facebook.net image5.image2.drinkwithmario.activity.gooficenews.com
connect.facebook.net
4 adservice.google.de www.googletagservices.com
pagead2.googlesyndication.com
3 www.google-analytics.com 1 redirects image5.image2.drinkwithmario.activity.gooficenews.com
3 img.scupio.com securepubads.g.doubleclick.net
img.scupio.com
3 sb.scorecardresearch.com 1 redirects image5.image2.drinkwithmario.activity.gooficenews.com
3 image6.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
2 loadus.exelator.com 2 redirects
2 match.adsrvr.org 2 redirects
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 www.facebook.com image5.image2.drinkwithmario.activity.gooficenews.com
connect.facebook.net
2 www.googletagmanager.com image5.image2.drinkwithmario.activity.gooficenews.com
2 adservice.google.com www.googletagservices.com
pagead2.googlesyndication.com
1 sg2-api.ematicsolutions.com api.ematicsolutions.com
1 s.lndata.com image5.image2.drinkwithmario.activity.gooficenews.com
1 cm.lndata.com 1 redirects
1 www.google.de image5.image2.drinkwithmario.activity.gooficenews.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 ink.thenewslens.com image5.image2.drinkwithmario.activity.gooficenews.com
1 api.ematicsolutions.com image5.image2.drinkwithmario.activity.gooficenews.com
1 image2.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
1 ad-specs.guoshipartners.com image5.image2.drinkwithmario.activity.gooficenews.com
1 cdn.lndata.com image5.image2.drinkwithmario.activity.gooficenews.com
1 d1r1je24p3mdzk.cloudfront.net image5.image2.drinkwithmario.activity.gooficenews.com
1 ad2.apx.appier.net 1 redirects
1 certify.alexametrics.com image5.image2.drinkwithmario.activity.gooficenews.com
1 www.youtube.com image5.image2.drinkwithmario.activity.gooficenews.com
1 d31qbv1cthcecs.cloudfront.net image5.image2.drinkwithmario.activity.gooficenews.com
1 fonts.googleapis.com image5.image2.drinkwithmario.activity.gooficenews.com
1 tw-gmtdmp.mookie1.com image5.image2.drinkwithmario.activity.gooficenews.com
1 image4.image2.drinkwithmario.activity.gooficenews.com image5.image2.drinkwithmario.activity.gooficenews.com
1 apn.c.appier.net image5.image2.drinkwithmario.activity.gooficenews.com
143 43
Subject Issuer Validity Valid
image5.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
c.appier.net
COMODO RSA Domain Validation Secure Server CA
2017-11-17 -
2021-01-05
3 years crt.sh
image3.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
image4.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
image6.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
image1.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
*.mookie1.com
DigiCert SHA2 Secure Server CA
2019-02-07 -
2020-03-22
a year crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2
2019-07-17 -
2020-07-05
a year crt.sh
*.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.scorecardresearch.com
Sectigo RSA Organization Validation Secure Server CA
2019-12-16 -
2020-12-25
a year crt.sh
certify.alexametrics.com
Amazon
2019-07-26 -
2020-08-26
a year crt.sh
tpc.googlesyndication.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh
*.scupio.com
Sectigo RSA Organization Validation Secure Server CA
2019-10-15 -
2021-10-28
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-01-16 -
2020-04-15
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
a.amnet.tw
Let's Encrypt Authority X3
2020-01-17 -
2020-04-16
3 months crt.sh
ssl368594.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-12-07 -
2020-06-14
6 months crt.sh
*.lndata.com
GeoTrust RSA CA 2018
2018-11-08 -
2020-12-07
2 years crt.sh
ad-specs.guoshipartners.com
Go Daddy Secure Certificate Authority - G2
2019-01-21 -
2021-01-21
2 years crt.sh
image2.image2.drinkwithmario.activity.gooficenews.com
Let's Encrypt Authority X3
2020-02-21 -
2020-05-21
3 months crt.sh
*.ematicsolutions.com
RapidSSL RSA CA 2018
2018-08-21 -
2020-05-03
2 years crt.sh
www.google.de
GTS CA 1O1
2020-01-29 -
2020-04-22
3 months crt.sh
onead.onevision.com.tw
Let's Encrypt Authority X3
2020-02-18 -
2020-05-18
3 months crt.sh
misc-sni.google.com
GTS CA 1O1
2020-02-12 -
2020-05-06
3 months crt.sh

This page contains 13 frames:

Primary Page: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Frame ID: 807CB6BC15FFB436B371EC753202D24C
Requests: 97 HTTP requests in this frame

Frame: https://www.youtube.com/embed/FA4So_bM1N0
Frame ID: 75743C4625D7A6022DA3BFD0E63919B3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxs1CwECDVzhtbbeYzAeEAuuQiA9fjyyrb9_vpaGJi11p49vW3hbfXqdenc6Aqw0SsX1TfUuluvvzTDt3CLeBvWBnAsgrXeIfbdpdijshLTvKvBubgibbNyQxgQdfH9w2i6zatO2Fwcdch6WLt8J4_SRL-oQ0qj2KblIGb6L6s5UqG81Auh2nwmXj5WFPmyA6OvBviu8fFVmgM0XPFRFs4JWCWrdm1mAxHnRLJV5zA1OTVl67_ag9FWzd79f_KvWDUE2sNQBEZRc7YExMps__aLFVqumc6QubvZavRlgf17bjx42yTtTv2YAzPh68M-qw&sai=AMfl-YRl9ye7KRAWQj829AEeRhjkaQ9-IgxioMY5vl2rzlwjvFL1hxijwIekCMlAQ552Dm9UrYZKYNKup5pTP4QUCrHY5JUyxKlVcQB2PVGT&sig=Cg0ArKJSzBZrlqcsIEKREAE&urlfix=1&adurl=
Frame ID: 5A75EB2D9735E0BA6D82664DC7E51E5F
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvbWOK9xdgtDz5krDxBAU84Xvik---wAAcXWcgnN4aK-oiMdW5wDBHnsPr-DgUCBwB9E776q7jtfEV_g2Lu2d_VNlZheGDx1uxZii9ThNqeqtS_ITJ8J5P7qNjnmlkncsGeKwzv0aOD-ZJwvLee9durOnSGNBSyABwYBLThBdJJIrWfPO2kCQWR8BzSV0scY9nUmtNfaHYZ3kw-ozy4R5GXhKPO1iA2HmouZPPaUcLHwjMnIvsX2887eN-aDY4U-_HkxrJn4rqrxc9bFRs1XNqoYBe3FVigOlex5Gf3DsD8WQg2pzOPaxao3Q_hDYbmMk8ptZo&sai=AMfl-YR_Pv6NiFJ0cP3OwgHLZJbuuBZTruado2tWliidny8bsM0CAsQRkLfhpeNqDINGWx-YG4jxaDeHq6qIWp2GFcOkMZ61D8PxYTMAOZMdZg&sig=Cg0ArKJSzNVOOrTLVLyxEAE&urlfix=1&adurl=
Frame ID: 17439D1BD094C63A92C45C6812918BE8
Requests: 5 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstb6WIfs7bctJuxayzGqx4dM9aYfPpuc4D8UlGfXllr4pkM6k4674a3Dqt18MqEIUahdpxHkKTYaOWEBJfULLNji1ViID4OF0JUnHseSHgZF_HaaxuDMPfD61xjM-nIcYwDOjDiX9XUnZ6zcN3OXOK_cLhCTmw5E0nbF7zDr7yzhJZiKYb3b9caElxbW-CCRp8-wa04-CvcZ3ug0z1MdTlOlg6xZGvftSXLo3AIqf_xytIoy_iJJRAQ40u4rzY3l5PXuM8mDQM3qqruE_Ow2XZiEXjchB0Ih6PUQsywOpoDNXbeQtWjAvSQhBv07EdP-zFbmg0QCrqSwg&sai=AMfl-YTbEYS8pOFBo4GzjxGR8gLa0og2zWMvKkjpVsTjcABTo-OvH07bv3bs8RLy8mpLaDgouAiU7VuPVm_V8K_XyvxDwMhNlii9WIxeKl9rFg&sig=Cg0ArKJSzOF5YSXIw4dzEAE&urlfix=1&adurl=
Frame ID: 5513B9C3741EEDB98739DD0BBC97BCB6
Requests: 13 HTTP requests in this frame

Frame: https://img.scupio.com/html/ad.html?v=1.0.21&id=scupio-sc-3946-17276-505111
Frame ID: 7D2854CEABD785DE8EDF1DE2D840571A
Requests: 1 HTTP requests in this frame

Frame: https://tnla.thenewslens.com/static/uuid.html
Frame ID: FBE44100C541DA1EF4DF128502F1232D
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvUtgiCYqv8CeK8bhDBn2nM-gPK1USGQx1L-oxmx28tNfLFu8UQELzzHHfPX72YGDgiZEcvZd2FZyb3B5537ZJwvteSoDbgwko-62dZ0CpBoVN3HBxsigZI9goP305HFfEaAj3il6WQoutWmjWKUmXvYzQsGaTB5_ZFSHZ-vtL4DhSqjYSDjtSQNa7bWgl0rKW-Ec5QCY0eov9Lfa0Gneimxn42SSCrCa1TfDO2L-oRM9yX3yR9U1gsDy1GlJxp4dyDdIBkr5L-PH0kMRi7WIcMvK9WINBNqLLmZNl-MXaiXEz1bEVu3tcuehMX9gmkiwhePXTsBA&sig=Cg0ArKJSzD2mp9xFCR-BEAE&urlfix=1&adurl=
Frame ID: D9DEBDE3DC5FCCEEED219E3D2CE0E57F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/zrt_lookup.html
Frame ID: DB35300F0907883202B96732044CBC84
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Frame ID: 8DCC9CD586EF263E857F019ECE84477A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3525848408859661&output=html&h=250&slotname=5485453447&adk=1691734699&adf=4198862036&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1582270371367&bpp=14&bdt=37&fdt=52&idt=52&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&correlator=8223954728311&frm=23&ife=4&pv=2&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=925032070&ga_fc=0&iag=15&icsg=682&nhd=2&dssz=11&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1049&ady=6712&biw=1585&bih=1200&isw=300&ish=250&ifk=259013800&scr_x=0&scr_y=0&oid=3&pvsid=807479602300311&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.r5o96oxbf5uf&btvi=1&fsb=1&dtd=93
Frame ID: BD7D3410444FFA8232C9F093C3DB9556
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 5205249B88839CC5FB6B34F2189C17F6
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012002112037430/amp4ads-v0.js
Frame ID: 8CAB82D8B14061485180ECC20A990130
Requests: 6 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i
  • script /\.scorecardresearch\.com\/beacon\.js|COMSCORE\.beacon/i

Page Statistics

143
Requests

100 %
HTTPS

40 %
IPv6

27
Domains

43
Subdomains

26
IPs

10
Countries

1986 kB
Transfer

4899 kB
Size

26
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45
  • https://sb.scorecardresearch.com/b?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&c7=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&c7=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&c9=
Request Chain 58
  • https://ad2.apx.appier.net/www/delivery/js.php?zoneid=2373&id=idz62bgf2hfou4dtd HTTP 302
  • https://d1r1je24p3mdzk.cloudfront.net/pb/pb_test/2373.js?zoneid=2373&id=idz62bgf2hfou4dtd
Request Chain 99
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=617447426&t=event&ni=1&_s=1&dl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ul=en-us&de=UTF-8&dt=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=PageView&ea=undefined&_u=aCjAAEAB~&jid=1082622675&gjid=2058991225&cid=159077773.1582270371&tid=UA-41537444-1&_gid=973871819.1582270371&_r=1&gtm=2wg2c0TSZ536&did=i5iSjo&cd12=159077773.1582270371&cd13=1582270371254.kr2kb77d&cd14=2020-02-21T08%3A32%3A51.257%2B01%3A00&z=1775943424 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_gid=973871819.1582270371&gjid=2058991225&_v=j81&z=1775943424 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424&slf_rd=1&random=2003903194
Request Chain 109
  • https://cm.lndata.com/?tid=3829&uid=fb472df2-8c5e-4a35-83f0-84a3e2028f79&redir=https%3A%2F%2Ftnla.thenewslens.com%2Flndata-cm%3Ftnla%3Dfb472df2-8c5e-4a35-83f0-84a3e2028f79%26host%3Dimage5.image2.drinkwithmario.activity.gooficenews.com HTTP 302
  • https://tnla.thenewslens.com/lndata-cm?tnla=fb472df2-8c5e-4a35-83f0-84a3e2028f79&host=image5.image2.drinkwithmario.activity.gooficenews.com&uid=sdfae896f4bfd632d79
Request Chain 122
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1 HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=69228375-03c4-4e9f-b98e-3dbeb89befdb
Request Chain 123
  • https://loadus.exelator.com/load/?p=1385&g=1&j=0 HTTP 302
  • https://loadus.exelator.com/load/?p=1385&g=1&j=0&xl8blockcheck=1 HTTP 302
  • https://onead.onevision.com.tw/v2/pixel/nmc?id=ba051112404bc820c1851a37f3b71c2d

143 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
image5.image2.drinkwithmario.activity.gooficenews.com/
96 KB
20 KB
Document
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
9fe9373b9d1c8bba38001675ad6a841eba0fab8809ea4d60afb2035e34a14447

Request headers

Host
image5.image2.drinkwithmario.activity.gooficenews.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 21 Feb 2020 07:30:42 GMT
Server
nginx
Set-Cookie
_tnl_auth_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC93d3cudGhlbmV3c2xlbnMuY29tIiwiaWF0IjoxNTgyMjcwMjQwLCJleHAiOjE1ODIyOTE4NDAsIm5iZiI6MTU4MjI3MDI0MCwianRpIjoiNzlISmFwSWtxRllqWjc5dyIsInN1YiI6IngweXc5N2tmaTNxcDdkanR0dWJrZ2ZkM2RlMmpuaTAzOTJjeGFwNDEifQ.gqf6aw_zrtDL435sgaSRNAHl2BzYi_AJ56OfXUyIIqQ; expires=Sun, 22-Mar-2020 07:30:40 GMT; Max-Age=2591998; path=/; domain=.thenewslens.com; HttpOnly
Transfer-Encoding
chunked
vendor-4efee60e2d.css
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/
52 KB
11 KB
Stylesheet
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/vendor-4efee60e2d.css
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
df578336fc2326189fad55fadb472f71199e164ca193565da35f59987c960d2f

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 21 Feb 2020 07:31:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Sep 2019 04:14:19 GMT
Server
nginx
Age
1932368
Etag
W/"5d81af1b-ce09"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Accept-Ranges
bytes
Expires
Wed, 05 Feb 2020 22:45:23 GMT
www-app-21b88e5fae.css
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/
201 KB
34 KB
Stylesheet
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/www-app-21b88e5fae.css
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
54c8ab548913a95a0f6e33a5d463b323b23b315aaec8643121617e7151913a83

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 21 Feb 2020 07:31:32 GMT
Content-Encoding
gzip
Last-Modified
Thu, 20 Feb 2020 03:41:44 GMT
Server
nginx
Age
99946
Etag
W/"5e4dfff8-321ba"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Expires
Thu, 27 Feb 2020 03:45:46 GMT
pb.js
apn.c.appier.net/pb/0wHT9JDiP3SORJx/
283 B
227 B
Script
General
Full URL
https://apn.c.appier.net/pb/0wHT9JDiP3SORJx/pb.js?haid=WhW9fi-p
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.244.167.129 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
129.167.244.35.bc.googleusercontent.com
Software
nginx/1.15.6 /
Resource Hash
6547bc239633aa8fd885e35514187e34bf4472d99759b7add93a931383cbaf10

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:48 GMT
content-encoding
gzip
server
nginx/1.15.6
access-control-allow-origin
*
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
no-store
alt-svc
clear
via
1.1 google
_googleDfp.js
image5.image2.drinkwithmario.activity.gooficenews.com/assets/js/tnl/all/vendor/
606 B
1 KB
Script
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/assets/js/tnl/all/vendor/_googleDfp.js?v=4.06
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
a70530555e39a288c3ca9a6066d4cff3c6add116db07d27eae30dd3b549171b2

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:32:49 GMT
Last-Modified
Fri, 21 Feb 2020 04:47:04 GMT
Server
nginx
Etag
W/"5e4f60c8-25e"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public
Content-Length
606
Expires
Fri, 28 Feb 2020 07:32:49 GMT
slider.css
image5.image2.drinkwithmario.activity.gooficenews.com/www/stylesheets/
2 KB
1 KB
Stylesheet
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/www/stylesheets/slider.css
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
ecb70c17eb8fb4025e896e3e4bc8c38c2fce72b9d12b1321227ef84e5bc6cdb8

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Fri, 21 Feb 2020 07:32:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:06 GMT
Server
nginx
Etag
W/"5e4f60ca-895"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public
Content-Length
632
Expires
Fri, 28 Feb 2020 07:32:01 GMT
publisher-photo-1.png
image3.image2.drinkwithmario.activity.gooficenews.com/assets/web/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/assets/web/publisher-photo-1.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

more-1-icon.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
3 KB
4 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-1-icon.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
99b63b7137e1238c71e61442604f77b263ea8ab2788184f68292fa7a9a17452a

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:38 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-bca"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 22 Mar 2020 07:29:38 GMT
more-1.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
141 KB
141 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-1.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b025871f5b3477503d5ee34991ac7cde3767ce90dadebe8e4b5466008f525834

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-23274"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 22 Mar 2020 07:29:40 GMT
more-2-icon.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
2 KB
2 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-2-icon.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
909606888b4e7fcc0bfe1be097d75f3d43ff47dee7ab72dc6dcd3696e415f836

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-6a4"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Content-Length
1569
Expires
Sun, 22 Mar 2020 07:29:40 GMT
more-2.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
80 KB
80 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-2.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
9e62189c3135ee157294d4ba7fa4f9d7a5f1512190e6c4f978cdfdfc0d24287c

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-13f45"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 22 Mar 2020 07:29:40 GMT
more-3-icon.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
348 B
867 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-3-icon.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c2c7c50a7f5d4d35291400404ea6d66b03379d99ecef18a70f7fc6a94648b5b3

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:39 GMT
Last-Modified
Wed, 23 Oct 2019 04:59:23 GMT
Server
nginx
Age
1921648
Etag
W/"5dafde2b-464"
Vary
Accept
Content-Type
image/webp
Cache-Control
public
Content-Disposition
inline; filename="more-3-icon.webp"
Accept-Ranges
bytes
Content-Length
348
Expires
Sat, 29 Feb 2020 01:42:11 GMT
more-3.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
86 KB
86 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-3.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
63d470166be71aa8dd537ddd6c266a25bf00d20b5432950848f7ef1c349a67f0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-15705"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Transfer-Encoding
chunked
Expires
Sun, 22 Mar 2020 07:29:40 GMT
more-4-icon.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
2 KB
2 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-4-icon.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2dcbd765147e0be326c5bb72c0672f755717e93c34f3166d6527ee369c5fde40

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:40 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-699"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public
Content-Length
1717
Expires
Sun, 22 Mar 2020 07:29:40 GMT
more-4.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
48 KB
48 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/more-4.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
facb1afd94372c4f3617f68296b696a91b88be22a25a000eb2dd5dd09823e7a3

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:34 GMT
Content-Encoding
gzip
Last-Modified
Wed, 18 Sep 2019 07:22:17 GMT
Server
nginx
Age
1139759
Etag
W/"5d81db29-12609"
Vary
Accept
Content-Type
image/webp
Cache-Control
public
Transfer-Encoding
chunked
Content-Disposition
inline; filename="more-4.webp"
Expires
Mon, 09 Mar 2020 02:53:35 GMT
lazy-loading-photo.gif
image3.image2.drinkwithmario.activity.gooficenews.com/assets/web/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/assets/web/lazy-loading-photo.gif
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

igflmkf7ak0w6wfyq38bdzvwvz79ya.png
image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/igflmkf7ak0w6wfyq38bdzvwvz79ya.png?auto=compress&h=240&q=80&w=400
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

ht0yg8p5z0uz8cpd4zmvbov675nh4o.png
image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/ht0yg8p5z0uz8cpd4zmvbov675nh4o.png?auto=compress&h=240&q=80&w=400
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

dfa2f9jpbbgajbjgudy3nzsw8rzesj.jpg
image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/dfa2f9jpbbgajbjgudy3nzsw8rzesj.jpg?auto=compress&h=240&q=80&w=400
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

j4x5x50m307dn0q25e08dixmok4304.png
image3.image2.drinkwithmario.activity.gooficenews.com/2020/1/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2020/1/j4x5x50m307dn0q25e08dixmok4304.png?auto=compress&h=240&q=80&w=400
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

a7qou6iu1q2cq06zfsbbpaeap9b3rj.png
image4.image2.drinkwithmario.activity.gooficenews.com/2019/8/
0
0
Image
General
Full URL
https://image4.image2.drinkwithmario.activity.gooficenews.com/2019/8/a7qou6iu1q2cq06zfsbbpaeap9b3rj.png?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

xjpcc8t47hz9mfy5vxlderfppz0d79.png
image6.image2.drinkwithmario.activity.gooficenews.com/2019/8/
0
0
Image
General
Full URL
https://image6.image2.drinkwithmario.activity.gooficenews.com/2019/8/xjpcc8t47hz9mfy5vxlderfppz0d79.png?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

ok9kzuk3hzc8ka87oo6ji6gd83kppx.png
image6.image2.drinkwithmario.activity.gooficenews.com/2019/4/
0
0
Image
General
Full URL
https://image6.image2.drinkwithmario.activity.gooficenews.com/2019/4/ok9kzuk3hzc8ka87oo6ji6gd83kppx.png?q=80
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

893s2xmxbv50zf1pktlsw6h00vs0zz.png
image1.image2.drinkwithmario.activity.gooficenews.com/2019/4/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2019/4/893s2xmxbv50zf1pktlsw6h00vs0zz.png?q=80
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

nqipzc6g798lyqboh4cagxeje1yhg4.png
image3.image2.drinkwithmario.activity.gooficenews.com/2018/11/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2018/11/nqipzc6g798lyqboh4cagxeje1yhg4.png?q=80
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

dzisv73l87wxmdwytxxozd2d4jilov.jpg
image6.image2.drinkwithmario.activity.gooficenews.com/Avatars/64924/
0
0
Image
General
Full URL
https://image6.image2.drinkwithmario.activity.gooficenews.com/Avatars/64924/dzisv73l87wxmdwytxxozd2d4jilov.jpg?auto=compress&h=200&q=80&w=200
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

dzisv73l87wxmdwytxxozd2d4jilov.jpg
image5.image2.drinkwithmario.activity.gooficenews.com/Avatars/64924/
567 B
567 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/Avatars/64924/dzisv73l87wxmdwytxxozd2d4jilov.jpg?auto=compress&h=100&q=80&w=100
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
33730d686a04e8720af303fd8675216601e370d36a736efdf1cd63d5aa835957

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:32:50 GMT
Server
nginx
Content-Length
567
Vary
Accept-Encoding
Content-Type
text/html
arrow.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
276 B
787 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/arrow.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
8c264a6a9e2004291e6c76c0426176a012dc8378729074498071e63cbb53ab8a

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:35 GMT
Last-Modified
Fri, 12 Oct 2018 04:49:23 GMT
Server
nginx
Age
1313648
Etag
"5bc027d3-195"
Vary
Accept
Content-Type
image/webp
Cache-Control
public
Content-Disposition
inline; filename="arrow.webp"
Accept-Ranges
bytes
Content-Length
276
Expires
Sat, 07 Mar 2020 02:35:27 GMT
logo-w.png
image5.image2.drinkwithmario.activity.gooficenews.com/images/
3 KB
4 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/logo-w.png
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
5ff8ff452b9a81fb18b2a86afa49760da6014b1b4ae5e348cfadbcc6ec1289d5

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:37 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Oct 2018 04:49:23 GMT
Server
nginx
Age
728893
Etag
W/"5bc027d3-100a"
Vary
Accept
Content-Type
image/webp
Cache-Control
public
Transfer-Encoding
chunked
Content-Disposition
inline; filename="logo-w.webp"
Accept-Ranges
bytes
Expires
Fri, 13 Mar 2020 21:01:24 GMT
learn
tw-gmtdmp.mookie1.com/t/v2/
43 B
362 B
Image
General
Full URL
https://tw-gmtdmp.mookie1.com/t/v2/learn?tagid=V2_675356&src.rand=[timestamp]
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.227.202.26 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
26.202.227.35.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:50 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
vendor-66be51ee53.js
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/all/
370 KB
123 KB
Script
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/all/vendor-66be51ee53.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
09668eb7285d208dc7ef9f41ce5da610b3d34256260f1871f47d56fa2f92ccf9

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:29:37 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Feb 2020 07:22:43 GMT
Server
nginx
Age
600602
Etag
W/"5e464ac3-5c77a"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Expires
Fri, 21 Feb 2020 08:39:35 GMT
app-9b78eef1cf.js
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/
129 KB
30 KB
Script
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
56ab0f7602cc7f0c18d2db77259466ae1bb746b73b6ad238ca24c3f5ba1ca204

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:29:37 GMT
Content-Encoding
gzip
Last-Modified
Fri, 21 Feb 2020 04:30:14 GMT
Server
nginx
Age
10523
Etag
W/"5e4f5cd6-20384"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Expires
Fri, 28 Feb 2020 04:34:14 GMT
css
fonts.googleapis.com/
2 KB
684 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:800
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8a0cb280b5ed098d2355de1c7be07ec5daff3b3024b36f6f72a4f9b4334ec2c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 21 Feb 2020 07:32:49 GMT
server
ESF
date
Fri, 21 Feb 2020 07:32:49 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Feb 2020 07:32:49 GMT
gpt.js
www.googletagservices.com/tag/js/
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/assets/js/tnl/all/vendor/_googleDfp.js?v=4.06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba465c06c5d97a14eb025f350f3e13a660571debe2831841097479465dc3a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"434 / 431 of 1000 / last-modified: 1582237388"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14536
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:50 GMT
atrk.js
d31qbv1cthcecs.cloudfront.net/
4 KB
2 KB
Script
General
Full URL
https://d31qbv1cthcecs.cloudfront.net/atrk.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.66 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-66.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Thu, 10 Oct 2019 00:37:14 GMT
Content-Encoding
gzip
Last-Modified
Sat, 16 Mar 2019 16:01:33 GMT
Server
AmazonS3
Age
11602537
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
Cache-Control
max-age=26920000
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA53-C1
Connection
keep-alive
X-Amz-Cf-Id
w6YwW68vPl-Eg2cCVk-9FurT9RU_NPbdep0A1DMsWJXM7jKK-AtXaA==
fn-icon-4.svg
image5.image2.drinkwithmario.activity.gooficenews.com/images/
631 B
1 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/fn-icon-4.svg
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
81a3026e48a54842a085d094728a28bcc2054d5453d408431f76da37ea55104e

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/www-app-21b88e5fae.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:34 GMT
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-277"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
public
Content-Length
631
Expires
Sun, 22 Mar 2020 07:29:34 GMT
fn-icon-3.svg
image5.image2.drinkwithmario.activity.gooficenews.com/images/
606 B
1 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/fn-icon-3.svg
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
57184007762d4a6d964d042d2a45accb552b9f4a7bd1fc03c713e5c8271d37d0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/www-app-21b88e5fae.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:41 GMT
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-25e"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
public
Content-Length
606
Expires
Sun, 22 Mar 2020 07:29:41 GMT
fn-icon-2.svg
image5.image2.drinkwithmario.activity.gooficenews.com/images/
551 B
1 KB
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/images/fn-icon-2.svg
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
7e00f3e0dfb9c4d8dc2d520e1d96e07e54c12426e7e81d56a73e306e651db601

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/www-app-21b88e5fae.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:29:41 GMT
Last-Modified
Fri, 21 Feb 2020 04:47:05 GMT
Server
nginx
Etag
W/"5e4f60c9-227"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
public
Content-Length
551
Expires
Sun, 22 Mar 2020 07:29:41 GMT
fa-light-300.woff2
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/fonts/
54 KB
54 KB
Font
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/fonts/fa-light-300.woff2
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
049b4a1b59502b26d7a8971cf74cc303836f86baa98d586e727d9b99d44f3cb6

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/vendor-4efee60e2d.css
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Feb 2020 07:29:45 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Oct 2018 04:49:21 GMT
Server
nginx
Age
1932158
Etag
W/"5bc027d1-d76c"
Vary
Accept-Encoding
Content-Type
application/octet-stream
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Expires
Fri, 28 Feb 2020 22:47:07 GMT
c5op2v0ycz95hi0sy1g6adu15kswdg.jpg
image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2020/2/c5op2v0ycz95hi0sy1g6adu15kswdg.jpg?h=300&q=85&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

n5t0tve143imkn4oh8ksdvlu136vyq.jpg
image5.image2.drinkwithmario.activity.gooficenews.com/2019/10/
567 B
567 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/2019/10/n5t0tve143imkn4oh8ksdvlu136vyq.jpg?h=300&q=85&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
33730d686a04e8720af303fd8675216601e370d36a736efdf1cd63d5aa835957

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:32:51 GMT
Server
nginx
Content-Length
567
Vary
Accept-Encoding
Content-Type
text/html
f56q5a4ew20roektyjlhop1qawn6li.jpg
image1.image2.drinkwithmario.activity.gooficenews.com/2020/1/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2020/1/f56q5a4ew20roektyjlhop1qawn6li.jpg?h=300&q=85&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

daz5uqh7wigse1uobjl2v9ydz2ofu5.jpg
image3.image2.drinkwithmario.activity.gooficenews.com/2019/9/
0
0
Image
General
Full URL
https://image3.image2.drinkwithmario.activity.gooficenews.com/2019/9/daz5uqh7wigse1uobjl2v9ydz2ofu5.jpg?h=300&q=85&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

FA4So_bM1N0
www.youtube.com/embed/ Frame 7574
0
0
Document
General
Full URL
https://www.youtube.com/embed/FA4So_bM1N0
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
YouTube Frontend Proxy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.youtube.com
:scheme
https
:path
/embed/FA4So_bM1N0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Tue, 27 Apr 1971 19:44:06 GMT
cache-control
no-cache
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding
br
strict-transport-security
max-age=31536000
date
Fri, 21 Feb 2020 07:32:49 GMT
server
YouTube Frontend Proxy
x-xss-protection
0
set-cookie
VISITOR_INFO1_LIVE=TsufIovf6NY; path=/; domain=.youtube.com; secure; expires=Wed, 19-Aug-2020 07:32:49 GMT; httponly; samesite=None VISITOR_INFO1_LIVE=TsufIovf6NY; path=/; domain=.youtube.com; secure; expires=Wed, 19-Aug-2020 07:32:49 GMT; httponly; samesite=None YSC=K0cMksV_Kw8; path=/; domain=.youtube.com; httponly GPS=1; path=/; domain=.youtube.com; expires=Fri, 21-Feb-2020 08:02:49 GMT
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
fa-brands-400.woff2
image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/fonts/
53 KB
53 KB
Font
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/fonts/fa-brands-400.woff2
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
e7906b4357583494a2740f013cf58d0bb06409d2bb978957387035166c83e70a

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/css/vendor-4efee60e2d.css
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Feb 2020 07:29:45 GMT
Content-Encoding
gzip
Last-Modified
Fri, 12 Oct 2018 04:49:21 GMT
Server
nginx
Age
2312886
Etag
W/"5bc027d1-d298"
Vary
Accept-Encoding
Content-Type
application/octet-stream
Cache-Control
public, max-age=2678400
Transfer-Encoding
chunked
Expires
Mon, 24 Feb 2020 13:01:39 GMT
beacon.js
sb.scorecardresearch.com/
1 KB
1 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-115-95.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:32:49 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=86400
Connection
keep-alive
Content-Length
884
Expires
Sat, 22 Feb 2020 07:32:49 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%B...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%...
0
248 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&c7=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&c9=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.43.115.95 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-43-115-95.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Feb 2020 07:32:50 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://sb.scorecardresearch.com/b2?c1=2&c2=17728543&ns__t=1582270369707&ns_c=UTF-8&cv=3.5&c8=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&c7=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&c9=
Pragma
no-cache
Date
Fri, 21 Feb 2020 07:32:50 GMT
Cache-Control
private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection
keep-alive
Content-Length
0
Expires
Mon, 01 Jan 1990 00:00:00 GMT
atrk.gif
certify.alexametrics.com/
43 B
549 B
Image
General
Full URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&time=1582270370725&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=&host_url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&random_number=1742283723&sess_cookie=bb6f519417066a9d3a3481dcef6&sess_cookie_flag=1&user_cookie=bb6f519417066a9d3a3481dcef6&user_cookie_flag=1&dynamic=true&domain=image2.drinkwithmario.activity.gooficenews.com&account=mZ38i1aoZM00G8&jsv=20130128&user_lang=en-US
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.69 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-69.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:24:51 GMT
Via
1.1 b0954612f115b3d0a0db0a669e45ae8f.cloudfront.net (CloudFront)
x-amz-meta-alexa-last-modified
20110117123941
Last-Modified
Mon, 17 Jan 2011 20:41:40 GMT
Server
AmazonS3
Age
480
ETag
"221d8352905f2c38b3cb2bd191d630b0"
X-Cache
Hit from cloudfront
Content-Type
image/gif
X-Amz-Cf-Pop
FRA6-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
y5vwS5JMvb2XyeL_vX5QSNsSxIwpWihWVWNsTxMAuejpPLtBABlWHw==
integrator.js
adservice.google.de/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
pubads_impl_2020021802.js
securepubads.g.doubleclick.net/gpt/
167 KB
61 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
62262
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:50 GMT
ads
securepubads.g.doubleclick.net/gampad/
4 KB
2 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1562745128538959&correlator=3876244213627028&output=ldjh&impl=fif&adsid=NT&eid=21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2Ftw_index_top&sz=970x250%7C1x1&cookie_enabled=1&bc=31&abxe=1&lmt=1582270370&dt=1582270370915&dlt=1582270368710&idt=2166&frm=20&biw=1585&bih=1200&oid=3&adx=308&ady=150&adk=3399313185&uci=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=21&icsg=36527&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x250&msz=1585x250&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=617447426&fws=4&ohw=1585&btvi=0
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
18faf5904379ff034101848a01a88b9341d847b45b32837f74691fc6dec1bcf8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2073
x-xss-protection
0
google-lineitem-id
5063668711
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138269964044
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020021802.js
securepubads.g.doubleclick.net/gpt/
66 KB
24 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
1a36f0a6f239c7826ac18991fae20560138d016bbd336c5e5156b9ef15ebf523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24891
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:50 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

ads
securepubads.g.doubleclick.net/gampad/
6 KB
3 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1562745128538959&correlator=3876244213627028&output=ldjh&impl=fif&adsid=NT&eid=21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2Ftw_index_middle&sz=970x250&cookie_enabled=1&bc=31&abxe=1&lmt=1582270370&dt=1582270370940&dlt=1582270368710&idt=2166&frm=20&biw=1585&bih=1200&oid=3&adx=10&ady=2984&adk=3213821155&uci=2&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=22&icsg=2133679&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1565x250&msz=1565x250&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=617447426&fws=4&ohw=1565&btvi=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
5dc722668ba64c5bae8ddc3722051d637efd25c557d891677d136a56f22e6301
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2756
x-xss-protection
0
google-lineitem-id
5099109482
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138274009306
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
4 KB
2 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1562745128538959&correlator=3876244213627028&output=ldjh&impl=fif&adsid=NT&eid=21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2Ftw_index_contentlist&sz=300x250&cookie_enabled=1&bc=31&abxe=1&lmt=1582270370&dt=1582270370948&dlt=1582270368710&idt=2166&frm=20&biw=1585&bih=1200&oid=3&adx=1006&ady=6712&adk=3993274311&uci=3&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=22&icsg=2133679&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=386x250&msz=386x250&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=617447426&fws=4&ohw=386&btvi=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
4bc940206bdf74cf18941709b6dc30da3805a29858c5b7313b0cb5f546e85969
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:50 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
2085
x-xss-protection
0
google-lineitem-id
5064016031
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138269991515
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
420 B
400 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1562745128538959&correlator=3876244213627028&output=ldjh&impl=fif&adsid=NT&eid=21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2Ftw_allsite_bottom_special&sz=1x1&cookie_enabled=1&bc=31&abxe=1&lmt=1582270370&dt=1582270370955&dlt=1582270368710&idt=2166&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=8376&adk=3806201596&uci=4&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=22&icsg=2133679&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x1&msz=1585x1&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=617447426&fws=0&ohw=0&btvi=3
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
4b85bb3472eafcfcdc1bf32f69911c3bee48c76c6593177c3568d1ee77a2fb42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
222
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
417 B
398 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1562745128538959&correlator=3876244213627028&output=ldjh&impl=fif&adsid=NT&eid=21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2Ftw_no_position_special&sz=1x1&cookie_enabled=1&bc=31&abxe=1&lmt=1582270370&dt=1582270370962&dlt=1582270368710&idt=2166&frm=20&biw=1585&bih=1200&oid=3&adx=0&ady=8377&adk=1007384016&uci=5&ifi=5&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=22&icsg=2133679&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1585x1&msz=1585x1&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=617447426&fws=0&ohw=0&btvi=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
24b61f8acb991f11701b59da76b5800aa3a9f81a6a865bc208ce6e01a9dfabb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
220
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5A75
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxs1CwECDVzhtbbeYzAeEAuuQiA9fjyyrb9_vpaGJi11p49vW3hbfXqdenc6Aqw0SsX1TfUuluvvzTDt3CLeBvWBnAsgrXeIfbdpdijshLTvKvBubgibbNyQxgQdfH9w2i6zatO2Fwcdch6WLt8J4_SRL-oQ0qj2KblIGb6L6s5UqG81Auh2nwmXj5WFPmyA6OvBviu8fFVmgM0XPFRFs4JWCWrdm1mAxHnRLJV5zA1OTVl67_ag9FWzd79f_KvWDUE2sNQBEZRc7YExMps__aLFVqumc6QubvZavRlgf17bjx42yTtTv2YAzPh68M-qw&sai=AMfl-YRl9ye7KRAWQj829AEeRhjkaQ9-IgxioMY5vl2rzlwjvFL1hxijwIekCMlAQ552Dm9UrYZKYNKup5pTP4QUCrHY5JUyxKlVcQB2PVGT&sig=Cg0ArKJSzBZrlqcsIEKREAE&urlfix=1&adurl=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
2373.js
d1r1je24p3mdzk.cloudfront.net/pb/pb_test/ Frame 5A75
Redirect Chain
  • https://ad2.apx.appier.net/www/delivery/js.php?zoneid=2373&id=idz62bgf2hfou4dtd
  • https://d1r1je24p3mdzk.cloudfront.net/pb/pb_test/2373.js?zoneid=2373&id=idz62bgf2hfou4dtd
0
0
Script
General
Full URL
https://d1r1je24p3mdzk.cloudfront.net/pb/pb_test/2373.js?zoneid=2373&id=idz62bgf2hfou4dtd
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.254.43 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-254-43.fra6.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Redirect headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
server
nginx/1.15.6
location
https://d1r1je24p3mdzk.cloudfront.net/pb/pb_test/2373.js?zoneid=2373&id=idz62bgf2hfou4dtd
content-type
text/html
status
302
access-control-allow-credentials
true
alt-svc
clear
content-length
167
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 5A75
71 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b7f95ea376c84f25dd1359009f53c0a00a2999c897fde63e84d8384c019f614
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27379
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
osd.js
www.googletagservices.com/activeview/js/current/
73 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27674
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1743
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvbWOK9xdgtDz5krDxBAU84Xvik---wAAcXWcgnN4aK-oiMdW5wDBHnsPr-DgUCBwB9E776q7jtfEV_g2Lu2d_VNlZheGDx1uxZii9ThNqeqtS_ITJ8J5P7qNjnmlkncsGeKwzv0aOD-ZJwvLee9durOnSGNBSyABwYBLThBdJJIrWfPO2kCQWR8BzSV0scY9nUmtNfaHYZ3kw-ozy4R5GXhKPO1iA2HmouZPPaUcLHwjMnIvsX2887eN-aDY4U-_HkxrJn4rqrxc9bFRs1XNqoYBe3FVigOlex5Gf3DsD8WQg2pzOPaxao3Q_hDYbmMk8ptZo&sai=AMfl-YR_Pv6NiFJ0cP3OwgHLZJbuuBZTruado2tWliidny8bsM0CAsQRkLfhpeNqDINGWx-YG4jxaDeHq6qIWp2GFcOkMZ61D8PxYTMAOZMdZg&sig=Cg0ArKJSzNVOOrTLVLyxEAE&urlfix=1&adurl=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
ad.js
img.scupio.com/js/ Frame 1743
31 KB
11 KB
Script
General
Full URL
https://img.scupio.com/js/ad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-36.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
ed6f286c6c10e3dffdb8b063ef353c3f9d4979279b9c9da4787b09ad33465fc1

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:27:52 GMT
content-encoding
gzip
last-modified
Fri, 21 Feb 2020 04:39:45 GMT
server
nginx/1.12.1
age
299
etag
W/"5e4f5f11-7d49"
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=900
x-amz-cf-pop
FRA53-C1
access-control-allow-origin
*
x-amz-cf-id
E0W0g-GEDxfiUyJa7hDFGXiaFuTT7PkyFsWrr4-bj04Q1JE6KUBT8w==
via
1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
expires
Fri, 21 Feb 2020 07:42:52 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 1743
71 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b7f95ea376c84f25dd1359009f53c0a00a2999c897fde63e84d8384c019f614
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27379
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 5513
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstb6WIfs7bctJuxayzGqx4dM9aYfPpuc4D8UlGfXllr4pkM6k4674a3Dqt18MqEIUahdpxHkKTYaOWEBJfULLNji1ViID4OF0JUnHseSHgZF_HaaxuDMPfD61xjM-nIcYwDOjDiX9XUnZ6zcN3OXOK_cLhCTmw5E0nbF7zDr7yzhJZiKYb3b9caElxbW-CCRp8-wa04-CvcZ3ug0z1MdTlOlg6xZGvftSXLo3AIqf_xytIoy_iJJRAQ40u4rzY3l5PXuM8mDQM3qqruE_Ow2XZiEXjchB0Ih6PUQsywOpoDNXbeQtWjAvSQhBv07EdP-zFbmg0QCrqSwg&sai=AMfl-YTbEYS8pOFBo4GzjxGR8gLa0og2zWMvKkjpVsTjcABTo-OvH07bv3bs8RLy8mpLaDgouAiU7VuPVm_V8K_XyvxDwMhNlii9WIxeKl9rFg&sig=Cg0ArKJSzOF5YSXIw4dzEAE&urlfix=1&adurl=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
gpt.js
www.googletagservices.com/tag/js/ Frame 5513
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba465c06c5d97a14eb025f350f3e13a660571debe2831841097479465dc3a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"434 / 754 of 1000 / last-modified: 1582237388"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14536
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 5513
71 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b7f95ea376c84f25dd1359009f53c0a00a2999c897fde63e84d8384c019f614
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27379
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
sdk.js
connect.facebook.net/zh_TW/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/zh_TW/sdk.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
52f98b20a9fd215ff7bd0913a1f2bc1e1d4f58aee6a81082b0f84cc463d7840f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
ul5Fu1i4h/zN+MjxlzlHaw==
status
200
date
Fri, 21 Feb 2020 07:32:51 GMT, Fri, 21 Feb 2020 07:32:51 GMT
expires
Fri, 21 Feb 2020 07:40:55 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
1783
x-fb-debug
aaQvf31JyttiFOtxh3z8pe+oJK9S3dvg2pVX9UuXIRiom7U/ybHQe0ZscNBo3dBvd1EtAuyZX41DpU3SWQdHCw==
x-fb-trip-id
2000377899
x-fb-content-md5
45f54e60b12bf82fc724139e64f0b222
etag
"618d3562ce78610b7056959d8f14b544"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6261
date
Fri, 21 Feb 2020 05:48:30 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Fri, 21 Feb 2020 07:48:30 GMT
gtm.js
www.googletagmanager.com/
112 KB
29 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TSZ536
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a8739745faf60f6570fd67d14e2206dae538a8f3bc0b1145ffd6f8d27a9f5488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
29547
x-xss-protection
0
last-modified
Fri, 21 Feb 2020 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 21 Feb 2020 07:32:51 GMT
gtm.js
www.googletagmanager.com/
77 KB
26 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TSR7ZS2
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c42581eb5c681510eaf14f702f8341eac021c6b75640d0806129a9ff09fdbf11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
26795
x-xss-protection
0
last-modified
Fri, 21 Feb 2020 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 21 Feb 2020 07:32:51 GMT
ret.js
a.amnet.tw/tracking/
12 KB
4 KB
Script
General
Full URL
https://a.amnet.tw/tracking/ret.js?15822703
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.124.63.120 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-124-63-120.ap-northeast-2.compute.amazonaws.com
Software
openresty/1.11.2.5 /
Resource Hash
0738ff55c4486cad6c16a50600c5cd73624374d271d96b09d51d8dce275c34c9

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:35:14 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Feb 2020 04:05:38 GMT
Server
openresty/1.11.2.5
ETag
W/"5e437992-2e45"
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
tnla.min.js
tnla.thenewslens.com/static/
56 KB
16 KB
Script
General
Full URL
https://tnla.thenewslens.com/static/tnla.min.js?v=1.2
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22bf29a9f911ee77ea1a189cdc28d9c64535f361617029f7b17c7c9b24735a92
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 01 Oct 2018 03:43:52 GMT
server
cloudflare
age
2743
etag
W/"5bb197f8-dee3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
strict-transport-security
max-age=15724800; includeSubDomains
cf-ray
5687075b38911f45-FRA
collect.js
cdn.lndata.com/
11 KB
11 KB
Script
General
Full URL
https://cdn.lndata.com/collect.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.231.23.26 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-231-23-26.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.10.2 /
Resource Hash
1b365cf68a59081dacb89c77857b5fd991d1691c9fe16c952534b26053214355

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:32:51 GMT
Last-Modified
Mon, 10 Sep 2018 09:32:46 GMT
Server
nginx/1.10.2
ETag
"5b963a3e-2c56"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11350
onead-pixel.min.js
ad-specs.guoshipartners.com/static/js/
31 KB
10 KB
Script
General
Full URL
https://ad-specs.guoshipartners.com/static/js/onead-pixel.min.js?_t=5274234
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
168.95.245.1 , Taiwan, ASN9680 (HINETUSA HiNet Service Center in U.S.A, TW),
Reverse DNS
168-95-245-1.HINET-IP.hinet.net
Software
HiNetCDN/1908 / OneAD
Resource Hash
9032e867f62a18d29f00d932ff778a8d31f8f55e009503e4dc83ff9a07273483

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
age
0
x-powered-by
OneAD
x-cache
HIT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
content-encoding
br
last-modified
Thu, 13 Feb 2020 09:43:32 GMT
server
HiNetCDN/1908
etag
W/"1a0d5f-7cb6-59e71ec086b72"
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-varnish
14757201
access-control-allow-origin
*
cache-control
public, max-age=360
access-control-allow-credentials
true
content-type
text/javascript
fbevents.js
connect.facebook.net/en_US/
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/www/app-9b78eef1cf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
2BanJ7U2SLGYOK3DuEO8+hUZQv/3nnak4yOFk3Flm2kJTkVh1y8L5PqY/SfTc2fmRF33s1eRB4h6bJG5hQ2lMA==
x-fb-trip-id
2000377899
date
Fri, 21 Feb 2020 07:32:51 GMT, Fri, 21 Feb 2020 07:32:51 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
login-info
image5.image2.drinkwithmario.activity.gooficenews.com/api/member/
50 B
719 B
XHR
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/api/member/login-info?_=1582270371038
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/build/assets/js/all/vendor-66be51ee53.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
838ed38e3bb9f6884039878b69b1a0d5494df6fae0083d7383860ced74d42972

Request headers

Accept
*/*
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Sec-Fetch-Dest
empty
X-CSRF-Token
7J6ixLU10HVtMxoIwMkedTe7C3QYa0HOMlx6MQmF
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Feb 2020 07:32:51 GMT
Cache-Control
private, must-revalidate
Server
nginx
Etag
W/"9e4ef662d2afd5b9bc42627d55ec0a1e"
Content-Length
50
Content-Type
application/json
kirt5q708xioh5miejle627waav985.jpeg
image2.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image2.image2.drinkwithmario.activity.gooficenews.com/2020/2/kirt5q708xioh5miejle627waav985.jpeg?auto=compress&h=450&q=80&w=750
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

vgi9hxqbmwi95js7gv12gelnxgcerr.jpg
image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/vgi9hxqbmwi95js7gv12gelnxgcerr.jpg?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

v24qxjfeph7ewa8myc8x2gnbu7eehq.png
image5.image2.drinkwithmario.activity.gooficenews.com/2020/2/
567 B
567 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/2020/2/v24qxjfeph7ewa8myc8x2gnbu7eehq.png?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
33730d686a04e8720af303fd8675216601e370d36a736efdf1cd63d5aa835957

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:32:51 GMT
Server
nginx
Content-Length
567
Vary
Accept-Encoding
Content-Type
text/html
ndvl9kl5d2wi754hzh92ejijgmy2sw.jpg
image1.image2.drinkwithmario.activity.gooficenews.com/2019/10/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2019/10/ndvl9kl5d2wi754hzh92ejijgmy2sw.jpg?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

haf880a0hfhnkk5hcdpnk5z7kup4er.jpg
image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/haf880a0hfhnkk5hcdpnk5z7kup4er.jpg?auto=compress&h=300&q=80&w=500
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

601p0300o1l2zic0zi1esqc0ne6dum.png
image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/601p0300o1l2zic0zi1esqc0ne6dum.png?auto=compress&h=150&q=80&w=250
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

truncated
/ Frame 5A75
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc433e3de14185467a75cd55b8e8701b3f41d38d8cbe86461be7c0a9029c2957

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 1743
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
670edbf267770ade28da29bfecc592c96e5859720a504bb9bf03c825bf576ea1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
17276.js
img.scupio.com/js/config/ Frame 1743
806 B
1 KB
Script
General
Full URL
https://img.scupio.com/js/config/17276.js?v=1.0.1749
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-36.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash
8eeefeed4c525368ea30564692b05523f672b516e83be1623875680bc276e67f

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:42 GMT
via
1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
age
9
x-cache
Hit from cloudfront
status
200
content-length
806
last-modified
Fri, 17 Jan 2020 08:37:22 GMT
server
nginx/1.12.1
etag
"5e217242-326"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
x-amz-cf-id
2wa6Cx226BHR_UQli_fkmBFwOuUI78kvtquijhzso5A2mJ8eOKBGOg==
expires
Fri, 21 Feb 2020 10:32:42 GMT
ad.html
img.scupio.com/html/ Frame 7D28
0
0
Document
General
Full URL
https://img.scupio.com/html/ad.html?v=1.0.21&id=scupio-sc-3946-17276-505111
Requested by
Host: img.scupio.com
URL: https://img.scupio.com/js/ad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-36.fra53.r.cloudfront.net
Software
nginx/1.12.1 /
Resource Hash

Request headers

:method
GET
:authority
img.scupio.com
:scheme
https
:path
/html/ad.html?v=1.0.21&id=scupio-sc-3946-17276-505111
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
200
content-type
text/html; charset=utf-8
server
nginx/1.12.1
date
Fri, 21 Feb 2020 07:03:09 GMT
last-modified
Tue, 10 Dec 2019 02:05:27 GMT
etag
W/"5deefd67-5eee"
expires
Fri, 21 Feb 2020 13:03:09 GMT
cache-control
max-age=21600
access-control-allow-origin
*
content-encoding
gzip
x-cache
Hit from cloudfront
via
1.1 6080b2713e502211e152f21f5c59c5a7.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
iS1Q95YyCzaSAtbjjyu2xt3ClrpIr8oIMKAPliKgprSCMFIGszn1CA==
age
1782
pubads_impl_2020021802.js
securepubads.g.doubleclick.net/gpt/ Frame 5513
167 KB
61 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
62262
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
integrator.sync.js
adservice.google.de/adsid/ Frame 5513
113 B
175 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
108
x-xss-protection
0
sdk.js
connect.facebook.net/zh_TW/
194 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/zh_TW/sdk.js?hash=2126071c649726fdc57834445d472ba7&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/zh_TW/sdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5abc54bd7985aea359ba5c9536c88baeb9570d1ecde304c4178deb25a980a8e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
yEsoJ02QmOIEzeHPwRStUA==
status
200
date
Fri, 21 Feb 2020 07:32:51 GMT, Fri, 21 Feb 2020 07:32:51 GMT
expires
Sat, 20 Feb 2021 06:40:50 GMT
alt-svc
h3-24=":443"; ma=3600
content-length
59593
x-fb-debug
6JSYKOvG3GA2EVBn/kgNRN1TPhXAjhHOLzOrRYEXzM8QtD++UrBXBrNfi5DLL8UO3Bup3HsBAPl+fwP+Ts4hqw==
x-fb-trip-id
2080452462
x-fb-content-md5
315a55d69c9c9f31110e95efabd702f7
etag
"dfa8afae939cb90b8f4d7d9cdf5d58ed"
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
uuid.html
tnla.thenewslens.com/static/ Frame FBE4
0
0
Document
General
Full URL
https://tnla.thenewslens.com/static/uuid.html
Requested by
Host: tnla.thenewslens.com
URL: https://tnla.thenewslens.com/static/tnla.min.js?v=1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
tnla.thenewslens.com
:scheme
https
:path
/static/uuid.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
200
date
Fri, 21 Feb 2020 07:32:51 GMT
content-type
text/html
set-cookie
__cfduid=d11430ceec99b6e21f055b8ff7acf60ae1582270371; expires=Sun, 22-Mar-20 07:32:51 GMT; path=/; domain=.thenewslens.com; HttpOnly; SameSite=Lax
vary
Accept-Encoding
last-modified
Mon, 04 Jun 2018 08:22:15 GMT
etag
W/"5b14f6b7-f18"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5687075bea221f45-FRA
1632209740378706
connect.facebook.net/signals/config/
447 KB
112 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1632209740378706?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8d640db97d10da33738da91ed56772468f6aedd77c94eab41b50b9733ea6c81e
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
114919
x-xss-protection
0
pragma
public
x-fb-debug
7DC33E3UijahZe00Ya6a/kaNLgCEV4+BNQcktUrNG4bvjqcZvYW3uKQeTYArpxsOXoAyq4cpQnbWg+odn+4zlQ==
x-fb-trip-id
2000377899
date
Fri, 21 Feb 2020 07:32:51 GMT, Fri, 21 Feb 2020 07:32:51 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ Frame 5513
4 KB
2 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4279498050828852&correlator=364265800072904&output=ldjh&impl=fif&eid=21065399%2C21065203%2C21065305&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F7682122%2FSF_tw_index_contentlist&sz=300x250&eri=2&cookie=ID%3D3f1f57da99900d9b%3AT%3D1582270370%3AS%3DALNI_MY1SGstn7swOT8Axo8050ETn-JwvQ&cdm=image5.image2.drinkwithmario.activity.gooficenews.com&bc=31&abxe=1&lmt=1582270371&dt=1582270371209&dlt=1582270371026&idt=179&ea=0&frm=23&biw=1585&bih=1200&isw=300&ish=250&oid=3&adx=1049&ady=6712&adk=2738494821&uci=i75fnorcnbo0&ifi=1&ifk=55865854&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&iag=3&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&top=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=6&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=101714051.1582270371&ga_sid=1582270371&ga_hid=738761843&fws=256&ohw=0&btvi=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
f7d23637ae57b7854f0eb255116fcd94923285ba755501361a3b3d759b01cd2f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1985
x-xss-protection
0
google-lineitem-id
5064549082
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138270077451
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020021802.js
securepubads.g.doubleclick.net/gpt/ Frame 5513
66 KB
24 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
1a36f0a6f239c7826ac18991fae20560138d016bbd336c5e5156b9ef15ebf523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24891
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 5513
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

truncated
/ Frame 5513
219 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
895ce56db80475a3946d7341585b7aadac7f904a8dd5769e192e100a9f1d35f2

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
ematic.min.js
api.ematicsolutions.com/v1/
152 KB
45 KB
Script
General
Full URL
https://api.ematicsolutions.com/v1/ematic.min.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.104.37.28 Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
nb-172-104-37-28.singapore.nodebalancer.linode.com
Software
nginx/1.12.2 /
Resource Hash
649312081d460f6cb67d35012194e08d5146345402e2936e85b111837240bc5d

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:32:44 GMT
Content-Encoding
gzip
Last-Modified
Tue, 24 Dec 2019 15:48:09 GMT
Server
nginx/1.12.2
ETag
W/"5e023339-2604c"
Vary
Accept-Encoding
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
close
analytics.min.js
ink.thenewslens.com/xdm/analytics/
0
0
Script
General
Full URL
https://ink.thenewslens.com/xdm/analytics/analytics.min.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

collect
www.google-analytics.com/r/
35 B
101 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=617447426&t=pageview&_s=1&dl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ul=en-us&de=UTF-8&dt=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aChAAEAB~&jid=889573113&gjid=802023508&cid=159077773.1582270371&tid=UA-127310339-4&_gid=973871819.1582270371&_r=1&gtm=2wg2c0TSR7ZS2&did=i5iSjo&z=1249595119
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=617447426&t=event&ni=1&_s=1&dl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ul=en-us&de=UTF-8&dt=The%20News%20Lens%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_gid=973871819.1582270371&gjid=2058991225&_v=j81&z=1775943424
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424&slf_rd=1&random=2003903194
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424&slf_rd=1&random=2003903194
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-41537444-1&cid=159077773.1582270371&jid=1082622675&_v=j81&z=1775943424&slf_rd=1&random=2003903194
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/
44 B
249 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1632209740378706&ev=PageView&dl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&rl=&if=false&ts=1582270371302&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1582270371301.1347698305&it=1582270371197&coo=false&rqm=GET
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT, Fri, 21 Feb 2020 07:32:51 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-24=":443"; ma=3600
content-length
44
expires
Fri, 21 Feb 2020 07:32:51 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame D9DE
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvUtgiCYqv8CeK8bhDBn2nM-gPK1USGQx1L-oxmx28tNfLFu8UQELzzHHfPX72YGDgiZEcvZd2FZyb3B5537ZJwvteSoDbgwko-62dZ0CpBoVN3HBxsigZI9goP305HFfEaAj3il6WQoutWmjWKUmXvYzQsGaTB5_ZFSHZ-vtL4DhSqjYSDjtSQNa7bWgl0rKW-Ec5QCY0eov9Lfa0Gneimxn42SSCrCa1TfDO2L-oRM9yX3yR9U1gsDy1GlJxp4dyDdIBkr5L-PH0kMRi7WIcMvK9WINBNqLLmZNl-MXaiXEz1bEVu3tcuehMX9gmkiwhePXTsBA&sig=Cg0ArKJSzD2mp9xFCR-BEAE&urlfix=1&adurl=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ Frame D9DE
106 KB
38 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b98f6a5ce66e34aa8219d1208b3534ccb4850e5b530390c7e757ecd62a8e733b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
38660
x-xss-protection
0
server
cafe
etag
1699192081238138211
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 21 Feb 2020 07:32:51 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame D9DE
71 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0b7f95ea376c84f25dd1359009f53c0a00a2999c897fde63e84d8384c019f614
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27379
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
osd.js
www.googletagservices.com/activeview/js/current/ Frame 5513
73 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27674
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 5513
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2020021802&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c041189c5c5bfd9c8a42526a9e9ccbca7bb49ee170fa94628363d27d4b525ca6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
status
200
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
5323
x-xss-protection
0
tnl
tnla.thenewslens.com/t/
0
0
Fetch
General
Full URL
https://tnla.thenewslens.com/t/tnl?name=new-session&pid=undefined&host=image5.image2.drinkwithmario.activity.gooficenews.com&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&curl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&uuid=fb472df2-8c5e-4a35-83f0-84a3e2028f79&ssid=01463627-dce9-441e-9510-ad3b6ff33b5c&sn=1&pl=0&nu=0&ref=&ts=1582270371339&sr=1600x1200&vp=1600x1200
Requested by
Host: tnla.thenewslens.com
URL: https://tnla.thenewslens.com/static/tnla.min.js?v=1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
etag
"da39a3ee5e6b4b0d3255bfef95601890afd80709"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
*
cf-ray
5687075ce8fb2fa5-FRA
content-length
0
oid
onead.onevision.com.tw/v2/et/
318 B
686 B
Script
General
Full URL
https://onead.onevision.com.tw/v2/et/oid?cb=window.ONEAD_etag_cscb
Requested by
Host: ad-specs.guoshipartners.com
URL: https://ad-specs.guoshipartners.com/static/js/onead-pixel.min.js?_t=5274234
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.241.176 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
9f047df4104f1db2cbf87bcb0ccb37d126364ed71c9f5c412cba1cf4017ff009

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
alt-svc
clear
age
0
x-powered-by
OneAD
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
x-onead-backend
onead-http-event-q5gm-gohttp
content-length
318
pragma
no-cache
last-modified
Fri, 21 Feb 2020 07:32:51 GMT
server
gws
etag
5dcf8b71-547c-11ea-81ee-0242ac120003
x-onead-guid
5dcf8b3f-547c-11ea-81ee-0242ac120003
x-varnish
113111780
access-control-allow-origin
*
cache-control
max-age=600
access-control-allow-credentials
true
x-onead-version
1694c89
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 01 Jan 1990 00:00:00 GMT
tnl
tnla.thenewslens.com/t/
0
0
Fetch
General
Full URL
https://tnla.thenewslens.com/t/tnl?name=new-user&pid=undefined&host=image5.image2.drinkwithmario.activity.gooficenews.com&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&curl=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&uuid=fb472df2-8c5e-4a35-83f0-84a3e2028f79&ssid=01463627-dce9-441e-9510-ad3b6ff33b5c&sn=2&pl=0&nu=0&ref=&ts=1582270371350&sr=1600x1200&vp=1600x1200
Requested by
Host: tnla.thenewslens.com
URL: https://tnla.thenewslens.com/static/tnla.min.js?v=1.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
status
200
etag
"da39a3ee5e6b4b0d3255bfef95601890afd80709"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
*
cf-ray
5687075cf9162fa5-FRA
content-length
0
lndata-cm
tnla.thenewslens.com/
Redirect Chain
  • https://cm.lndata.com/?tid=3829&uid=fb472df2-8c5e-4a35-83f0-84a3e2028f79&redir=https%3A%2F%2Ftnla.thenewslens.com%2Flndata-cm%3Ftnla%3Dfb472df2-8c5e-4a35-83f0-84a3e2028f79%26host%3Dimage5.image2.dr...
  • https://tnla.thenewslens.com/lndata-cm?tnla=fb472df2-8c5e-4a35-83f0-84a3e2028f79&host=image5.image2.drinkwithmario.activity.gooficenews.com&uid=sdfae896f4bfd632d79
0
173 B
Image
General
Full URL
https://tnla.thenewslens.com/lndata-cm?tnla=fb472df2-8c5e-4a35-83f0-84a3e2028f79&host=image5.image2.drinkwithmario.activity.gooficenews.com&uid=sdfae896f4bfd632d79
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:2491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:52 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
*
etag
"da39a3ee5e6b4b0d3255bfef95601890afd80709"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15724800; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
*
cf-ray
5687076279971f45-FRA
content-length
0

Redirect headers

Location
https://tnla.thenewslens.com/lndata-cm?tnla=fb472df2-8c5e-4a35-83f0-84a3e2028f79&host=image5.image2.drinkwithmario.activity.gooficenews.com&uid=sdfae896f4bfd632d79
Date
Fri, 21 Feb 2020 07:32:52 GMT
Server
TornadoServer/1.2.1
Connection
keep-alive
P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Content-Length
0
Content-Type
text/html; charset=UTF-8
p.gif
s.lndata.com/
43 B
608 B
Image
General
Full URL
https://s.lndata.com/p.gif?type=pageview&sid=2e38728&uid=5e4f87a3.3becff37&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&tl=The%20News%20Lens%20%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2%20-%20%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&cs=utf-8&rl=&sr=1600x1200&sc=24&tz=1&sp=0&vh=1200&pt=2592&_=26331991
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.231.23.26 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-231-23-26.ap-northeast-1.compute.amazonaws.com
Software
nginx/1.10.2 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Pragma
no-cache
Date
Fri, 21 Feb 2020 07:32:51 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 21 Jan 2004 19:51:30 GMT
Server
nginx/1.10.2
Age
197808
P3P
CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 19 Apr 2000 11:43:00 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 5513
21 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1580338855439378"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
8104
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
containerTag.js
a.amnet.tw/tracking/
42 KB
16 KB
XHR
General
Full URL
https://a.amnet.tw/tracking/containerTag.js?v=3.12.7.1
Requested by
Host: a.amnet.tw
URL: https://a.amnet.tw/tracking/ret.js?15822703
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.124.63.120 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-124-63-120.ap-northeast-2.compute.amazonaws.com
Software
openresty/1.11.2.5 /
Resource Hash
002bd0d0c1df4869e15823c3b6d36370205a0cfcb36d29d164d97615acbf12b0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Feb 2020 07:35:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Feb 2020 04:05:37 GMT
Server
openresty/1.11.2.5
ETag
W/"5e437991-a85b"
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
integrator.js
adservice.google.de/adsid/ Frame D9DE
109 B
171 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame D9DE
109 B
171 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
104
x-xss-protection
0
show_ads_impl_fy2019.js
pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/ Frame D9DE
221 KB
83 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0a450a92da271041893a519c9b9e1050b2229f74eb83ca5346e76203456d3691
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
84526
x-xss-protection
0
server
cafe
etag
16542440073614270090
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 21 Feb 2020 07:32:51 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/ Frame DB35
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20200219/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20200219/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUkS5y3A87t6OnhJ4zqEeGPK5OXx4S-RqEoyg_a7_nkAXArBbDu37G1qAYp8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 19 Feb 2020 21:29:28 GMT
expires
Wed, 04 Mar 2020 21:29:28 GMT
content-type
text/html; charset=UTF-8
etag
3560819023258359450
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4495
x-xss-protection
0
cache-control
public, max-age=1209600
age
122603
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
truncated
/ Frame D9DE
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c06f0534fbc72f5c6868afdfb9179ba996d083b3b767e05e3f19286c4443508c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
runner.html
tpc.googlesyndication.com/sodar/sodar2/206/ Frame 8DCC
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/206/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
tpc.googlesyndication.com
:scheme
https
:path
/sodar/sodar2/206/runner.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
200
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
content-length
4624
date
Fri, 21 Feb 2020 06:21:57 GMT
expires
Sat, 20 Feb 2021 06:21:57 GMT
last-modified
Tue, 19 Nov 2019 17:13:16 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
4254
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
ads
googleads.g.doubleclick.net/pagead/ Frame BD7D
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3525848408859661&output=html&h=250&slotname=5485453447&adk=1691734699&adf=4198862036&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1582270371367&bpp=14&bdt=37&fdt=52&idt=52&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&correlator=8223954728311&frm=23&ife=4&pv=2&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=925032070&ga_fc=0&iag=15&icsg=682&nhd=2&dssz=11&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1049&ady=6712&biw=1585&bih=1200&isw=300&ish=250&ifk=259013800&scr_x=0&scr_y=0&oid=3&pvsid=807479602300311&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.r5o96oxbf5uf&btvi=1&fsb=1&dtd=93
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-3525848408859661&output=html&h=250&slotname=5485453447&adk=1691734699&adf=4198862036&w=300&psa=0&guci=1.2.0.0.2.2.0.0&format=300x250&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&ea=0&flash=0&wgl=1&adsid=NT&dt=1582270371367&bpp=14&bdt=37&fdt=52&idt=52&shv=r20200219&cbv=r20190131&ptt=9&saldr=aa&correlator=8223954728311&frm=23&ife=4&pv=2&ga_vid=159077773.1582270371&ga_sid=1582270371&ga_hid=925032070&ga_fc=0&iag=15&icsg=682&nhd=2&dssz=11&mdo=0&mso=0&u_tz=60&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1049&ady=6712&biw=1585&bih=1200&isw=300&ish=250&ifk=259013800&scr_x=0&scr_y=0&oid=3&pvsid=807479602300311&rx=0&eae=2&fc=640&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=20&bc=31&ifi=1&uci=1.r5o96oxbf5uf&btvi=1&fsb=1&dtd=93
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUkS5y3A87t6OnhJ4zqEeGPK5OXx4S-RqEoyg_a7_nkAXArBbDu37G1qAYp8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/

Response headers

status
403
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 21 Feb 2020 07:32:51 GMT
server
cafe
content-length
46
x-xss-protection
0
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
osd.js
www.googletagservices.com/activeview/js/current/ Frame D9DE
73 KB
27 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20200219/r20190131/show_ads_impl_fy2019.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1582122122802407"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27674
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5513
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=206&t=2&li=gpt_2020021802&jk=4279498050828852&bg=!k5ClkIhYGb6-iWtt7q4CAAAAQVIAAAAImQGHpbEdT04TFgImC7TFQ7hZKnN3AqtwDF-Px3hIwdCQ8dYCEilxrqGfGkNQWCWlGcnyFpOCcLx0e3cGlCJYKjjexI2KadrJmj_33t9EdBnqq3S6yqrS2BJAK50ubt8aWgUJpgr3EIe-At7D8otvGeBr5_4dnkAlf9bM6akAAddMUR5wRu7ZzVnC70XL5-RYyRScInC4gRUL7TsmwzMlbsBZeGy04G9BPFSXGGih8eduzyAlx6N7rXw0ZyXqPSOPHcDgxabG-pQ15KjHuQ7-nEbKsMTZp7XPywTLYJmOnJ_rrz_AIvr88tak4D86mt0wAbgFfE7O2Y_0QYHED_8x4ZWt6tNcKdsbQrQ1O-H9H6n38zsUi06LwA9eUgUSjtXWsU5D40IdsIAamLIE7FtLAmfsCqe87IjX8jp5wyk7HiWKc5WERl0wSMZYcsf0C7pcoRy7fu4LKTxl6vEpUBCDMkw-8sRaUZmQcGbRby9M2IOEbkf9M_YN5KaMQA5lEAgrRGyPcRiv34GemQ
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ttd
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=r1jlltl&ttd_tpi=1
  • https://onead.onevision.com.tw/v2/pixel/ttd?id=69228375-03c4-4e9f-b98e-3dbeb89befdb
170 B
282 B
Image
General
Full URL
https://onead.onevision.com.tw/v2/pixel/ttd?id=69228375-03c4-4e9f-b98e-3dbeb89befdb
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.241.176 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
alt-svc
clear
age
0
x-powered-by
OneAD
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
x-onead-backend
onead-http-event-1rrw-gohttp
content-length
170
pragma
no-cache
last-modified
Thu, 25 Apr 2019 13:46:42 GMT
server
gws
x-vendor-client-id
69228375-03c4-4e9f-b98e-3dbeb89befdb
x-varnish
112270121
access-control-allow-origin
*
x-vendor
ttd
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
x-onead-version
1694c89
accept-ranges
bytes
content-type
image/png
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-aspnet-version
4.0.30319
location
https://onead.onevision.com.tw/v2/pixel/ttd?id=69228375-03c4-4e9f-b98e-3dbeb89befdb
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
status
302
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
197
nmc
onead.onevision.com.tw/v2/pixel/
Redirect Chain
  • https://loadus.exelator.com/load/?p=1385&g=1&j=0
  • https://loadus.exelator.com/load/?p=1385&g=1&j=0&xl8blockcheck=1
  • https://onead.onevision.com.tw/v2/pixel/nmc?id=ba051112404bc820c1851a37f3b71c2d
170 B
279 B
Image
General
Full URL
https://onead.onevision.com.tw/v2/pixel/nmc?id=ba051112404bc820c1851a37f3b71c2d
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.241.176 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
alt-svc
clear
age
0
x-powered-by
OneAD
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
200
x-onead-backend
onead-http-event-1rrw-gohttp
content-length
170
pragma
no-cache
last-modified
Thu, 25 Apr 2019 13:46:42 GMT
server
gws
x-vendor-client-id
ba051112404bc820c1851a37f3b71c2d
x-varnish
103650051
access-control-allow-origin
*
x-vendor
nmc
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
x-onead-version
1694c89
accept-ranges
bytes
content-type
image/png
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 21 Feb 2020 07:32:51 GMT
server
nginx/1.14.0
x-powered-by
Undertow/1
location
https://onead.onevision.com.tw/v2/pixel/nmc?id=ba051112404bc820c1851a37f3b71c2d
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
status
302
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
push
onead.onevision.com.tw/v2/
0
167 B
Image
General
Full URL
https://onead.onevision.com.tw/v2/push?host=https%3A%2F%2Fonead.onevision.com.tw%2F&event=7000&dt=1582270371640&p1=1000046&p2=5dcf8b71-547c-11ea-81ee-0242ac120003&p3=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&p4=The+News+Lens+%E9%97%9C%E9%8D%B5%E8%A9%95%E8%AB%96%E7%B6%B2+-+%E5%88%86%E4%BA%AB%E8%A7%80%E9%BB%9E%E5%BE%9E%E9%80%99%E9%96%8B%E5%A7%8B&p5=&p6=&p7=-1&pub=fb472df2-8c5e-4a35-83f0-84a3e2028f79&acc=&vendor=&eng=&adid=&cu1=&cu2=&cu3=&cu4=&utm_source=&utm_medium=&utm_campaign=&utm_term=&utm_content=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.178.241.176 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
176.241.178.107.bc.googleusercontent.com
Software
gws / OneAD
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
via
1.1 google
alt-svc
clear
age
0
x-powered-by
OneAD
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status
204
x-onead-backend
onead-http-event-q5gm-gohttp
pragma
no-cache
server
gws
x-onead-guid
5dcf8b3f-547c-11ea-81ee-0242ac120003
x-varnish
131242201
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
x-onead-version
1694c89
content-type
text/plain; charset=utf-8
expires
Mon, 01 Jan 1990 00:00:00 GMT
34
a.amnet.tw/agent/tagManager/getTagInfo/
26 KB
3 KB
XHR
General
Full URL
https://a.amnet.tw/agent/tagManager/getTagInfo/34
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.124.63.120 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-124-63-120.ap-northeast-2.compute.amazonaws.com
Software
openresty/1.11.2.5 /
Resource Hash
489b9a7d457ea12484333b61a0e029b1434087fa79fd63b3ab4d7972117864fd

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 21 Feb 2020 07:35:15 GMT
Content-Encoding
gzip
Server
openresty/1.11.2.5
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/json;charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
gpt.js
www.googletagservices.com/tag/js/ Frame 5205
43 KB
14 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba465c06c5d97a14eb025f350f3e13a660571debe2831841097479465dc3a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"434 / 882 of 1000 / last-modified: 1582237388"
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
14536
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
pubads_impl_2020021802.js
securepubads.g.doubleclick.net/gpt/ Frame 5205
167 KB
61 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
62262
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
integrator.sync.js
adservice.google.de/adsid/ Frame 5205
113 B
175 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.sync.js?domain=image5.image2.drinkwithmario.activity.gooficenews.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
108
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 5205
15 KB
4 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3402197511840913&correlator=1008148281942168&output=ldjh&impl=fif&eid=21065369%2C21065304&vrg=2020021802&guci=1.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20200221&iu=%2F112152674%2FTNL_Passback%2Ftw_ad_passback_970250&sz=970x250&eri=2&cookie=ID%3D3f1f57da99900d9b%3AT%3D1582270370%3AS%3DALNI_MY1SGstn7swOT8Axo8050ETn-JwvQ&cdm=image5.image2.drinkwithmario.activity.gooficenews.com&bc=31&abxe=1&lmt=1582270371&dt=1582270371754&dlt=1582270371664&idt=85&ea=0&frm=23&biw=1585&bih=1200&isw=970&ish=250&oid=3&adx=308&ady=2984&adk=204718438&uci=6p79ujpw9oj8&ifi=1&ifk=4290448945&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&iag=15&url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&top=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&dssz=2&icsg=10&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&ga_vid=159077773.1582270371&ga_sid=1582270372&ga_hid=1779370610&fws=256&ohw=0&btvi=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
c827e74c6aa1f289b411ffa3b4b9cf83b2f8e17a86da0ad34d5fead029cd257e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
4506
x-xss-protection
0
google-lineitem-id
1179147994
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138295000310
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_2020021802.js
securepubads.g.doubleclick.net/gpt/ Frame 5205
66 KB
24 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
sffe /
Resource Hash
1a36f0a6f239c7826ac18991fae20560138d016bbd336c5e5156b9ef15ebf523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 18 Feb 2020 20:41:43 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
24891
x-xss-protection
0
expires
Fri, 21 Feb 2020 07:32:51 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ Frame 5205
0
0
Other
General
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
empty

Response headers

e6enl8y28bgcrxc5jbolowdy1x16h4.png
image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/
0
0
Image
General
Full URL
https://image1.image2.drinkwithmario.activity.gooficenews.com/2020/2/e6enl8y28bgcrxc5jbolowdy1x16h4.png?auto=compress&h=150&q=80&w=250
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

h6cp1t6dy1je2a1qlnpj1ddpwtb4aa.png
image5.image2.drinkwithmario.activity.gooficenews.com/2020/2/
567 B
567 B
Image
General
Full URL
https://image5.image2.drinkwithmario.activity.gooficenews.com/2020/2/h6cp1t6dy1je2a1qlnpj1ddpwtb4aa.png?auto=compress&h=150&q=80&w=250
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.230.255.8 , Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
33730d686a04e8720af303fd8675216601e370d36a736efdf1cd63d5aa835957

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:32:52 GMT
Server
nginx
Content-Length
567
Vary
Accept-Encoding
Content-Type
text/html
/
www.facebook.com/tr/
0
74 B
Other
General
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
Origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarys3W2aBTCBiDt22aO

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
server
proxygen-bolt
access-control-allow-origin
https://image5.image2.drinkwithmario.activity.gooficenews.com
date
Fri, 21 Feb 2020 07:32:51 GMT
content-type
text/plain
status
200
access-control-allow-credentials
true
alt-svc
h3-24=":443"; ma=3600
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5205
0
58 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=3402197511840913&r=970x250&w=970&h=250
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
204
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012002112037430/ Frame 5205
20 KB
7 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002112037430/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3186a55bc67271424c17f202a5797f96d54a851d12249ff7ec152854e4017eb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35667
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7145
x-xss-protection
0
server
sffe
date
Thu, 20 Feb 2020 21:38:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5c826442ea1b9f7a"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Feb 2021 21:38:24 GMT
amp4ads-v0.js
cdn.ampproject.org/rtv/012002112037430/ Frame 8CAB
201 KB
55 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002112037430/amp4ads-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
83693e5de36f9cc42f540d09a10978348d85c6e7074a8ba9803e2646df7d95a1
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
62832
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
55865
x-xss-protection
0
server
sffe
date
Thu, 20 Feb 2020 14:05:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"726cd723e48be406"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Feb 2021 14:05:39 GMT
amp-analytics-0.1.js
cdn.ampproject.org/rtv/012002112037430/v0/ Frame 8CAB
91 KB
27 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002112037430/v0/amp-analytics-0.1.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dec9dba8e7c23f46e9b3bca2287a7d6e2d59ad57cc9e8389b7fc00f268b71ca
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
62938
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
27980
x-xss-protection
0
server
sffe
date
Thu, 20 Feb 2020 14:03:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"1fae760e2b8d4fc0"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Feb 2021 14:03:53 GMT
truncated
/ Frame 8CAB
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5aeae9e439713f447c2bee68595d2c3ea1dfc581ec76de5d21687db7806bba40

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
3251294650739441270
tpc.googlesyndication.com/simgad/ Frame 8CAB
73 KB
73 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/3251294650739441270
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3f32ef1cb3cae2ec87dcc6cd486114d7e4b5b434828140abb19a0373c921784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 06 Feb 2020 00:23:37 GMT
x-content-type-options
nosniff
age
1321754
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
74500
x-xss-protection
0
last-modified
Thu, 21 Nov 2019 08:23:44 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Feb 2021 00:23:37 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 8CAB
0
57 B
Image
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssVU6W0s4ptf-cdUqnAxAAXSrnhot_DvZPEVPJq6zo1hvHKmDTnBoKswOYq7zqUi2SEMWFdgcP6Iwn0GCdljuC1BebzbqmpnV9N-KCkbM0fHZGnuLj9aTeazKp3l2sknB-IjD1Mc2iI6dJUiUT5VOGL-vc4MkaNfeJmFt_xQG1LAyQtd_7NTmgUMmG0g32HCSS5AQ_coLGOEk2n5QtTZaI6KBYduIFkMWdx43fUuQNtbIk0piaCd4pjQvvtsNlAa91ibL04yqJf-Lh2MsHgfkIdIkGk1gUdCZjfkGynqo__JWCmh6DSTgQpeS0atIryUZjAxlFKt0ava3hr3snNzvstUCc&sig=Cg0ArKJSzCVmYzrPaIzkEAE&adurl=
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 21 Feb 2020 07:32:51 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
amp4ads-host-v0.js
cdn.ampproject.org/rtv/012002112037430/
20 KB
7 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012002112037430/amp4ads-host-v0.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2020021802.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3186a55bc67271424c17f202a5797f96d54a851d12249ff7ec152854e4017eb
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp-collector.appspot.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
35667
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7145
x-xss-protection
0
server
sffe
date
Thu, 20 Feb 2020 21:38:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/javascript
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"5c826442ea1b9f7a"
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 19 Feb 2021 21:38:24 GMT
action.img
a.amnet.tw/action/
0
456 B
Image
General
Full URL
https://a.amnet.tw/action/action.img?t=1582270371961&retUid=RETJS-3b175d79-3cd6-c8e0-fd33-f08330421f0d&app=WEB&siteId=34&retType=track&sessionId=fSes-5cd62b7-d989-c36c-4270&retCrt=e3ca1747e409db9f39fc7e0d118c4856&retp=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&&
Requested by
Host: image5.image2.drinkwithmario.activity.gooficenews.com
URL: https://image5.image2.drinkwithmario.activity.gooficenews.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.124.63.120 Incheon, Korea, Republic Of, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-124-63-120.ap-northeast-2.compute.amazonaws.com
Software
openresty/1.11.2.5 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 21 Feb 2020 07:35:15 GMT
Last-Modified
Mon, 26 Mar 2018 07:12:17 GMT
Server
openresty/1.11.2.5
ETag
"5ab89d51-0"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length
0
3251294650739441270
tpc.googlesyndication.com/simgad/ Frame 8CAB
73 KB
73 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/3251294650739441270
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012002112037430/amp4ads-v0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3f32ef1cb3cae2ec87dcc6cd486114d7e4b5b434828140abb19a0373c921784
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Thu, 06 Feb 2020 00:23:37 GMT
x-content-type-options
nosniff
age
1321755
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
74500
x-xss-protection
0
last-modified
Thu, 21 Nov 2019 08:23:44 GMT
server
sffe
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 05 Feb 2021 00:23:37 GMT
settings.php
sg2-api.ematicsolutions.com/v1/scripts/
148 B
386 B
Script
General
Full URL
https://sg2-api.ematicsolutions.com/v1/scripts/settings.php?callback=_EmaticCallbacks.settings&json=%7B%22method%22%3A%22%22%2C%22apikey%22%3A%2281214782fe8711e8a93d0242ac110002-sg2%22%2C%22listId%22%3Anull%2C%22debug%22%3A0%2C%22opt%22%3A%7B%22isControl%22%3Anull%2C%22email%22%3A%22merik.chen%40ematicsolutions.com%22%2C%22cookieless%22%3A1%7D%2C%22env%22%3A%7B%22deviceHeight%22%3A1200%2C%22deviceWidth%22%3A1600%2C%22viewportHeight%22%3A1200%2C%22viewportWidth%22%3A1585%7D%2C%22session%22%3A%7B%22utmData%22%3A%7B%22utm_source%22%3A%22%22%2C%22utm_medium%22%3A%22%22%2C%22utm_campaign%22%3A%22%22%7D%7D%7D&page_url=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&page_referer=&_=1582270372115
Requested by
Host: api.ematicsolutions.com
URL: https://api.ematicsolutions.com/v1/ematic.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.121.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-121-1.compute-1.amazonaws.com
Software
nginx/1.10.0 / PHP/7.1.13
Resource Hash
3bed129e22f996edc74b335666ee046ea3ab1973b7031ea0b084e91ba4950dc8

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 21 Feb 2020 07:32:52 GMT
Content-Encoding
gzip
Server
nginx/1.10.0
Connection
keep-alive
X-Powered-By
PHP/7.1.13
Transfer-Encoding
chunked
Content-Type
application/json; charset=utf-8
activeview
pagead2.googlesyndication.com/pcs/ Frame 5A75
42 B
110 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvw8GniOkYHjJkjJ2RIq1RD75icVg91WSvnpMgRwfqowVBO5clpO7Y2fVFl-toqaUoJg5bxd-UgE3MzRK9mDMnxGeWLDPWVHakzt-UiReQ&sig=Cg0ArKJSzI4eMsm0ki2mEAE&adk=3399313185&tt=-1&bs=1585%2C1200&mtos=1044,1044,1044,1044,1044&tos=1044,0,0,0,0&p=150,308,400,1278&mcvt=1044&rs=0&ht=0&tfs=293&tls=1337&mc=1&lte=0&bas=0&bac=0&met=ce&la=1&avms=nio&exg=1&md=2&btr=0&lm=2&rst=1582270371016&dlt&rpt=253&isd=0&msd=0&ext&xdi=0&ps=1585%2C8769&ss=1600%2C1200&pt=-1&bin=4&deb=1-0-0-13-6-12-12-0-0-0&tvt=1333&is=970%2C250&iframe_loc=https%3A%2F%2Fimage5.image2.drinkwithmario.activity.gooficenews.com%2F&r=v&id=osdim&vs=4&uc=13&upc=1&tgt=DIV&cl=1&cec=1&wf=0&cac=1&cd=0x0&itpl=19&v=20200219
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://image5.image2.drinkwithmario.activity.gooficenews.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 21 Feb 2020 07:32:52 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| apxTag object| googletag object| _atrk_opts object| _comscore function| udm_ object| ns_p object| COMSCORE function| atrk boolean| _atrk_fired object| ggeac object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken number| google_srt undefined| google_measure_js_timing number| __google_ad_urls_id number| google_unique_id object| gaGlobal function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter object| __google_ad_urls object| ampInaboxIframes object| ampInaboxPendingMessages boolean| google_osd_loaded boolean| google_onload_fired function| $ function| jQuery function| EvEmitter function| imagesLoaded function| Waypoint function| Cookies function| PhotoSwipe function| PhotoSwipeUI_Default function| _ function| store function| url function| moment object| validator function| scrollama object| lazySizesConfig object| lazySizes function| Hammer object| tnlInfo undefined| TnlAnalyticsData object| testAd string| retUrlPrefix string| retCert number| retSiteId object| ln_data_setting object| _smq object| onead_pixel undefined| content_insight_sites undefined| content_insight_id undefined| maincontent_selector undefined| _ain object| Tnl object| gaDevIds function| ga object| gaplugins function| fbAsyncInit string| GoogleAnalyticsObject object| dataLayer object| RET string| tnla_object function| tnla function| fbq function| _fbq function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb object| FB object| google_tag_data object| gaData function| setImmediate function| clearImmediate object| google_tag_manager string| EmaticsObject function| ematics object| ONEAD_PIXEL_API object| ONEAD_PIXEL_CONST object| ONEAD_PIXEL_ISIP object| ONEAD_1ST_COOKIE object| onead_pixel_core object| ONEAD_PIXEL_UTIL function| ONEAD_etag_cscb function| Fingerprint2 string| RETUID_COOKIE string| RETFSESS_COOKIE string| WECHAT_OPENID_COOKIE string| FB_OPENID_COOKIE string| LINE_OPENID_COOKIE string| MEMBER_SYNC_COOKIE string| ICEM_MEMBERID_COOKIE string| ICEM_AUTH_SESSION string| TRY_LINE_AUTH_COOKIE string| TRY_WECHAT_AUTH_COOKIE string| AUTH_INFO_COOKIE number| DEFAULT_TRY_AUTH_COOKIE_MINUTES string| PARAM_RET_CLICK_LABEL string| PARAM_RET_TYPE string| PARAM_RET_CERT string| PARAM_REC_ITEM_ID string| PARAM_REC_DOM_ID string| PARAM_REC_RULE_ID string| PARAM_ITEM_ID string| PARAM_WECHAT_ID string| PARAM_SESSION_ID string| PARAM_OUTSIDE_SRC string| PARAM_SHOPPING_DETAIL string| PARAM_CART_DETAIL string| PARAM_APP_NAME string| PARAM_CUSTOM_FIELD string| PARAM_SITE_MEMBER string| PARAM_FROM string| FROM_CONTAINER_TAG string| PARAM_VERSION string| RET_TYPE_TRACK string| RET_TYPE_RET_IMPRESSION string| RET_TYPE_RET_CLICK string| RET_TYPE_BUY string| RET_TYPE_CART string| RET_TYPE_SITE_CLICK string| RET_TYPE_SITE_CLICK_IMPRESSION string| MARK_CLICK_FROM_RET string| MARK_CLICK_FROM_SITE string| VERSION_CONTAINER_TAG string| SRV_HTML_PATH string| CRX_RETUID_RETFSESS string| CRX_RETFSESS string| CRX_MEMBER_ID string| RET_CUR_PATH boolean| IN_RET_CLUB object| google_reactive_ads_global_state object| google_jobrunner object| google_ad_modifications number| google_global_correlator object| google_prev_clients object| CrxDomainStorage object| MAIN_PROCESS string| _retUid object| m_extra_param object| m_extra_param_q object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager number| idx object| __AMP_LOG object| __AMP_ERRORS boolean| ampInaboxInitialized object| __AMP_MODE function| __AMP_REPORT_ERROR object| AMP object| _EmaticCallbacks number| _ematic_script_redirect function| Spinner function| gwtLdJson function| getTag boolean| CheckDevice string| FireId string| FireIdPC string| FireIdMO string| FireSite object| FireArray undefined| img_obj object| testExp object| e number| scrollTop undefined| now_scroll

26 Cookies

Domain/Path Name / Value
.scupio.com/ Name: OrgKeyValue
Value: CBA20200221153251937728
.doubleclick.net/ Name: IDE
Value: AHWqTUkS5y3A87t6OnhJ4zqEeGPK5OXx4S-RqEoyg_a7_nkAXArBbDu37G1qAYp8
.image5.image2.drinkwithmario.activity.gooficenews.com/ Name: _v1EmaticSolutionsSession
Value: %5B%225e3d1c9e-547c-11ea-b515-0242ac160003%22%2C1582270372368%5D
tnla.thenewslens.com/ Name: tnla_uuid
Value: fb472df2-8c5e-4a35-83f0-84a3e2028f79
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: AWSALBCORS
Value: IQMzrVevqoOUvHN2S8lyUKk+hUA3uaOqqTZ9fJM4aM7kocYqs1QuiB43puNBsE2znyEskxhKrLPd3GOTJ40z3RLOQN/N/qx+idSIgphxtq6xQiCCDmOyapjqkVXp
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: __retfs
Value: fSes-5cd62b7-d989-c36c-4270
.scupio.com/ Name: gxc
Value: 1
.scupio.com/ Name: scwc5
Value: H4sIACT4T14A_-Pi4WAUYJRiMzIwMDIyBADfvTNjDgAAAA
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: oid
Value: %257B%2522oid%2522%253A%25225dcf8b71-547c-11ea-81ee-0242ac120003%2522%252C%2522ts%2522%253A1582270371%252C%2522v%2522%253A%25221.0%2522%257D
.thenewslens.com/ Name: tnla_uuid
Value: fb472df2-8c5e-4a35-83f0-84a3e2028f79
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: tnl_tnla_sn
Value: 1
.image5.image2.drinkwithmario.activity.gooficenews.com/ Name: _v1EmaticSolutionsUTMData
Value: %7B%22utm_source%22%3A%22%22%2C%22utm_medium%22%3A%22%22%2C%22utm_campaign%22%3A%22%22%7D
.image5.image2.drinkwithmario.activity.gooficenews.com/ Name: _smt_uid
Value: 5e4f87a3.3becff37
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: tnla_uuid
Value: fb472df2-8c5e-4a35-83f0-84a3e2028f79
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: __retuid
Value: RETJS-3b175d79-3cd6-c8e0-fd33-f08330421f0d
.gooficenews.com/ Name: _gat_UA-41537444-1
Value: 1
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: tnl_tnla_la
Value: 1582270371340
.gooficenews.com/ Name: _fbp
Value: fb.1.1582270371301.1347698305
image5.image2.drinkwithmario.activity.gooficenews.com/ Name: tnl_tnla_ssid
Value: 01463627-dce9-441e-9510-ad3b6ff33b5c
.image2.drinkwithmario.activity.gooficenews.com/ Name: __asc
Value: bb6f519417066a9d3a3481dcef6
.gooficenews.com/ Name: _gat_UA-127310339-4
Value: 1
.gooficenews.com/ Name: _gid
Value: GA1.2.973871819.1582270371
.gooficenews.com/ Name: __gads
Value: ID=3f1f57da99900d9b:T=1582270370:S=ALNI_MY1SGstn7swOT8Axo8050ETn-JwvQ
.scupio.com/ Name: gx
Value: H4sIACP4T14A%2fxNmYGDg4ubY9KxlxclVsy0EWIVYOOwFmABjfgQdFwAAAA%3d%3d
.gooficenews.com/ Name: _ga
Value: GA1.2.159077773.1582270371
.image2.drinkwithmario.activity.gooficenews.com/ Name: __auc
Value: bb6f519417066a9d3a3481dcef6

5 Console Messages

Source Level URL
Text
console-api debug (Line 3)
Message:
Ematic: JS loaded
console-api log URL: https://a.amnet.tw/tracking/ret.js?15822703(Line 1)
Message:
ret.js: mainProcess: get local cookie
console-api info URL: https://cdn.ampproject.org/rtv/012002112037430/amp4ads-v0.js(Line 409)
Message:
Powered by AMP ⚡ HTML – Version 2002112037430 https://image5.image2.drinkwithmario.activity.gooficenews.com/
console-api log URL: https://a.amnet.tw/tracking/ret.js?15822703(Line 1)
Message:
Browser does not support localStorage, create erUid on local domain
console-api log URL: https://a.amnet.tw/tracking/ret.js?15822703(Line 1)
Message:
On init ret success, ready to api process, queue:

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.amnet.tw
ad-specs.guoshipartners.com
ad2.apx.appier.net
adservice.google.com
adservice.google.de
api.ematicsolutions.com
apn.c.appier.net
cdn.ampproject.org
cdn.lndata.com
certify.alexametrics.com
cm.lndata.com
connect.facebook.net
d1r1je24p3mdzk.cloudfront.net
d31qbv1cthcecs.cloudfront.net
fonts.googleapis.com
googleads.g.doubleclick.net
image1.image2.drinkwithmario.activity.gooficenews.com
image2.image2.drinkwithmario.activity.gooficenews.com
image3.image2.drinkwithmario.activity.gooficenews.com
image4.image2.drinkwithmario.activity.gooficenews.com
image5.image2.drinkwithmario.activity.gooficenews.com
image6.image2.drinkwithmario.activity.gooficenews.com
img.scupio.com
ink.thenewslens.com
loadus.exelator.com
match.adsrvr.org
onead.onevision.com.tw
pagead2.googlesyndication.com
s.lndata.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
sg2-api.ematicsolutions.com
stats.g.doubleclick.net
tnla.thenewslens.com
tpc.googlesyndication.com
tw-gmtdmp.mookie1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.youtube.com
107.178.241.176
116.50.36.71
13.124.63.120
13.231.23.26
13.35.253.69
13.35.254.43
143.204.202.36
143.204.202.66
147.75.102.200
157.230.255.8
168.95.245.1
172.104.37.28
216.58.207.66
23.43.115.95
2606:4700:10::6814:2491
2a00:1450:4001:800::2002
2a00:1450:4001:806::2001
2a00:1450:4001:808::2004
2a00:1450:4001:819::2003
2a00:1450:4001:81a::2001
2a00:1450:4001:81a::200a
2a00:1450:4001:824::200e
2a00:1450:4001:825::2008
2a00:1450:400c:c06::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.227.202.26
35.244.167.129
54.205.121.1
54.229.35.82
002bd0d0c1df4869e15823c3b6d36370205a0cfcb36d29d164d97615acbf12b0
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
049b4a1b59502b26d7a8971cf74cc303836f86baa98d586e727d9b99d44f3cb6
06c08e3ba81a0a899a551a554791954c7b40ff431de2c6a206e166617578903d
0738ff55c4486cad6c16a50600c5cd73624374d271d96b09d51d8dce275c34c9
09668eb7285d208dc7ef9f41ce5da610b3d34256260f1871f47d56fa2f92ccf9
0a450a92da271041893a519c9b9e1050b2229f74eb83ca5346e76203456d3691
0b7f95ea376c84f25dd1359009f53c0a00a2999c897fde63e84d8384c019f614
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
18faf5904379ff034101848a01a88b9341d847b45b32837f74691fc6dec1bcf8
1a36f0a6f239c7826ac18991fae20560138d016bbd336c5e5156b9ef15ebf523
1b365cf68a59081dacb89c77857b5fd991d1691c9fe16c952534b26053214355
22bf29a9f911ee77ea1a189cdc28d9c64535f361617029f7b17c7c9b24735a92
24b61f8acb991f11701b59da76b5800aa3a9f81a6a865bc208ce6e01a9dfabb2
2dcbd765147e0be326c5bb72c0672f755717e93c34f3166d6527ee369c5fde40
33730d686a04e8720af303fd8675216601e370d36a736efdf1cd63d5aa835957
3bed129e22f996edc74b335666ee046ea3ab1973b7031ea0b084e91ba4950dc8
489b9a7d457ea12484333b61a0e029b1434087fa79fd63b3ab4d7972117864fd
4b85bb3472eafcfcdc1bf32f69911c3bee48c76c6593177c3568d1ee77a2fb42
4bc940206bdf74cf18941709b6dc30da3805a29858c5b7313b0cb5f546e85969
52f98b20a9fd215ff7bd0913a1f2bc1e1d4f58aee6a81082b0f84cc463d7840f
54c8ab548913a95a0f6e33a5d463b323b23b315aaec8643121617e7151913a83
56ab0f7602cc7f0c18d2db77259466ae1bb746b73b6ad238ca24c3f5ba1ca204
57184007762d4a6d964d042d2a45accb552b9f4a7bd1fc03c713e5c8271d37d0
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5abc54bd7985aea359ba5c9536c88baeb9570d1ecde304c4178deb25a980a8e3
5aeae9e439713f447c2bee68595d2c3ea1dfc581ec76de5d21687db7806bba40
5dc722668ba64c5bae8ddc3722051d637efd25c557d891677d136a56f22e6301
5ff8ff452b9a81fb18b2a86afa49760da6014b1b4ae5e348cfadbcc6ec1289d5
63d470166be71aa8dd537ddd6c266a25bf00d20b5432950848f7ef1c349a67f0
649312081d460f6cb67d35012194e08d5146345402e2936e85b111837240bc5d
6547bc239633aa8fd885e35514187e34bf4472d99759b7add93a931383cbaf10
670edbf267770ade28da29bfecc592c96e5859720a504bb9bf03c825bf576ea1
753def12fae8722bef366a340b5ab7c34a15c8cd8432cdddb30d8f91ab987b96
7dec9dba8e7c23f46e9b3bca2287a7d6e2d59ad57cc9e8389b7fc00f268b71ca
7e00f3e0dfb9c4d8dc2d520e1d96e07e54c12426e7e81d56a73e306e651db601
81a3026e48a54842a085d094728a28bcc2054d5453d408431f76da37ea55104e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83693e5de36f9cc42f540d09a10978348d85c6e7074a8ba9803e2646df7d95a1
838ed38e3bb9f6884039878b69b1a0d5494df6fae0083d7383860ced74d42972
895ce56db80475a3946d7341585b7aadac7f904a8dd5769e192e100a9f1d35f2
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a0cb280b5ed098d2355de1c7be07ec5daff3b3024b36f6f72a4f9b4334ec2c2
8c264a6a9e2004291e6c76c0426176a012dc8378729074498071e63cbb53ab8a
8d640db97d10da33738da91ed56772468f6aedd77c94eab41b50b9733ea6c81e
8eeefeed4c525368ea30564692b05523f672b516e83be1623875680bc276e67f
9032e867f62a18d29f00d932ff778a8d31f8f55e009503e4dc83ff9a07273483
90451ba3e82cd9db02f0ca76bd45d0ab5ef7e90a49da4215903cb7f08471e2e7
909606888b4e7fcc0bfe1be097d75f3d43ff47dee7ab72dc6dcd3696e415f836
99b63b7137e1238c71e61442604f77b263ea8ab2788184f68292fa7a9a17452a
9d6757384f86ea93a46cf05a185da797dd19a39053a0cc6e64759598f2bc05c0
9e62189c3135ee157294d4ba7fa4f9d7a5f1512190e6c4f978cdfdfc0d24287c
9f047df4104f1db2cbf87bcb0ccb37d126364ed71c9f5c412cba1cf4017ff009
9fe9373b9d1c8bba38001675ad6a841eba0fab8809ea4d60afb2035e34a14447
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a3f32ef1cb3cae2ec87dcc6cd486114d7e4b5b434828140abb19a0373c921784
a70530555e39a288c3ca9a6066d4cff3c6add116db07d27eae30dd3b549171b2
a8739745faf60f6570fd67d14e2206dae538a8f3bc0b1145ffd6f8d27a9f5488
b025871f5b3477503d5ee34991ac7cde3767ce90dadebe8e4b5466008f525834
b98f6a5ce66e34aa8219d1208b3534ccb4850e5b530390c7e757ecd62a8e733b
ba465c06c5d97a14eb025f350f3e13a660571debe2831841097479465dc3a3e8
c041189c5c5bfd9c8a42526a9e9ccbca7bb49ee170fa94628363d27d4b525ca6
c06f0534fbc72f5c6868afdfb9179ba996d083b3b767e05e3f19286c4443508c
c2c7c50a7f5d4d35291400404ea6d66b03379d99ecef18a70f7fc6a94648b5b3
c3186a55bc67271424c17f202a5797f96d54a851d12249ff7ec152854e4017eb
c42581eb5c681510eaf14f702f8341eac021c6b75640d0806129a9ff09fdbf11
c827e74c6aa1f289b411ffa3b4b9cf83b2f8e17a86da0ad34d5fead029cd257e
cc433e3de14185467a75cd55b8e8701b3f41d38d8cbe86461be7c0a9029c2957
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
df578336fc2326189fad55fadb472f71199e164ca193565da35f59987c960d2f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7906b4357583494a2740f013cf58d0bb06409d2bb978957387035166c83e70a
ea03bfd7fdda1eac185ebc3e8e74b33065b04c8e0adc48cbbd4136748dbd2742
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecb70c17eb8fb4025e896e3e4bc8c38c2fce72b9d12b1321227ef84e5bc6cdb8
ed6f286c6c10e3dffdb8b063ef353c3f9d4979279b9c9da4787b09ad33465fc1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7d23637ae57b7854f0eb255116fcd94923285ba755501361a3b3d759b01cd2f
facb1afd94372c4f3617f68296b696a91b88be22a25a000eb2dd5dd09823e7a3