173.252.167.190301 Moved Permanently 0 B URL User Request GET HTTP/2 IP 173.252.167.190:443
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
x-redirect-by: WordPress
location: https://news18herald.com/
content-length: 0
date: Sat, 04 May 2024 01:56:14 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-7XBYCZ5VSG
142.250.74.168200 OK 88 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-7XBYCZ5VSG
IP 142.250.74.168:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (5955)
Hash e82a59cd70c06e9574427feaef33e4f7
a53fc978813d4cb2d4c4951fde609c461dd1d9ed
0aa12d6038d6797c7b50252d145615cd8ed81d777c6a5bd56a6eedd02537327d
GET /gtag/js?id=G-7XBYCZ5VSG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 01:56:15 GMT
expires: Sat, 04 May 2024 01:56:15 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87809
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
news18herald.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=cccec
173.252.167.190200 OK 2.3 kB URL GET HTTP/3 news18herald.com/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=cccec
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (10502), with no line terminators
Hash 1b97775b3c1464101d0b61fd525778be
0ed1f2c1dd82086ddcf6acb33797fb8addd7d903
8396e354653781b37e6a1c869d145ae9d8b450854e4a6dcff667e1b78afe037e
GET /wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=cccec HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: text/css
last-modified: Mon, 15 Apr 2024 07:13:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2308
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-includes/css/dist/block-library/style.min.css?ver=ebecd
173.252.167.190200 OK 14 kB URL GET HTTP/3 news18herald.com/wp-includes/css/dist/block-library/style.min.css?ver=ebecd
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (59701)
Hash 51a8390b47aa0582cf2d9c96c5addee2
b16a640874025d085c38119a1a02a3460f83f2de
98cecf88a23542fa047ce46eedb650b5c5128761ed4386c0977b847094ddfa20
GET /wp-includes/css/dist/block-library/style.min.css?ver=ebecd HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: text/css
last-modified: Wed, 28 Feb 2024 01:18:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 14071
date: Sat, 04 May 2024 01:56:15 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
news18herald.com/wp-content/themes/point/style.css?ver=ebecd
173.252.167.190200 OK 12 kB URL GET HTTP/3 news18herald.com/wp-content/themes/point/style.css?ver=ebecd
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (1249)
Hash 6bfb24df4bd8725fc6c419b050efea7e
9129b4d79114f93c3e190c8f0e39bfcbe7e75928
6317dc687a16b0b9aad813b90abdc8d4b010fd01e02f44876131ba3b22bb06d3
GET /wp-content/themes/point/style.css?ver=ebecd HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: text/css
last-modified: Sun, 18 Feb 2024 09:58:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11631
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/
173.252.167.190200 OK 116 kB IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (19949)
Size 116 kB (116542 bytes)
Hash a7587da00b462d654299c3f12b4bdb6c
9a74ba5293ac4a9083ccf72a5dbcfc75e11da6b2
1935fec3cdf21c2dabce0cf8bf67b8dc6bbe4fe4365abacd8fe99ada15bdd67e
GET / HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
link: <https://news18herald.com/wp-json/>; rel="https://api.w.org/"
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 01:56:15 GMT
X-Firefox-Spdy: h2
news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=cffcc
173.252.167.190200 OK 6.3 kB URL GET HTTP/3 news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=cffcc
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (19350), with no line terminators
Hash b8f69d1b6d8ea9165e53ad490ab46ee6
bc08f53731f762fbbd5cb574d1169a1c3067476f
52239ec3b67fd72f324401d90a1ed08955d0a07c4cf0c7f376aef11b1e75f952
GET /wp-content/plugins/cookie-law-info/lite/frontend/js/script.min.js?ver=cffcc HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Thu, 18 Apr 2024 18:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6269
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=ecebe
173.252.167.190200 OK 3.0 kB URL GET HTTP/3 news18herald.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=ecebe
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (1392)
Hash 9593c634b81c031342cbe0fa03903d47
dd68ee9d73731b22fb7252f66be8bea5d17227c7
d7bdba02afa8c04c13f280c71a50f8c8186c883711c5dabbd13566dd738bff0a
GET /wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js?ver=ecebe HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Sat, 20 Apr 2024 05:29:26 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3030
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-includes/js/jquery/jquery.min.js?ver=acfaa
173.252.167.190200 OK 30 kB URL GET HTTP/3 news18herald.com/wp-includes/js/jquery/jquery.min.js?ver=acfaa
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
GET /wp-includes/js/jquery/jquery.min.js?ver=acfaa HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Tue, 29 Aug 2023 02:44:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 29744
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=ecbbc
173.252.167.190200 OK 4.7 kB URL GET HTTP/3 news18herald.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=ecbbc
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (13479)
Hash 9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=ecbbc HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Fri, 09 Jun 2023 15:19:24 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4678
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/plugins/contact-us-page-contact-people/assets/js/modal-popup.js?ver=eafbe
173.252.167.190200 OK 586 B URL GET HTTP/3 news18herald.com/wp-content/plugins/contact-us-page-contact-people/assets/js/modal-popup.js?ver=eafbe
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text
Hash 167d93b8a7fc70b0f6139cb162c79fcf
cf92e123bfcd430db90356a1fb872fdeefc629de
daef83d0a667c11d518b08a9801af5764051d0bc69968e032d2161c7f72f1552
GET /wp-content/plugins/contact-us-page-contact-people/assets/js/modal-popup.js?ver=eafbe HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 15:38:38 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 586
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/plugins/zeno-font-resizer/js/js.cookie.js?ver=fdabb
173.252.167.190200 OK 1.3 kB URL GET HTTP/3 news18herald.com/wp-content/plugins/zeno-font-resizer/js/js.cookie.js?ver=fdabb
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text
Hash e5054597c36e96dea8b5ae4ae941fb7a
e95552b609d8dfb41ef2fde410cc7fe1d1bbc9d1
7d2385d6c43b616ce99b983d19324432e1f045561e5ee280d51808f98f852644
GET /wp-content/plugins/zeno-font-resizer/js/js.cookie.js?ver=fdabb HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 07:44:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1323
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/themes/point/js/customscripts.js?ver=ebecd
173.252.167.190200 OK 891 B URL GET HTTP/3 news18herald.com/wp-content/themes/point/js/customscripts.js?ver=ebecd
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text
Hash de56b3742241f61b094efe4632f814d1
6480c62d6cc1a739104622d5d4d6a0b6c756a664
3a02ffcb276857c2187c221e749f612aa94e493061292cb938a693e0a2bc1a9d
GET /wp-content/themes/point/js/customscripts.js?ver=ebecd HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Sun, 18 Feb 2024 09:58:50 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 891
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/plugins/zeno-font-resizer/js/jquery.fontsize.js?ver=fdabb
173.252.167.190200 OK 778 B URL GET HTTP/3 news18herald.com/wp-content/plugins/zeno-font-resizer/js/jquery.fontsize.js?ver=fdabb
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash aa4bab15b85ee5f907b0058357a8d2c5
1762b5c4332e52eb38146937b8139bbe5a8b2c2b
0afcf41ab579f653774cd1227e861c34ea592611511ad7fe6682ca23de34fa51
GET /wp-content/plugins/zeno-font-resizer/js/jquery.fontsize.js?ver=fdabb HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Tue, 12 Mar 2024 07:44:00 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 778
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=cccec
173.252.167.190200 OK 40 kB URL GET HTTP/3 news18herald.com/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=cccec
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (2747), with CRLF line terminators
Hash 8ea9723653de2a89e89a9aa95091814d
09e35b9672242002bf6fab333bd1c3a66d6a670d
88e837b16a510d57917487740558a4e2cd531680b4822617f86cf3aa32f23686
GET /wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=cccec HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: application/javascript
last-modified: Mon, 15 Apr 2024 07:13:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 39972
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/themes/point/images/nothumb.png
173.252.167.190200 OK 852 B URL GET HTTP/3 news18herald.com/wp-content/themes/point/images/nothumb.png
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type PNG image data, 220 x 162, 8-bit colormap, non-interlaced
Hash 4fb3acbfea31d863a59a8cedb3f80671
07dea40516c2d4e501f89e14a24ed3dd1b958e79
bae167942e736a9907b8c52d010071c3b844ca05d35265856a71771b83ec191e
GET /wp-content/themes/point/images/nothumb.png HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: image/png
last-modified: Sun, 18 Feb 2024 09:58:50 GMT
accept-ranges: bytes
content-length: 852
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/uploads/2024/04/gettyimages-2150235667-612x612-1-220x162.jpg
173.252.167.190200 OK 15 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/04/gettyimages-2150235667-612x612-1-220x162.jpg
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=3, description=Multiple law enforcement officers were shot Monday, April 29, 2024, in east Charlotte, North Carolina, the Charlotte Mecklenbur, xresolution=393, yresolution=401], baseline, precision 8, 220x162, components 3
Hash c5ba2bc852ef661bdd660387d6524b15
401052784742bf6a01317d11fc2dc825d0e11b53
c8c779f7f3d9fdf50f7c3787cf0148ee089d2537057d4c60c9dbbf0c21329078
GET /wp-content/uploads/2024/04/gettyimages-2150235667-612x612-1-220x162.jpg HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: image/jpeg
last-modified: Tue, 30 Apr 2024 07:21:50 GMT
accept-ranges: bytes
content-length: 15376
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/themes/point/images/footerthumb.png
173.252.167.190200 OK 556 B URL GET HTTP/3 news18herald.com/wp-content/themes/point/images/footerthumb.png
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type PNG image data, 140 x 130, 8-bit colormap, non-interlaced
Hash df9caa2b26d37344dbcac513bf694fba
243084ec19a69ff43bb2e7eaff7d3753eda3336c
e1fd8fa4c7b2c0d82fa1b1fa4e0a04e3ac9a498a06656728cd558b0a755efd79
GET /wp-content/themes/point/images/footerthumb.png HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: image/png
last-modified: Sun, 18 Feb 2024 09:58:50 GMT
accept-ranges: bytes
content-length: 556
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/uploads/2024/04/133236445_gettyimages-2150307902.jpg-220x162.webp
173.252.167.190200 OK 8.6 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/04/133236445_gettyimages-2150307902.jpg-220x162.webp
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 220x162, Scaling: [none]x[none], YUV color, decoders should clamp
Hash a5bf0f89d1e8c4736d4fc078da0f5191
090e813195696c616be675b8d58e732921436912
94c5f2f12238b35110b5529286984db7c31ca9e8933f97f322e7269f1662e065
GET /wp-content/uploads/2024/04/133236445_gettyimages-2150307902.jpg-220x162.webp HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: image/webp
last-modified: Mon, 29 Apr 2024 15:09:33 GMT
accept-ranges: bytes
content-length: 8624
date: Sat, 04 May 2024 01:56:15 GMT
news18herald.com/wp-content/uploads/2024/04/images-15-220x162.jpeg
173.252.167.190200 OK 15 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/04/images-15-220x162.jpeg
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 220x162, components 3
Hash 526010f4ef9265e5a5ffccd401e3eaf6
0e15d1d35cf57e57775bd2c07c2fed78d2c25905
8c155c30bad55b031f7d8dfc853a07bc640c203ada43628ba620b35bc475faa0
GET /wp-content/uploads/2024/04/images-15-220x162.jpeg HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:15 GMT
content-type: image/jpeg
last-modified: Tue, 30 Apr 2024 10:44:11 GMT
accept-ranges: bytes
content-length: 14642
date: Sat, 04 May 2024 01:56:15 GMT
fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
216.58.207.227200 OK 21 kB URL GET HTTP/2 fonts.gstatic.com/s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 21224, version 1.0
Hash 13bdfb843f942ccd9f485eb6c0bc1934
2bad44362ff7569f24f2a3df2521b27a97ec1297
7a291479495fbb281655d5e870c6d118dc6b7ed18e8c235aef5974c1e9de4e6c
GET /s/droidsans/v18/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21224
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 09:07:29 GMT
expires: Sat, 03 May 2025 09:07:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:04:18 GMT
content-type: font/woff2
age: 60527
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
216.58.207.227200 OK 22 kB URL GET HTTP/2 fonts.gstatic.com/s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 22376, version 1.0
Hash e6af16165f9bfda6aafd0088b8c01daa
c9c0ee8309619643e65ba1b22bfffcd1a7ca1e51
e803cd8c5031ac6b0d099a2d96ba1c3ee44782649a7f7c6f0d09b6410d93e216
GET /s/droidsans/v18/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22376
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 01:55:23 GMT
expires: Sat, 03 May 2025 01:55:23 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:25:01 GMT
content-type: font/woff2
age: 86453
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
news18herald.com/
173.252.167.190200 OK 0 B IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/html; charset=UTF-8
link: <https://news18herald.com/wp-json/>; rel="https://api.w.org/"
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/wp-content/themes/point/fonts/point.woff?29400515
173.252.167.190200 OK 7.5 kB URL GET HTTP/3 news18herald.com/wp-content/themes/point/fonts/point.woff?29400515
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type Web Open Font Format, TrueType, length 7460, version 1.0
Hash f596cc66772b7dcfc6ec44a4f0c8ada3
6ac23bc6f9faa00cd52edd8efd35de21e5675b0f
6177da63c46574dfaaa8836f5fe858df5cd83bfaa97e09407697e6761aff0f70
GET /wp-content/themes/point/fonts/point.woff?29400515 HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/wp-content/themes/point/style.css?ver=ebecd
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: font/woff
last-modified: Sun, 18 Feb 2024 09:58:50 GMT
accept-ranges: bytes
content-length: 7460
date: Sat, 04 May 2024 01:56:16 GMT
goomaphy.com/400/7386441
139.45.197.239200 OK 35 kB IP 139.45.197.239:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectgoomaphy.com
FingerprintC5:05:17:84:C2:C0:36:57:FA:8C:2B:4E:FC:3F:41:74:F8:89:05:50
ValiditySun, 21 Apr 2024 05:07:12 GMT - Sat, 20 Jul 2024 05:07:11 GMT
File type gzip compressed data, max speed, from Unix
Hash 60076e5cf8dada8b663a6231c9368a6b
c8993c86fb95c3fb085cf3db463ec19222df797d
be5c269b87c425b493b030735c3303e12a8fce5eb94451fe3caa73ca60962c1d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /400/7386441 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: 7db22b61f4a4821371129b86e96b8521
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300522adfbb4022f5eea4125887295e; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
news18herald.com/wp-includes/js/wp-emoji-release.min.js?ver=ebecd
173.252.167.190200 OK 4.7 kB URL GET HTTP/3 news18herald.com/wp-includes/js/wp-emoji-release.min.js?ver=ebecd
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (15752)
Hash b976b651932bfd25b9ddb5b7693d88a7
7fcb7cb5c11227f9213b1e08a07d0212209e1432
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
GET /wp-includes/js/wp-emoji-release.min.js?ver=ebecd HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: application/javascript
last-modified: Wed, 14 Feb 2024 01:06:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4676
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/wp-content/uploads/2024/04/f2bd8f97-damage2-220x162.jpg
173.252.167.190200 OK 10 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/04/f2bd8f97-damage2-220x162.jpg
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 220x162, components 3
Hash b51f40feaad491a69a81659fcd604f13
082488adb62c95e8a70d871c6dd598d3aa16bb94
7886d209b00264995038c890dda47108c25af0fd003b9f9bed919c050ae64e8d
GET /wp-content/uploads/2024/04/f2bd8f97-damage2-220x162.jpg HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: image/jpeg
last-modified: Sat, 27 Apr 2024 15:47:49 GMT
accept-ranges: bytes
content-length: 10344
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/images/close.svg
173.252.167.190200 OK 632 B URL GET HTTP/3 news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/images/close.svg
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 463a29230026f25d47804e96c507f787
f50e0eac87bb8f5cff8f7d8ccb5d72aedda7e78d
a049e1abe441835a2bcf35258936072189a0a52d0000c4ed2094e59d2afd189b
GET /wp-content/plugins/cookie-law-info/lite/frontend/images/close.svg HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 18:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 632
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/images/revisit.svg
173.252.167.190200 OK 962 B URL GET HTTP/3 news18herald.com/wp-content/plugins/cookie-law-info/lite/frontend/images/revisit.svg
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 71c20bb07e1387c0fecd7a521af9803d
470d91c6500d67e26f2ef4e4d0699ea1b2c8fc03
ed7c487f915432d9464e2af0a83002ee93596e86e076f3c917e439e5b844d08b
GET /wp-content/plugins/cookie-law-info/lite/frontend/images/revisit.svg HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: image/svg+xml
last-modified: Thu, 18 Apr 2024 18:21:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 962
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/
173.252.167.190200 OK 0 B IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/html; charset=UTF-8
link: <https://news18herald.com/wp-json/>; rel="https://api.w.org/"
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/
173.252.167.190200 OK 0 B IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD / HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/html; charset=UTF-8
link: <https://news18herald.com/wp-json/>; rel="https://api.w.org/"
date: Sat, 04 May 2024 01:56:16 GMT
aistekso.net/400/7330320
139.45.197.244200 OK 35 kB IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File type gzip compressed data, max speed, from Unix
Hash d787d3ab67baee7021911798e2bf8dd0
aaaf3a693a91434d412b9f4982b6a67a9ab39941
eba0110e3c442efb194efd1f8e8e3fb3c8d68400cbafe1fd49f4d15176fbfc9e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /400/7330320 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: b5f6df270e6fc8f2f9804fe547204295
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300526659d6451ee2bb155bbe487883; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
news18herald.com/wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-32x32.png
173.252.167.190200 OK 2.0 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-32x32.png
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Hash 40147d8c3797864604fb91f667a48f23
b2b3462aff0edd24ac70cf20c4162449a1fa02c8
1c2f7ca724368ff91f203e393a545d7a22ace382d490c9d2023c4d30ce114df4
GET /wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-32x32.png HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: image/png
last-modified: Wed, 06 Mar 2024 10:43:25 GMT
accept-ranges: bytes
content-length: 2023
date: Sat, 04 May 2024 01:56:16 GMT
news18herald.com/wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-192x192.png
173.252.167.190200 OK 24 kB URL GET HTTP/3 news18herald.com/wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-192x192.png
IP 173.252.167.190:443
Requested by https://news18herald.com/
Certificate IssuercPanel, Inc.
Subjectnews18herald.com
FingerprintC6:EA:71:C3:FB:EF:4A:C5:63:A7:7F:69:4C:EE:43:75:9D:DB:65:03
ValidityFri, 03 May 2024 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Hash 91c169bd00a51a1f646bb6e463a3ee50
818148216cf2a2953fc658f5cba2fb67f88fe3f4
f9679aadbcec84828b88f2999349c9be5d0344023ab38f2e89d9fda19225a897
GET /wp-content/uploads/2024/03/cropped-Screenshot_20240306-133955-1-192x192.png HTTP/1.1
Host: news18herald.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: _ga_7XBYCZ5VSG=GS1.1.1714787775.1.0.1714787775.0.0.0; _ga=GA1.1.846667288.1714787776; cookieyes-consent=consentid:MU1VbTZacHN2TlBmblBDTlhoNUZFeDR0WG9iZkdITEg,consent:no,action:,necessary:yes,functional:no,analytics:no,performance:no,advertisement:no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 01:56:16 GMT
content-type: image/png
last-modified: Wed, 06 Mar 2024 10:43:25 GMT
accept-ranges: bytes
content-length: 23773
date: Sat, 04 May 2024 01:56:16 GMT
aistekso.net/500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.244200 OK 0 B URL OPTIONS HTTP/2 aistekso.net/500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
aistekso.net/500/7330320?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.244200 OK 0 B URL GET HTTP/2 aistekso.net/500/7330320?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7330320?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
soathoth.com/500/7386922?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 0 B URL GET HTTP/2 soathoth.com/500/7386922?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7386922?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
goomaphy.com/500/7386441?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.239200 OK 0 B URL GET HTTP/2 goomaphy.com/500/7386441?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.239:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectgoomaphy.com
FingerprintC5:05:17:84:C2:C0:36:57:FA:8C:2B:4E:FC:3F:41:74:F8:89:05:50
ValiditySun, 21 Apr 2024 05:07:12 GMT - Sat, 20 Jul 2024 05:07:11 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7386441?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
soathoth.com/500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 0 B URL OPTIONS HTTP/2 soathoth.com/500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
104.22.32.172200 OK 17 kB URL GET HTTP/2 offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 6fe0a8e6dd1827229a93f3a64a823866
a44f50cf061ab8a3eceb6fc2f691a9007c9f4168
2fc6186bece84189796cdd4ea7e4da6702d65784eb734765ab1ae9704de98cd8
GET /www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:16 GMT
content-type: image/jpeg
content-length: 16973
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674404-424d"
expires: Sat, 04 May 2024 21:05:49 GMT
last-modified: Wed, 29 Nov 2023 14:00:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 17427
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4df959a55be4c-CPH
X-Firefox-Spdy: h2
offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg
104.22.32.172200 OK 17 kB URL GET HTTP/2 offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash c8ab7c608555b511dfa28f585183edc9
07b4fe6aa263e63dc15ca76e57280cf4a1da347a
1086d90e75d50f3d72b9782ab379b7fd12e41b0088aa6ca631b800236fe5d5e7
GET /www/images/c8ab7c608555b511dfa28f585183edc9.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:16 GMT
content-type: image/jpeg
content-length: 16731
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-415b"
expires: Sat, 04 May 2024 20:34:18 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 19318
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4df95aa5cbe4c-CPH
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2807bc2b-7d02-470d-99d6-b563a147a227
139.45.195.254200 OK 12 B URL POST HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2807bc2b-7d02-470d-99d6-b563a147a227
IP 139.45.195.254:443
Requested by https://news18herald.com/
Certificate IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2807bc2b-7d02-470d-99d6-b563a147a227 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2794
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 01:56:16 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://news18herald.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
104.22.32.172200 OK 17 kB URL GET HTTP/2 offerimage.com/www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 9c6355bcf96815c755fbba83f9fd8f64
ce698b45fb51ef1494f80f432b7aff0985247724
2cd74e866757767cd5c88d066a0bc057aded1e6c07171e091dd87f56ffd4a906
GET /www/images/9c6355bcf96815c755fbba83f9fd8f64.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:17 GMT
content-type: image/jpeg
content-length: 17173
cache-control: max-age=86400
cf-bgj: h2pri
etag: "642af881-4315"
expires: Sat, 04 May 2024 20:06:53 GMT
last-modified: Mon, 03 Apr 2023 16:02:09 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 20961
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4df964a94be4c-CPH
X-Firefox-Spdy: h2
offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
104.22.32.172200 OK 19 kB URL GET HTTP/2 offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 71581bf2ce9a00138faf7dd80fe3e12e
56479135ed64bf23e1037067c0c87047eb8a414c
5d9f95c8c06343cc189b38268296615ed8816d8154b4b782ad0d62bedd23525e
GET /www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:17 GMT
content-type: image/jpeg
content-length: 19381
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-4bb5"
expires: Sat, 04 May 2024 18:07:30 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 28127
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4df964a95be4c-CPH
X-Firefox-Spdy: h2
soathoth.com/500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 1.4 kB URL OPTIONS HTTP/2 soathoth.com/500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type gzip compressed data, max speed, from Unix
Hash 382f28f56a13816069a4758f0bb4e193
0ffaae931b9d5ad136c9cc3275f7349a77cc62b8
f190713cc85a8851a7fab7208ae0b83ed11d47c5e51747fd637c9217706fb844
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /500/7386925?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=030052ae8a5140d6f585247b9a38ad84
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: 30fe971c4e22fe660290b8ce3d6f5ff9
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://news18herald.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=080052b47db84e09f0ca9119fc0494fd; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
104.22.32.172200 OK 19 kB URL GET HTTP/2 offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 71581bf2ce9a00138faf7dd80fe3e12e
56479135ed64bf23e1037067c0c87047eb8a414c
5d9f95c8c06343cc189b38268296615ed8816d8154b4b782ad0d62bedd23525e
GET /www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/jpeg
content-length: 19381
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-4bb5"
expires: Sat, 04 May 2024 18:07:30 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 28131
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4dfb189b4be4c-CPH
X-Firefox-Spdy: h2
aistekso.net/impression/fGK9U3Q-Z-s-DPW2CXMB4gf_zm28EECueSNjgoFppRQm9cEFE5S7Gz3Vg4krT2XIbHlh-t5BKtPWPAbqb3hyte0yD0cSMVVRjEWz_zfEKAR96NvcVCZe7hEZaa5erH6GhCEK9WYHHyBwsTPiIkb_5QKn6rD3bd-ou2dirCBbMMwsqyrV2NvY_yckWajf9mjTmJQ98EIkJw4fnaz0ZKrtmiPv91G_LFwfOu9d4BUnfHZIrK6ZJoRKIYJ_rHkWa5PSsPOPAQ3MYqEK2DlcdW0GuBNxccPQt8CQcqK8xWjWGLvDu_XDrr2LB-MWjWV6Ymr5pB_szEIYCpZ9tmZO7Cm_03NG0axO8FwQg4Nc5JDfZm7p0sEIQujwIpzCWuHW-p4u-8f012EQpbwdpxxCHsiQmejtj-_qYQbXlTeM17HAB9gy1bUGSMBubpXXC9br70rxI6q8pGIFsJ8jKhRf2z4Qz5rLyN6f6xy1nOkfZW7VdE8YoGPqqHg_XrhYfb9WCQsaddMj5qqErDf6xA1SDNUI0S4h3mTWkxKrQ2pSG1j3JBNLKkSfpJvoNu6MgAv0ihTFYf4RHtMmcfjvr22nuy7TjrrtKY_qRiQkDt2o1NcFhjkT6RfNcPKMNqIw-epGSpRovhVFca2d4z3z2Mmo491NmRVnLO18WArn7NW-T-c66f3ePcaTdefERnHWonVe8zBdwxvNMKAAGFhs562ZGocoZBYfUM6pmtfy7d3SvsRsDDMRCQFSxvMqQlUfIRvXueTTvLYuGFviw21EnbiqcAwyCJ9RLdijKnJ3tyMNr-2K8ss64LZIVL3-1RoaLLqloCwU?_z=7368295&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.244200 OK 43 B URL GET HTTP/2 aistekso.net/impression/fGK9U3Q-Z-s-DPW2CXMB4gf_zm28EECueSNjgoFppRQm9cEFE5S7Gz3Vg4krT2XIbHlh-t5BKtPWPAbqb3hyte0yD0cSMVVRjEWz_zfEKAR96NvcVCZe7hEZaa5erH6GhCEK9WYHHyBwsTPiIkb_5QKn6rD3bd-ou2dirCBbMMwsqyrV2NvY_yckWajf9mjTmJQ98EIkJw4fnaz0ZKrtmiPv91G_LFwfOu9d4BUnfHZIrK6ZJoRKIYJ_rHkWa5PSsPOPAQ3MYqEK2DlcdW0GuBNxccPQt8CQcqK8xWjWGLvDu_XDrr2LB-MWjWV6Ymr5pB_szEIYCpZ9tmZO7Cm_03NG0axO8FwQg4Nc5JDfZm7p0sEIQujwIpzCWuHW-p4u-8f012EQpbwdpxxCHsiQmejtj-_qYQbXlTeM17HAB9gy1bUGSMBubpXXC9br70rxI6q8pGIFsJ8jKhRf2z4Qz5rLyN6f6xy1nOkfZW7VdE8YoGPqqHg_XrhYfb9WCQsaddMj5qqErDf6xA1SDNUI0S4h3mTWkxKrQ2pSG1j3JBNLKkSfpJvoNu6MgAv0ihTFYf4RHtMmcfjvr22nuy7TjrrtKY_qRiQkDt2o1NcFhjkT6RfNcPKMNqIw-epGSpRovhVFca2d4z3z2Mmo491NmRVnLO18WArn7NW-T-c66f3ePcaTdefERnHWonVe8zBdwxvNMKAAGFhs562ZGocoZBYfUM6pmtfy7d3SvsRsDDMRCQFSxvMqQlUfIRvXueTTvLYuGFviw21EnbiqcAwyCJ9RLdijKnJ3tyMNr-2K8ss64LZIVL3-1RoaLLqloCwU?_z=7368295&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/fGK9U3Q-Z-s-DPW2CXMB4gf_zm28EECueSNjgoFppRQm9cEFE5S7Gz3Vg4krT2XIbHlh-t5BKtPWPAbqb3hyte0yD0cSMVVRjEWz_zfEKAR96NvcVCZe7hEZaa5erH6GhCEK9WYHHyBwsTPiIkb_5QKn6rD3bd-ou2dirCBbMMwsqyrV2NvY_yckWajf9mjTmJQ98EIkJw4fnaz0ZKrtmiPv91G_LFwfOu9d4BUnfHZIrK6ZJoRKIYJ_rHkWa5PSsPOPAQ3MYqEK2DlcdW0GuBNxccPQt8CQcqK8xWjWGLvDu_XDrr2LB-MWjWV6Ymr5pB_szEIYCpZ9tmZO7Cm_03NG0axO8FwQg4Nc5JDfZm7p0sEIQujwIpzCWuHW-p4u-8f012EQpbwdpxxCHsiQmejtj-_qYQbXlTeM17HAB9gy1bUGSMBubpXXC9br70rxI6q8pGIFsJ8jKhRf2z4Qz5rLyN6f6xy1nOkfZW7VdE8YoGPqqHg_XrhYfb9WCQsaddMj5qqErDf6xA1SDNUI0S4h3mTWkxKrQ2pSG1j3JBNLKkSfpJvoNu6MgAv0ihTFYf4RHtMmcfjvr22nuy7TjrrtKY_qRiQkDt2o1NcFhjkT6RfNcPKMNqIw-epGSpRovhVFca2d4z3z2Mmo491NmRVnLO18WArn7NW-T-c66f3ePcaTdefERnHWonVe8zBdwxvNMKAAGFhs562ZGocoZBYfUM6pmtfy7d3SvsRsDDMRCQFSxvMqQlUfIRvXueTTvLYuGFviw21EnbiqcAwyCJ9RLdijKnJ3tyMNr-2K8ss64LZIVL3-1RoaLLqloCwU?_z=7368295&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/gif
content-length: 43
x-trace-id: 20c900a82a199ca91b8d8eb215acb4aa
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
aistekso.net/impression/PyOQMq_CPXX-N3XHVpgA006os9yW5m0_5LWs1bs1RJdqouXG2YIo3HbYF21_KuUZ1GywLbgjfcJfCxhn8WaKBAT0UYV6bs-eNlI-J8dX6lf1JFpnD2cyE9suTtOA_7NXiVHWwQJwD7TLg2GhcffyCCl1f4aU8lBCaUtvxw2F1Vm-uxBydtjmEwECCY4-_wGBhUfEXvpGmzzE28yBSqiaQhqjJZ0rLnYdeE3d5hXfWVwfGgayMQtAvPvnrtlyxJrk5URWB-mfQGnWUVSs8BIjyxEltM67guU3ApGmCnuLPJnOKko74kEbgWqG-BbLqZggKNMBFezOx2JimhwFLm-4LdH_vwcgIX5aI1kCkGJHqoEKvAaJfjSfF05OsWeMMsD-VY1OdalnFB0_oLXiiUGbdxJ3eLRq5YWcXuqx9I2zg0yE0Z1Xnp70yy8CCUaEMCq28j_eQ8S4bllRMOKhxWSYvkkrCdsNm2MOFnfZuEDyiFS8hKGmcafK9Jvs-MJAxIbxwQJlaOLq9NGSRLkTiApNMD_GWXMMKJ7Opa4ZjF72J4sC6sah6Q0FKLD--r88_9ZdEr1BtVpQcAVZ20G7qne6DfF2LOJNnNVUSk5v3r8h92a7LTNJ-6W5iXCU295oU0cA8uEzl79CwUWKGanVLXgdzEs9FypX0Z9n3Rl-ayg743wH70D8ZnUxgHzkvBQ2edAb2QqTh3Cc6gz-Y2RqASVs-c7gAn3moOTHcDLmA4VtXpOqKGBxTaya_SHE1TsqWUJaqImhxC4NHez-KS9kMMONev6v0SoOhJDyUkTqPmg4JjX8w5LJOOD9MKSAY7cf040a?_z=7330320&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.244200 OK 43 B URL GET HTTP/2 aistekso.net/impression/PyOQMq_CPXX-N3XHVpgA006os9yW5m0_5LWs1bs1RJdqouXG2YIo3HbYF21_KuUZ1GywLbgjfcJfCxhn8WaKBAT0UYV6bs-eNlI-J8dX6lf1JFpnD2cyE9suTtOA_7NXiVHWwQJwD7TLg2GhcffyCCl1f4aU8lBCaUtvxw2F1Vm-uxBydtjmEwECCY4-_wGBhUfEXvpGmzzE28yBSqiaQhqjJZ0rLnYdeE3d5hXfWVwfGgayMQtAvPvnrtlyxJrk5URWB-mfQGnWUVSs8BIjyxEltM67guU3ApGmCnuLPJnOKko74kEbgWqG-BbLqZggKNMBFezOx2JimhwFLm-4LdH_vwcgIX5aI1kCkGJHqoEKvAaJfjSfF05OsWeMMsD-VY1OdalnFB0_oLXiiUGbdxJ3eLRq5YWcXuqx9I2zg0yE0Z1Xnp70yy8CCUaEMCq28j_eQ8S4bllRMOKhxWSYvkkrCdsNm2MOFnfZuEDyiFS8hKGmcafK9Jvs-MJAxIbxwQJlaOLq9NGSRLkTiApNMD_GWXMMKJ7Opa4ZjF72J4sC6sah6Q0FKLD--r88_9ZdEr1BtVpQcAVZ20G7qne6DfF2LOJNnNVUSk5v3r8h92a7LTNJ-6W5iXCU295oU0cA8uEzl79CwUWKGanVLXgdzEs9FypX0Z9n3Rl-ayg743wH70D8ZnUxgHzkvBQ2edAb2QqTh3Cc6gz-Y2RqASVs-c7gAn3moOTHcDLmA4VtXpOqKGBxTaya_SHE1TsqWUJaqImhxC4NHez-KS9kMMONev6v0SoOhJDyUkTqPmg4JjX8w5LJOOD9MKSAY7cf040a?_z=7330320&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/PyOQMq_CPXX-N3XHVpgA006os9yW5m0_5LWs1bs1RJdqouXG2YIo3HbYF21_KuUZ1GywLbgjfcJfCxhn8WaKBAT0UYV6bs-eNlI-J8dX6lf1JFpnD2cyE9suTtOA_7NXiVHWwQJwD7TLg2GhcffyCCl1f4aU8lBCaUtvxw2F1Vm-uxBydtjmEwECCY4-_wGBhUfEXvpGmzzE28yBSqiaQhqjJZ0rLnYdeE3d5hXfWVwfGgayMQtAvPvnrtlyxJrk5URWB-mfQGnWUVSs8BIjyxEltM67guU3ApGmCnuLPJnOKko74kEbgWqG-BbLqZggKNMBFezOx2JimhwFLm-4LdH_vwcgIX5aI1kCkGJHqoEKvAaJfjSfF05OsWeMMsD-VY1OdalnFB0_oLXiiUGbdxJ3eLRq5YWcXuqx9I2zg0yE0Z1Xnp70yy8CCUaEMCq28j_eQ8S4bllRMOKhxWSYvkkrCdsNm2MOFnfZuEDyiFS8hKGmcafK9Jvs-MJAxIbxwQJlaOLq9NGSRLkTiApNMD_GWXMMKJ7Opa4ZjF72J4sC6sah6Q0FKLD--r88_9ZdEr1BtVpQcAVZ20G7qne6DfF2LOJNnNVUSk5v3r8h92a7LTNJ-6W5iXCU295oU0cA8uEzl79CwUWKGanVLXgdzEs9FypX0Z9n3Rl-ayg743wH70D8ZnUxgHzkvBQ2edAb2QqTh3Cc6gz-Y2RqASVs-c7gAn3moOTHcDLmA4VtXpOqKGBxTaya_SHE1TsqWUJaqImhxC4NHez-KS9kMMONev6v0SoOhJDyUkTqPmg4JjX8w5LJOOD9MKSAY7cf040a?_z=7330320&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/gif
content-length: 43
x-trace-id: 77a97cfb72ef68fced160efba1174f13
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
104.22.32.172200 OK 17 kB URL GET HTTP/2 offerimage.com/www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 6fe0a8e6dd1827229a93f3a64a823866
a44f50cf061ab8a3eceb6fc2f691a9007c9f4168
2fc6186bece84189796cdd4ea7e4da6702d65784eb734765ab1ae9704de98cd8
GET /www/images/6fe0a8e6dd1827229a93f3a64a823866.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/jpeg
content-length: 16973
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674404-424d"
expires: Sat, 04 May 2024 21:05:49 GMT
last-modified: Wed, 29 Nov 2023 14:00:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 17432
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4dfb229dbbe4c-CPH
X-Firefox-Spdy: h2
offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg
104.22.32.172200 OK 17 kB URL GET HTTP/2 offerimage.com/www/images/c8ab7c608555b511dfa28f585183edc9.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash c8ab7c608555b511dfa28f585183edc9
07b4fe6aa263e63dc15ca76e57280cf4a1da347a
1086d90e75d50f3d72b9782ab379b7fd12e41b0088aa6ca631b800236fe5d5e7
GET /www/images/c8ab7c608555b511dfa28f585183edc9.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/jpeg
content-length: 16731
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-415b"
expires: Sat, 04 May 2024 20:34:18 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 19323
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4dfb249e2be4c-CPH
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 172881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 98146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:55:00 GMT
expires: Fri, 02 May 2025 01:55:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 172881
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:40:35 GMT
expires: Fri, 02 May 2025 22:40:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 98146
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
soathoth.com/impression/lN9wKu277FMWaEe1XlN9mvCTjwTQ-VY_Bo2vK6Yha_DdasEUEj-U2tQ8EJa3BclFA7t5HiFwwyLthP8thp1AB3P5TrVLO8GhZxGI-ShY8OI_j7zhizQ20JxPEGhraX7jfn3B5U0kjuuUw1ZQvEbz9KNCyvySohvyLP4N7BEj0Z8F6DMs63jlOPBxblTSPTBcISQYGNCMepu49yvy21wibkMWM-kBCWygI9vWp5GVPWHqOHIibQKwjabe6f65Ph7JXpC1QyyLrso60adPMprH35zT7ewqfroBsk43YW3qg9k3NPRfjLOYo3yXVQTcbq_UIw2NuynirEQSAzPKxzqQX-A4hnY6Yxd3JJrppdTYquv5CXxuacYXSb0Eyou24X3qlHTTFfbNKfB1vLlDMar67cgG58aPJwWoA6RzIJ4SSTax8Cn0R_Kb2-67KZleur_AoWQ9hyNgNxCu1NZuf1k2h2eqbqWXDLZZAuQbo-Yh6-hFNo4eL6iHAdAe4bEwqBE8JhFOweOecxTv7wW4xdXWx4rbnzj2DatKtl7ygpoWE3eeRoG75SqvtqV3G40-1wWdNzxKhLCRmBtmLnXrNXQuYpAQT-hNeHZDNRT1pzwrFX9R6GW7_PrhxN8-VAxFmKGOoVnUAYEaYRz804UqSzaTgsrpQ9YsBWd9276XDT0Rzea2oT9oyok0ZCND9EV2YhRwjE5qDKEm4g1xVQUVPs-LvSqpTOiXSuZGEGYiBRXUNMqR_kZx9eNG7wBT66siQApDVWg2Kdld7lAEKDTonMTj2fDwUYDwZek6I12ksmKJdgIcNnVj8eA_0CD3JlIzQMsn?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 43 B URL GET HTTP/2 soathoth.com/impression/lN9wKu277FMWaEe1XlN9mvCTjwTQ-VY_Bo2vK6Yha_DdasEUEj-U2tQ8EJa3BclFA7t5HiFwwyLthP8thp1AB3P5TrVLO8GhZxGI-ShY8OI_j7zhizQ20JxPEGhraX7jfn3B5U0kjuuUw1ZQvEbz9KNCyvySohvyLP4N7BEj0Z8F6DMs63jlOPBxblTSPTBcISQYGNCMepu49yvy21wibkMWM-kBCWygI9vWp5GVPWHqOHIibQKwjabe6f65Ph7JXpC1QyyLrso60adPMprH35zT7ewqfroBsk43YW3qg9k3NPRfjLOYo3yXVQTcbq_UIw2NuynirEQSAzPKxzqQX-A4hnY6Yxd3JJrppdTYquv5CXxuacYXSb0Eyou24X3qlHTTFfbNKfB1vLlDMar67cgG58aPJwWoA6RzIJ4SSTax8Cn0R_Kb2-67KZleur_AoWQ9hyNgNxCu1NZuf1k2h2eqbqWXDLZZAuQbo-Yh6-hFNo4eL6iHAdAe4bEwqBE8JhFOweOecxTv7wW4xdXWx4rbnzj2DatKtl7ygpoWE3eeRoG75SqvtqV3G40-1wWdNzxKhLCRmBtmLnXrNXQuYpAQT-hNeHZDNRT1pzwrFX9R6GW7_PrhxN8-VAxFmKGOoVnUAYEaYRz804UqSzaTgsrpQ9YsBWd9276XDT0Rzea2oT9oyok0ZCND9EV2YhRwjE5qDKEm4g1xVQUVPs-LvSqpTOiXSuZGEGYiBRXUNMqR_kZx9eNG7wBT66siQApDVWg2Kdld7lAEKDTonMTj2fDwUYDwZek6I12ksmKJdgIcNnVj8eA_0CD3JlIzQMsn?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/lN9wKu277FMWaEe1XlN9mvCTjwTQ-VY_Bo2vK6Yha_DdasEUEj-U2tQ8EJa3BclFA7t5HiFwwyLthP8thp1AB3P5TrVLO8GhZxGI-ShY8OI_j7zhizQ20JxPEGhraX7jfn3B5U0kjuuUw1ZQvEbz9KNCyvySohvyLP4N7BEj0Z8F6DMs63jlOPBxblTSPTBcISQYGNCMepu49yvy21wibkMWM-kBCWygI9vWp5GVPWHqOHIibQKwjabe6f65Ph7JXpC1QyyLrso60adPMprH35zT7ewqfroBsk43YW3qg9k3NPRfjLOYo3yXVQTcbq_UIw2NuynirEQSAzPKxzqQX-A4hnY6Yxd3JJrppdTYquv5CXxuacYXSb0Eyou24X3qlHTTFfbNKfB1vLlDMar67cgG58aPJwWoA6RzIJ4SSTax8Cn0R_Kb2-67KZleur_AoWQ9hyNgNxCu1NZuf1k2h2eqbqWXDLZZAuQbo-Yh6-hFNo4eL6iHAdAe4bEwqBE8JhFOweOecxTv7wW4xdXWx4rbnzj2DatKtl7ygpoWE3eeRoG75SqvtqV3G40-1wWdNzxKhLCRmBtmLnXrNXQuYpAQT-hNeHZDNRT1pzwrFX9R6GW7_PrhxN8-VAxFmKGOoVnUAYEaYRz804UqSzaTgsrpQ9YsBWd9276XDT0Rzea2oT9oyok0ZCND9EV2YhRwjE5qDKEm4g1xVQUVPs-LvSqpTOiXSuZGEGYiBRXUNMqR_kZx9eNG7wBT66siQApDVWg2Kdld7lAEKDTonMTj2fDwUYDwZek6I12ksmKJdgIcNnVj8eA_0CD3JlIzQMsn?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: 8f58bfe9025408bf9d486dbdcf31f468
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
soathoth.com/impression/wBAoBJHgsBllgomsMnZ7THEVraY41_RKOuoJH3x7Lyv0xQaEoJskcyF8gytwxQnm0qsxuhVloM2rSeghr6rv1EsCVEMgk5_bWXOo9D23xp-fF-y7XdkhfiwJODH34TX9yt-KAXFDD0_o06d1uH8Knh9VjV5SM_XOao4oEJ4Kh0cBDkvrK4gGqjhJsNFE_vS1uIcvWqPqtyJfkROXB_o0VoXiDa4evWU8OjvVZkKfTbnsZknOIqHq7nM05cuxUUv9QCOFClBoHXxEQSCDh75gNa1MC2kXyIgsqm-rMCsgH9bPHU2rHlf-dZKdwm5Sy60Sfx_PfNZuKpBcH-YcCP7spMY-j096wN3_fjlNieV0zNUw4o2FcrRg_wRGPO50FETO25taxhMew8aHy43Fa7HwjqVAxgMlwQCFH58UofvnulBxq2Zldr63aes560jPwP_se6tvd3RnkBxBfXwj-W7sbU2cc5gSiemyxe4-ciAWHBT-o8QOVt1CbMZUvhFNsMs6e_4KK82WPelQbLh6TNx_3LVN0z6NnHjpFkiirYT5d5gRSIadD9Q825eltjBPmo9g4_1evhtg1aG3B5ZDjx5gi-zxyriplnspd1ZzO6cxjcinlXda_dgW5HCWJfaZ2NWqHn6D3A5PQNtpe0wDaOwZ3BfYeY6trlWtSwd9eMOePzqkFWdfr_o-H-mLis_sd9jEzu9a6EUSyLJf0vZzl2dg6RtCPM_znvZyz7hK4ciEGoaBD0KZasfY9cqnV83tnXHYz_qBoUCvbT2qijzC8gyafl0cI5-4WwJxSPpZRRHRmtLyaZ9vlaZe4pcahAErBiJg?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 43 B URL GET HTTP/2 soathoth.com/impression/wBAoBJHgsBllgomsMnZ7THEVraY41_RKOuoJH3x7Lyv0xQaEoJskcyF8gytwxQnm0qsxuhVloM2rSeghr6rv1EsCVEMgk5_bWXOo9D23xp-fF-y7XdkhfiwJODH34TX9yt-KAXFDD0_o06d1uH8Knh9VjV5SM_XOao4oEJ4Kh0cBDkvrK4gGqjhJsNFE_vS1uIcvWqPqtyJfkROXB_o0VoXiDa4evWU8OjvVZkKfTbnsZknOIqHq7nM05cuxUUv9QCOFClBoHXxEQSCDh75gNa1MC2kXyIgsqm-rMCsgH9bPHU2rHlf-dZKdwm5Sy60Sfx_PfNZuKpBcH-YcCP7spMY-j096wN3_fjlNieV0zNUw4o2FcrRg_wRGPO50FETO25taxhMew8aHy43Fa7HwjqVAxgMlwQCFH58UofvnulBxq2Zldr63aes560jPwP_se6tvd3RnkBxBfXwj-W7sbU2cc5gSiemyxe4-ciAWHBT-o8QOVt1CbMZUvhFNsMs6e_4KK82WPelQbLh6TNx_3LVN0z6NnHjpFkiirYT5d5gRSIadD9Q825eltjBPmo9g4_1evhtg1aG3B5ZDjx5gi-zxyriplnspd1ZzO6cxjcinlXda_dgW5HCWJfaZ2NWqHn6D3A5PQNtpe0wDaOwZ3BfYeY6trlWtSwd9eMOePzqkFWdfr_o-H-mLis_sd9jEzu9a6EUSyLJf0vZzl2dg6RtCPM_znvZyz7hK4ciEGoaBD0KZasfY9cqnV83tnXHYz_qBoUCvbT2qijzC8gyafl0cI5-4WwJxSPpZRRHRmtLyaZ9vlaZe4pcahAErBiJg?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/wBAoBJHgsBllgomsMnZ7THEVraY41_RKOuoJH3x7Lyv0xQaEoJskcyF8gytwxQnm0qsxuhVloM2rSeghr6rv1EsCVEMgk5_bWXOo9D23xp-fF-y7XdkhfiwJODH34TX9yt-KAXFDD0_o06d1uH8Knh9VjV5SM_XOao4oEJ4Kh0cBDkvrK4gGqjhJsNFE_vS1uIcvWqPqtyJfkROXB_o0VoXiDa4evWU8OjvVZkKfTbnsZknOIqHq7nM05cuxUUv9QCOFClBoHXxEQSCDh75gNa1MC2kXyIgsqm-rMCsgH9bPHU2rHlf-dZKdwm5Sy60Sfx_PfNZuKpBcH-YcCP7spMY-j096wN3_fjlNieV0zNUw4o2FcrRg_wRGPO50FETO25taxhMew8aHy43Fa7HwjqVAxgMlwQCFH58UofvnulBxq2Zldr63aes560jPwP_se6tvd3RnkBxBfXwj-W7sbU2cc5gSiemyxe4-ciAWHBT-o8QOVt1CbMZUvhFNsMs6e_4KK82WPelQbLh6TNx_3LVN0z6NnHjpFkiirYT5d5gRSIadD9Q825eltjBPmo9g4_1evhtg1aG3B5ZDjx5gi-zxyriplnspd1ZzO6cxjcinlXda_dgW5HCWJfaZ2NWqHn6D3A5PQNtpe0wDaOwZ3BfYeY6trlWtSwd9eMOePzqkFWdfr_o-H-mLis_sd9jEzu9a6EUSyLJf0vZzl2dg6RtCPM_znvZyz7hK4ciEGoaBD0KZasfY9cqnV83tnXHYz_qBoUCvbT2qijzC8gyafl0cI5-4WwJxSPpZRRHRmtLyaZ9vlaZe4pcahAErBiJg?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:26 GMT
content-type: image/gif
content-length: 43
x-trace-id: c0e3b14ab44c93b90b5dad01c013e482
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
aistekso.net/500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.244200 OK 5.1 kB URL OPTIONS HTTP/2 aistekso.net/500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File type gzip compressed data, max speed, from Unix
Hash 4892bff31f754f74ef27851653f67a79
997eade2a8fab6c7d2f080701396c6bb1dd7d9b3
1e889d84fc197d266813cbaebe72f3f4983fdf5f86168542f48b551a1f7d4d92
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /500/7368295?excludes=&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=0300526659d6451ee2bb155bbe487883
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: a7876953a7ca6620036099bdecb55d63
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://news18herald.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=080052b47db84e09f0ca9119fc0494fd; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
soathoth.com/500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 0 B URL OPTIONS HTTP/2 soathoth.com/500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
soathoth.com/500/7386925?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 0 B URL GET HTTP/2 soathoth.com/500/7386925?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/7386925?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://news18herald.com/
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:26 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
soathoth.com/500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 72 kB URL OPTIONS HTTP/2 soathoth.com/500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type gzip compressed data, max speed, from Unix
Hash 613468370358cd2b4e7a33aea7072978
3cbc6b387e7771b5a233c8c957f3895aa18555a6
03041d6d41cfd9174a071a99446eb80a6525c61817dd5f166fd924feaa00a20c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /500/7386922?excludes=19845928&oaid=080052b47db84e09f0ca9119fc0494fd&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:26 GMT
content-type: application/javascript
x-trace-id: 0ff87f3c59bae0fc7cf32e58eaf5e496
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://news18herald.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=080052b47db84e09f0ca9119fc0494fd; expires=Sun, 04 May 2025 01:56:26 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
104.22.32.172200 OK 19 kB URL GET HTTP/2 offerimage.com/www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 71581bf2ce9a00138faf7dd80fe3e12e
56479135ed64bf23e1037067c0c87047eb8a414c
5d9f95c8c06343cc189b38268296615ed8816d8154b4b782ad0d62bedd23525e
GET /www/images/71581bf2ce9a00138faf7dd80fe3e12e.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:26 GMT
content-type: image/jpeg
content-length: 19381
cache-control: max-age=86400
cf-bgj: h2pri
etag: "65674405-4bb5"
expires: Sat, 04 May 2024 18:07:30 GMT
last-modified: Wed, 29 Nov 2023 14:00:37 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 28136
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4dfd2ca21be4c-CPH
X-Firefox-Spdy: h2
soathoth.com/impression/geVcVf3Wn1LW65rCQKCCBgNHJ7GJjWWtsMvzkemqAUjkkswQ4RXqjekodXC5_0bHBnqf2Ck05R4cBRUlk6c33tWl2yrLBzthrLKZdbOQvEA3WvA0Dyw7ZXWyH2L47dOR6Aqwrs1NWaO6FhRvFv8WfNwls5ISFNvCIGXXMGdTYuNookOWmnriIdUQv3NHk7sKnxaG2vOSkIrJclN-xBgcRVGOj53mYYlkPmxi5fwtHQtOlYvJl47fA0G_sh7vyHGsG2EA472VcAXqnIHZHG5aO-FDxER2ZMd7YLOC7U-f6eqNIjS8pxP5oohCVRC20OA6L8GkpYvGuzvzklmGE-E-a-x_X0yMy_SidoXq8ndLzZNIfkD3jaczn4JOwINlw6BWvftEVqLQ1DPvqRIC8D6YGq-AdKHPVC3TrK3nYwZbCG-SpmTB0H-euM_SYZXpvOghx-tuOYG2FAhJwZwadQmMN6ZFNqDunj9i6zkeNzq-qMnXfa-_amfMFMdp-vMC-VybaCu426BZASAt7KhNu1Exben-gRnys1HR_RYdQg6Jn3foVcIca7dnYeIw7IGthe_VHAjjA4XdaaB4a2lUfn8N-N39sTuGqUmofAfH-ECPcd6SW67XyK9XADSTM1-kn7Bta1UDn6YiYH821IUV-UQn2TZ2-TflGVHufHtgqDVcojSMgv_XJSkiu8cvRG_fn5aRZ5WVAybs7LcMvpR8pZedsnfdlolStthD4ItjiTZxtjUcijR6vEjMv9bjWk_GXKtLuz0_DNeoxn4RQ34zG336rKXWJVsiIK4SXJtPD0yI7DB8mh6rBSWMS-cQ5bg_i2u6?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 43 B URL GET HTTP/2 soathoth.com/impression/geVcVf3Wn1LW65rCQKCCBgNHJ7GJjWWtsMvzkemqAUjkkswQ4RXqjekodXC5_0bHBnqf2Ck05R4cBRUlk6c33tWl2yrLBzthrLKZdbOQvEA3WvA0Dyw7ZXWyH2L47dOR6Aqwrs1NWaO6FhRvFv8WfNwls5ISFNvCIGXXMGdTYuNookOWmnriIdUQv3NHk7sKnxaG2vOSkIrJclN-xBgcRVGOj53mYYlkPmxi5fwtHQtOlYvJl47fA0G_sh7vyHGsG2EA472VcAXqnIHZHG5aO-FDxER2ZMd7YLOC7U-f6eqNIjS8pxP5oohCVRC20OA6L8GkpYvGuzvzklmGE-E-a-x_X0yMy_SidoXq8ndLzZNIfkD3jaczn4JOwINlw6BWvftEVqLQ1DPvqRIC8D6YGq-AdKHPVC3TrK3nYwZbCG-SpmTB0H-euM_SYZXpvOghx-tuOYG2FAhJwZwadQmMN6ZFNqDunj9i6zkeNzq-qMnXfa-_amfMFMdp-vMC-VybaCu426BZASAt7KhNu1Exben-gRnys1HR_RYdQg6Jn3foVcIca7dnYeIw7IGthe_VHAjjA4XdaaB4a2lUfn8N-N39sTuGqUmofAfH-ECPcd6SW67XyK9XADSTM1-kn7Bta1UDn6YiYH821IUV-UQn2TZ2-TflGVHufHtgqDVcojSMgv_XJSkiu8cvRG_fn5aRZ5WVAybs7LcMvpR8pZedsnfdlolStthD4ItjiTZxtjUcijR6vEjMv9bjWk_GXKtLuz0_DNeoxn4RQ34zG336rKXWJVsiIK4SXJtPD0yI7DB8mh6rBSWMS-cQ5bg_i2u6?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/geVcVf3Wn1LW65rCQKCCBgNHJ7GJjWWtsMvzkemqAUjkkswQ4RXqjekodXC5_0bHBnqf2Ck05R4cBRUlk6c33tWl2yrLBzthrLKZdbOQvEA3WvA0Dyw7ZXWyH2L47dOR6Aqwrs1NWaO6FhRvFv8WfNwls5ISFNvCIGXXMGdTYuNookOWmnriIdUQv3NHk7sKnxaG2vOSkIrJclN-xBgcRVGOj53mYYlkPmxi5fwtHQtOlYvJl47fA0G_sh7vyHGsG2EA472VcAXqnIHZHG5aO-FDxER2ZMd7YLOC7U-f6eqNIjS8pxP5oohCVRC20OA6L8GkpYvGuzvzklmGE-E-a-x_X0yMy_SidoXq8ndLzZNIfkD3jaczn4JOwINlw6BWvftEVqLQ1DPvqRIC8D6YGq-AdKHPVC3TrK3nYwZbCG-SpmTB0H-euM_SYZXpvOghx-tuOYG2FAhJwZwadQmMN6ZFNqDunj9i6zkeNzq-qMnXfa-_amfMFMdp-vMC-VybaCu426BZASAt7KhNu1Exben-gRnys1HR_RYdQg6Jn3foVcIca7dnYeIw7IGthe_VHAjjA4XdaaB4a2lUfn8N-N39sTuGqUmofAfH-ECPcd6SW67XyK9XADSTM1-kn7Bta1UDn6YiYH821IUV-UQn2TZ2-TflGVHufHtgqDVcojSMgv_XJSkiu8cvRG_fn5aRZ5WVAybs7LcMvpR8pZedsnfdlolStthD4ItjiTZxtjUcijR6vEjMv9bjWk_GXKtLuz0_DNeoxn4RQ34zG336rKXWJVsiIK4SXJtPD0yI7DB8mh6rBSWMS-cQ5bg_i2u6?_z=7386922&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: b116db357c6bcdc5e6cb85cbf117a099
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
soathoth.com/impression/4fBeAASH4hqTnDmHdVa0EH2VV3ioHZ3AXVS_XGsHJCar5IPLojVJcxM505rXVrNcvZHahUA06RcOwNPEix7afLuRuw41g3Hrs7hIXmBA7QuRNqdgcyRC9INpkxX9CNjHlOBIvM6gXvR8bJRyWdhHMOP_FHuVDzNiA2HoZTkdc4t7nBJ0S0bPaw5WBiOh2AHF-PGHarMkTTdYzq5as22MyfLOv_Xgu6_GSHiWsc1jj25Ym9V37UmYbxtYcCR5a40gI61vKm7W16r9zgexhsUVw03njLPTHbyHQn804IDoR7KNSSGHq9lB44XSaOzeCLNu2m6Ca7FJzBIFyCARzL5HvbRDqAYO5SkJoA1bP4ZC7AQJjB7oQcTn8kffZjFitAM8IlajTBxL-lrzITYhysJgn6ZyVJz1clPKaPj1Uoq0hdM6OZBFACSGyL6h_17sPsUnL3ZOgNpomURw1hDcrlm8CfUfqEfzKwqnfMWT8lIU5kYBzf64p3mz2y1d5JMD9RtATSZmDsGkClAAKXxw26S7wkROiTfD-76H8Ekk5hzE2SF5xVYkyTYXpu6o-1XU_IVM5KnvLo9bwud0Vxrf5bXf-DSxwm8ipdiHt1K-0WHElVVy15idoFe8M8H_D9l0Zu3DgWqzvHmhpnhFVgEZsVZoO3UTyjRq94_ND_nTPtEa7_EujC7HKxPqshbPQ5pvdJla3B9c5P12Y9dHLiFDYrrDtzJXwNx8yFn5InyLhXfG0S6aW7ho_CKN_2PFemd4XupBC9As-Jr2Itzjar-uRhq5gZzjBmB7QUqcXTVsgJmy2z9REbMZDYYx4e9aWN7qETZR?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.242200 OK 43 B URL GET HTTP/2 soathoth.com/impression/4fBeAASH4hqTnDmHdVa0EH2VV3ioHZ3AXVS_XGsHJCar5IPLojVJcxM505rXVrNcvZHahUA06RcOwNPEix7afLuRuw41g3Hrs7hIXmBA7QuRNqdgcyRC9INpkxX9CNjHlOBIvM6gXvR8bJRyWdhHMOP_FHuVDzNiA2HoZTkdc4t7nBJ0S0bPaw5WBiOh2AHF-PGHarMkTTdYzq5as22MyfLOv_Xgu6_GSHiWsc1jj25Ym9V37UmYbxtYcCR5a40gI61vKm7W16r9zgexhsUVw03njLPTHbyHQn804IDoR7KNSSGHq9lB44XSaOzeCLNu2m6Ca7FJzBIFyCARzL5HvbRDqAYO5SkJoA1bP4ZC7AQJjB7oQcTn8kffZjFitAM8IlajTBxL-lrzITYhysJgn6ZyVJz1clPKaPj1Uoq0hdM6OZBFACSGyL6h_17sPsUnL3ZOgNpomURw1hDcrlm8CfUfqEfzKwqnfMWT8lIU5kYBzf64p3mz2y1d5JMD9RtATSZmDsGkClAAKXxw26S7wkROiTfD-76H8Ekk5hzE2SF5xVYkyTYXpu6o-1XU_IVM5KnvLo9bwud0Vxrf5bXf-DSxwm8ipdiHt1K-0WHElVVy15idoFe8M8H_D9l0Zu3DgWqzvHmhpnhFVgEZsVZoO3UTyjRq94_ND_nTPtEa7_EujC7HKxPqshbPQ5pvdJla3B9c5P12Y9dHLiFDYrrDtzJXwNx8yFn5InyLhXfG0S6aW7ho_CKN_2PFemd4XupBC9As-Jr2Itzjar-uRhq5gZzjBmB7QUqcXTVsgJmy2z9REbMZDYYx4e9aWN7qETZR?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/4fBeAASH4hqTnDmHdVa0EH2VV3ioHZ3AXVS_XGsHJCar5IPLojVJcxM505rXVrNcvZHahUA06RcOwNPEix7afLuRuw41g3Hrs7hIXmBA7QuRNqdgcyRC9INpkxX9CNjHlOBIvM6gXvR8bJRyWdhHMOP_FHuVDzNiA2HoZTkdc4t7nBJ0S0bPaw5WBiOh2AHF-PGHarMkTTdYzq5as22MyfLOv_Xgu6_GSHiWsc1jj25Ym9V37UmYbxtYcCR5a40gI61vKm7W16r9zgexhsUVw03njLPTHbyHQn804IDoR7KNSSGHq9lB44XSaOzeCLNu2m6Ca7FJzBIFyCARzL5HvbRDqAYO5SkJoA1bP4ZC7AQJjB7oQcTn8kffZjFitAM8IlajTBxL-lrzITYhysJgn6ZyVJz1clPKaPj1Uoq0hdM6OZBFACSGyL6h_17sPsUnL3ZOgNpomURw1hDcrlm8CfUfqEfzKwqnfMWT8lIU5kYBzf64p3mz2y1d5JMD9RtATSZmDsGkClAAKXxw26S7wkROiTfD-76H8Ekk5hzE2SF5xVYkyTYXpu6o-1XU_IVM5KnvLo9bwud0Vxrf5bXf-DSxwm8ipdiHt1K-0WHElVVy15idoFe8M8H_D9l0Zu3DgWqzvHmhpnhFVgEZsVZoO3UTyjRq94_ND_nTPtEa7_EujC7HKxPqshbPQ5pvdJla3B9c5P12Y9dHLiFDYrrDtzJXwNx8yFn5InyLhXfG0S6aW7ho_CKN_2PFemd4XupBC9As-Jr2Itzjar-uRhq5gZzjBmB7QUqcXTVsgJmy2z9REbMZDYYx4e9aWN7qETZR?_z=7386925&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=6&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:29 GMT
content-type: image/gif
content-length: 43
x-trace-id: 7835e552d3c37ca4a90910542d552587
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
goomaphy.com/impression/4yWFyY5TVck-RzUul5N22gG8cM9ox70OP2EKMWpABKTbtqEHyqMYSvA2K8YfHdCYNlbX5XxFe4eIHn-cizkaI6tfUmnvHZbr-1BYzNypUYR7y7XLieM8TKxzAt0I7kPOdvYc7Q14vxmJ-9595UPUs36sMtVc1cpe2W6sYUm_tnU6vzsAULedWg4trqZQRYnZHtipT5FjrwE3vJpY87_3dOxUziAztLxTi0u1Et5SJPJJ5fjnd3pCaSfb7BKPXifMkpHldLs-QeVkjuTX9oh-yM-Rvm31VBhmy_hwUt25aJQJT-gLXKgyx_fOsSAX6b3pqW-UzuWYJDHRm2o2uV0cYvhFW04KnA776eiMblwx7iVM_Aw2gf_XzcvPeSgV_IHZFSB8QfJwiExZb5ef1NK5dSUU3QRZPbqyhcfQvMjF87t4MuwNd4oy_WcHjTQQro5nvbsxPRG-cuqTPVzvxOglNi41qlQhxqII6mJ6zJ6HF4mqCQCla6xPlhTHdwIoZguput6LwTntpqyO1b7PHHuCowY1qKEYxTARsXW6CWaV_e3fXK0-v2VVcloHsZLMcHZKrYG5WWTaQAqb_8WZTJlfu9-rYhR-TTpbZ8ef0fatd3cBjahJyjoP7HpaG1PMrJi5XFa_D4XscezNgDvOYeOb--xEhAF2FYoGyxjs52pUBkvrFJz6M0Gc5VND2zByatv25LoRuGqAQvl7imhACafqD6_8vN2oF_fuEPCsuRXvyAfdnN92Kcy2H_n1udY1XjXauZNypbBK6NwZgV3jEU0JJLOt8eIGFXLS6H6LIEYgvaJczDfKuP1LvGgHN3vh7JId?_z=7386441&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
139.45.197.239200 OK 43 B URL GET HTTP/2 goomaphy.com/impression/4yWFyY5TVck-RzUul5N22gG8cM9ox70OP2EKMWpABKTbtqEHyqMYSvA2K8YfHdCYNlbX5XxFe4eIHn-cizkaI6tfUmnvHZbr-1BYzNypUYR7y7XLieM8TKxzAt0I7kPOdvYc7Q14vxmJ-9595UPUs36sMtVc1cpe2W6sYUm_tnU6vzsAULedWg4trqZQRYnZHtipT5FjrwE3vJpY87_3dOxUziAztLxTi0u1Et5SJPJJ5fjnd3pCaSfb7BKPXifMkpHldLs-QeVkjuTX9oh-yM-Rvm31VBhmy_hwUt25aJQJT-gLXKgyx_fOsSAX6b3pqW-UzuWYJDHRm2o2uV0cYvhFW04KnA776eiMblwx7iVM_Aw2gf_XzcvPeSgV_IHZFSB8QfJwiExZb5ef1NK5dSUU3QRZPbqyhcfQvMjF87t4MuwNd4oy_WcHjTQQro5nvbsxPRG-cuqTPVzvxOglNi41qlQhxqII6mJ6zJ6HF4mqCQCla6xPlhTHdwIoZguput6LwTntpqyO1b7PHHuCowY1qKEYxTARsXW6CWaV_e3fXK0-v2VVcloHsZLMcHZKrYG5WWTaQAqb_8WZTJlfu9-rYhR-TTpbZ8ef0fatd3cBjahJyjoP7HpaG1PMrJi5XFa_D4XscezNgDvOYeOb--xEhAF2FYoGyxjs52pUBkvrFJz6M0Gc5VND2zByatv25LoRuGqAQvl7imhACafqD6_8vN2oF_fuEPCsuRXvyAfdnN92Kcy2H_n1udY1XjXauZNypbBK6NwZgV3jEU0JJLOt8eIGFXLS6H6LIEYgvaJczDfKuP1LvGgHN3vh7JId?_z=7386441&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0
IP 139.45.197.239:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectgoomaphy.com
FingerprintC5:05:17:84:C2:C0:36:57:FA:8C:2B:4E:FC:3F:41:74:F8:89:05:50
ValiditySun, 21 Apr 2024 05:07:12 GMT - Sat, 20 Jul 2024 05:07:11 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/4yWFyY5TVck-RzUul5N22gG8cM9ox70OP2EKMWpABKTbtqEHyqMYSvA2K8YfHdCYNlbX5XxFe4eIHn-cizkaI6tfUmnvHZbr-1BYzNypUYR7y7XLieM8TKxzAt0I7kPOdvYc7Q14vxmJ-9595UPUs36sMtVc1cpe2W6sYUm_tnU6vzsAULedWg4trqZQRYnZHtipT5FjrwE3vJpY87_3dOxUziAztLxTi0u1Et5SJPJJ5fjnd3pCaSfb7BKPXifMkpHldLs-QeVkjuTX9oh-yM-Rvm31VBhmy_hwUt25aJQJT-gLXKgyx_fOsSAX6b3pqW-UzuWYJDHRm2o2uV0cYvhFW04KnA776eiMblwx7iVM_Aw2gf_XzcvPeSgV_IHZFSB8QfJwiExZb5ef1NK5dSUU3QRZPbqyhcfQvMjF87t4MuwNd4oy_WcHjTQQro5nvbsxPRG-cuqTPVzvxOglNi41qlQhxqII6mJ6zJ6HF4mqCQCla6xPlhTHdwIoZguput6LwTntpqyO1b7PHHuCowY1qKEYxTARsXW6CWaV_e3fXK0-v2VVcloHsZLMcHZKrYG5WWTaQAqb_8WZTJlfu9-rYhR-TTpbZ8ef0fatd3cBjahJyjoP7HpaG1PMrJi5XFa_D4XscezNgDvOYeOb--xEhAF2FYoGyxjs52pUBkvrFJz6M0Gc5VND2zByatv25LoRuGqAQvl7imhACafqD6_8vN2oF_fuEPCsuRXvyAfdnN92Kcy2H_n1udY1XjXauZNypbBK6NwZgV3jEU0JJLOt8eIGFXLS6H6LIEYgvaJczDfKuP1LvGgHN3vh7JId?_z=7386441&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Fnews18herald.com%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.337.0 HTTP/1.1
Host: goomaphy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Cookie: OAID=080052b47db84e09f0ca9119fc0494fd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:21 GMT
content-type: image/gif
content-length: 43
x-trace-id: 3f17a23a0b0f99a171f119c87cdebe00
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 326e0261a12db59fdcf2b389f3c68ff0
36d8731d4da161695646ba6d3abdb7d4c4d455d8
342773493358f72672627844dd135bbec56d2d29b4c72a5cff3a7747c5a7f817
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://news18herald.com
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://news18herald.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080052b47db84e09f0ca9119fc0494fd; expires=Sun, 04 May 2025 01:56:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
soathoth.com/400/7386925
139.45.197.242200 OK 84 kB IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 3864a96106f97a4f2d6937e61b88698b
6a134875adb8c25f99a35a1ce3ea58cce89a4dfd
0095fe6e51c33c36ee49ce9646c495587f33a60235b46fda148d8de2666b847a
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /400/7386925 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: d650044f06c7fbd155c7d6ef4f9c75c7
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03005255f2144264ffce519e0979204a; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Droid+Sans%3A400%2C700&subset=latin-ext
142.250.74.106200 OK 802 B URL GET HTTP/2 fonts.googleapis.com/css?family=Droid+Sans%3A400%2C700&subset=latin-ext
IP 142.250.74.106:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
File type ASCII text, with very long lines (818), with no line terminators
Hash bca91bbc2743e50ceae52c54a7c5665a
99ffec546f5963c56cb898f6609a9f8ae4edaca4
644a4a68c82188fc10feb8438e750bda879e97cf82c2799022768704d306409c
GET /css?family=Droid+Sans%3A400%2C700&subset=latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 01:56:15 GMT
date: Sat, 04 May 2024 01:56:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
soathoth.com/400/7386922
139.45.197.242200 OK 84 kB IP 139.45.197.242:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectsoathoth.com
Fingerprint76:A1:9A:92:B7:C4:7F:63:C6:68:66:D6:5C:5A:E6:81:E1:9F:58:8E
ValidityTue, 02 Apr 2024 05:14:34 GMT - Mon, 01 Jul 2024 05:14:33 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash facb1a04a95d83fe54001a4c21104867
34ee8aba7b709691b7565c1fa7bad760ce48bb75
44397de58d3ec83b2324e12768ad22600faf1e6c0209008c7ef4e36884757b3e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /400/7386922 HTTP/1.1
Host: soathoth.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: 9ac5053b6c7d829ea35ae37026fb994b
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030052ae8a5140d6f585247b9a38ad84; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
aistekso.net/400/7368295
139.45.197.244200 OK 91 kB IP 139.45.197.244:443
Requested by https://news18herald.com/
Certificate IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 23aeaf97805a24d3f405db6af0d34a8c
3ea60813714379dd12d00441091ce1eb8a9b90ea
76015c5dd0a1c1c182f0df2c854939f38029fbc71282c63fa1c8123a4d9c9ee1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /400/7368295 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
x-trace-id: 47a4134acb9f1c988299b881bd6230fe
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0300521dc8f645c5ebbaecebe0ba4d45; expires=Sun, 04 May 2025 01:56:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.193.52200 OK 19 kB IP 172.67.193.52:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT
File type JavaScript source, ASCII text, with very long lines (18486)
Hash 70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:16 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6226
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXZVQECyY7nL%2FnTewYQhB88yGn80Qrntq%2Fsv24FiXTYTtonlCF%2BTwVHhfEth8oxyTHpkWix8HqIpdqRDPFiUHTKhML2b7fP7Mr3BqT4wAKwsS9DoPPvb%2FPGwMXVVVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4df944f6bb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.106200 OK 11 kB URL GET HTTP/3 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.106:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash 155f53ee6339ba8215c3513f7e89a646
1785d802da7b560dc8af49e5c17627ecc88285a0
859bbc3840ddbfac2cbabd04217077fcab6f31a0e24a9f7ff1a2ee6246ba5319
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 01:56:21 GMT
date: Sat, 04 May 2024 01:56:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
offerimage.com/www/images/8fe3c6098f18e4106a620cf6727dd52b.png
104.22.32.172200 OK 71 kB URL GET HTTP/2 offerimage.com/www/images/8fe3c6098f18e4106a620cf6727dd52b.png
IP 104.22.32.172:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Hash 8fe3c6098f18e4106a620cf6727dd52b
9f43a274821bff164f83166e89db3b5559b8d88f
a8487a46e41b96730b6c16da957ff9260e0a4f7123dd491f2674a5299a31da2e
GET /www/images/8fe3c6098f18e4106a620cf6727dd52b.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://news18herald.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 01:56:26 GMT
content-type: image/png
content-length: 70563
last-modified: Wed, 20 Sep 2023 16:50:05 GMT
etag: "650b22bd-113a3"
expires: Sat, 04 May 2024 18:52:47 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 25419
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e4dfd2ba18be4c-CPH
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
142.250.74.106200 OK 11 kB URL GET HTTP/3 fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP 142.250.74.106:443
Requested by https://news18herald.com/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash 155f53ee6339ba8215c3513f7e89a646
1785d802da7b560dc8af49e5c17627ecc88285a0
859bbc3840ddbfac2cbabd04217077fcab6f31a0e24a9f7ff1a2ee6246ba5319
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 01:56:21 GMT
date: Sat, 04 May 2024 01:56:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000