firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 1b3053fa528e28810f8a2cc9284cc921
cca9eb471d941881a6b9a1793aecb6c281908f6a
a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-stale=0
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 27 Sep 2022 07:45:26 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: b1wAEKaIFbSKu30aQ03otFQSKQXH8d5ltxBEhLRGiHf1aByCJdyxzQ==
Age: 3225
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d2560f62890e75b8de444fed96c22f52
334ce0c48e606ee029f31eeb1463af87b1024bb9
4397e6b45b5822fbab9b83abe0b96ee70efba7cd2160b51936159865ede5fdb1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4397E6B45B5822FBAB9B83ABE0B96EE70EFBA7CD2160B51936159865EDE5FDB1"
Last-Modified: Sun, 25 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3225
Expires: Tue, 27 Sep 2022 09:32:56 GMT
Date: Tue, 27 Sep 2022 08:39:11 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
date: Mon, 26 Sep 2022 09:17:07 GMT
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: OF9gZV4TgUbtljVUirm7l_MOSdFKxt9cijmhyWWIZvpp-LqN2X_evA==
age: 84125
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:11 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 27 Sep 2022 08:10:46 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 27 Sep 2022 08:38:32 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XNljzkD0vULv7KQ4-TbG0K79wOWgwzQDWvvJ2vWNUvXKGLTotydb1Q==
Age: 1705
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c18823050f86339eaa73ddb1bf80d64c
ac4ee81f59f706cee8a74458d498bbc20d8d351a
9a505647517bd02d8ff994fd4ad98dc2f4b519916145b0c327691420c1084c46
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 56
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:11 GMT
Last-Modified: Tue, 27 Sep 2022 08:38:15 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.80.131.74101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.131.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QPmXnZa/qvJR2dozPFuzfg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7jyS2jvfNmQhLdRdaOgl9GTjBt0=
www.heraldonews.com/
85.25.74.22200 OK 33 kB IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8076)
Hash 5f781dd358d80966a125c99d4926052c
53ac1c56c21b7f074b991fa55aa3be87cc40c057
4ab3aa29d7b0ec90adf10f0957e88316cf3ad285c6fc67bc47231efaeb9d1fe8
GET / HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Vary: User-Agent,Accept-Encoding
Last-Modified: Tue, 27 Sep 2022 04:02:24 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Mon, 29 Oct 1923 20:30:00 GMT
Content-Length: 33339
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
www.heraldonews.com/wp-content/cache/wpfc-minified/6vmbgsgm/e80q1.css
85.25.74.22200 OK 168 B URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/6vmbgsgm/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
Hash 9ca21dd6c9de0103471f23d50ad0aebf
9a509d7d498d3fb149bbd407e6f3e111470dccaf
fd0f8626bc7274f9e8beed2bab4a74ea2a15b1610ed255acbeb385c04d52d865
GET /wp-content/cache/wpfc-minified/6vmbgsgm/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 168
Keep-Alive: timeout=5, max=99
Content-Type: text/css
www.heraldonews.com/wp-content/cache/wpfc-minified/6nzcd6b8/e80q1.css
85.25.74.22200 OK 12 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/6nzcd6b8/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (65518)
Hash a45fbce92d83f6c7bc6f63966d736f42
fa5afc446b42c319079fa4cd6bee08bf7bd60b4d
48ee4fd37a1f903810f2dd0304007e20af020f61f43c0d5f15b453310a60fe97
GET /wp-content/cache/wpfc-minified/6nzcd6b8/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 11648
Keep-Alive: timeout=5, max=98
Content-Type: text/css
www.heraldonews.com/wp-content/cache/wpfc-minified/fpb420zc/e80q1.css
85.25.74.22200 OK 800 B URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/fpb420zc/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
Hash 3e1279f2f42edd42804dc5fa5919edc9
ad1486657180021986964faa2f6e2e6e2015a41a
28f6a60ab7feedde7ab0d48994b10582b9a1e94773dfc92abca3ba9a0db59ad2
GET /wp-content/cache/wpfc-minified/fpb420zc/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 800
Keep-Alive: timeout=5, max=97
Content-Type: text/css
www.heraldonews.com/wp-content/cache/wpfc-minified/kabsnvw9/e80q1.css
85.25.74.22200 OK 5.5 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/kabsnvw9/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (39970), with no line terminators
Hash 9c6ea6b9e9178127bcc23b03de5bce62
f3bbc26810320621cba9dde1343e0122159f40e9
c899a7fadf746f5196eebb49384b66b7a99ff33fcea63652bdf6568aba206e1f
GET /wp-content/cache/wpfc-minified/kabsnvw9/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 5518
Keep-Alive: timeout=5, max=100
Content-Type: text/css
www.heraldonews.com/world/deutsch/das-neue-ipad-pro-2022-ist-die-freude-vielleicht-nicht-wert/&ct=ga&cd=CAEYACoTODk3MjIxMTI0MzY4Mzg3OTA4MjIZM2E2NTM0NmUzNjVhMTcyMTplczplczpFUw&usg=AOvVaw0M2ixxrLbeUBnGhL30IgcI
85.25.74.22301 Moved Permanently 7.0 kB URL HTTP/1.1 www.heraldonews.com/world/deutsch/das-neue-ipad-pro-2022-ist-die-freude-vielleicht-nicht-wert/&ct=ga&cd=CAEYACoTODk3MjIxMTI0MzY4Mzg3OTA4MjIZM2E2NTM0NmUzNjVhMTcyMTplczplczpFUw&usg=AOvVaw0M2ixxrLbeUBnGhL30IgcI
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (31113), with no line terminators
Hash e1da286c9931000aefc37915a44a6de0
44edff6e5b6abfa34116366bfe3a449c68c072c0
321d343326f68a7478a3f87c4cca8609de780e565c8ddeaa2219e112fa01fc46
GET /world/deutsch/das-neue-ipad-pro-2022-ist-die-freude-vielleicht-nicht-wert/&ct=ga&cd=CAEYACoTODk3MjIxMTI0MzY4Mzg3OTA4MjIZM2E2NTM0NmUzNjVhMTcyMTplczplczpFUw&usg=AOvVaw0M2ixxrLbeUBnGhL30IgcI HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 27 Sep 2022 08:39:10 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Location: https://www.heraldonews.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.heraldonews.com/wp-content/cache/wpfc-minified/eetirdz0/e80q1.css
85.25.74.22200 OK 1.4 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/eetirdz0/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (6427), with no line terminators
Hash 4be079e2488540a845db502dcae659a2
7f3eb074101a3d3c898be87bc333fe77d065dab2
938b5bbcf926187c4a903a9e12e304b1356aa0b1b4c52f3fbdcceda79f4d20d2
GET /wp-content/cache/wpfc-minified/eetirdz0/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 1352
Keep-Alive: timeout=5, max=100
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/themes/soledad/style.css
85.25.74.22200 OK 440 B URL HTTP/1.1 www.heraldonews.com/wp-content/themes/soledad/style.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with CRLF line terminators
Hash 6436cdbc3060d11595e5cec270a5f2c1
2473f7fb3bfe20dfee8bfa55565eae79a7777374
3c011c86b13c8a9c36435bf4daf953eb12e19995fa9c21bc8742fd373d0a1a5e
GET /wp-content/themes/soledad/style.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Wed, 22 Jun 2022 22:22:39 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 440
Keep-Alive: timeout=5, max=100
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 198e4e1c1f6a568a0a8a110b1462ebdf
e643e5929faa950898c3a230f887063231b9e61a
260feb00f71fc059f26851213cc90c0537319765c7acac2aef2870d9a3f41d3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "260FEB00F71FC059F26851213CC90C0537319765C7ACAC2AEF2870D9A3F41D3E"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20296
Expires: Tue, 27 Sep 2022 14:17:28 GMT
Date: Tue, 27 Sep 2022 08:39:12 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/cache/wpfc-minified/86qbthwo/e80q1.js
85.25.74.22200 OK 425 B URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/86qbthwo/e80q1.js
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
Hash 62fa104e822f5e2ad7c955642ca5c084
cd4aeee0326fe81b4be85adfe8021afe37936936
30984006ecaab4b9d175f3006dc96940a851f5224fbf80007d7a7f7bdc620cbe
GET /wp-content/cache/wpfc-minified/86qbthwo/e80q1.js HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 425
Keep-Alive: timeout=5, max=99
Content-Type: application/javascript
www.heraldonews.com/wp-content/cache/wpfc-minified/102tnrw1/e80q1.js
85.25.74.22200 OK 31 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/102tnrw1/e80q1.js
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (64436)
Hash 4fc70ab3dc0b60c7429a776eed82a084
c8b9d65d29cada99df469a36fdde622cd7540bbc
6c8afd8e0e01fe33d6b9120fc432d82d8c649bb5c96e01665c53dda93b6c0265
GET /wp-content/cache/wpfc-minified/102tnrw1/e80q1.js HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 31220
Keep-Alive: timeout=5, max=96
Content-Type: application/javascript
www.heraldonews.com/wp-content/cache/wpfc-minified/eebapndt/e80q1.js
85.25.74.22200 OK 11 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/eebapndt/e80q1.js
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
Hash bbcdb77342380dda317b336bd33d9d08
80f632edbd48df49e24184e90c0b555e809d8e22
3920e39f64cf500498fd5d7b407fbb46fac1c508716162236fa937662d38cb52
GET /wp-content/cache/wpfc-minified/eebapndt/e80q1.js HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 11027
Keep-Alive: timeout=5, max=99
Content-Type: application/javascript
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0fae3e00e78eb9312afacf71b8158a7e
3b764db4d7becbf113c7894e9536e968fedcea75
8115ae2ae5f1e7dbc1317aa7336dc2c8068f03a015de4ca6c9fee01544463010
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8115AE2AE5F1E7DBC1317AA7336DC2C8068F03A015DE4CA6C9FEE01544463010"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11486
Expires: Tue, 27 Sep 2022 11:50:38 GMT
Date: Tue, 27 Sep 2022 08:39:12 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=UA-232862433-1
142.250.74.72200 OK 42 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-232862433-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1720)
Hash 947baf4de4ebf9b9689c0714e729a8ca
74c2ad7d11e5a6bc8b440d3556d94aa23712faf6
938c384b83c43c0e366db8166af89d86e7b7ed73b02354117e72c32112eec059
GET /gtag/js?id=UA-232862433-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 27 Sep 2022 08:39:12 GMT
expires: Tue, 27 Sep 2022 08:39:12 GMT
cache-control: private, max-age=900
last-modified: Tue, 27 Sep 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42225
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.heraldonews.com/wp-content/cache/wpfc-minified/kqclidtk/e80q1.js
85.25.74.22200 OK 49 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/kqclidtk/e80q1.js
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (19956)
Hash 85d99efed89a38f14151e97119c35a44
b4abcdc4e696777d61ed02c0594ddd6fa49425e8
954d11f78d922d23e926c6a2bd8a893d89b539e7e036bb4f6c3ec4a2569f93e1
GET /wp-content/cache/wpfc-minified/kqclidtk/e80q1.js HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 49013
Keep-Alive: timeout=5, max=99
Content-Type: application/javascript
www.heraldonews.com/wp-content/cache/wpfc-minified/kmcyf8hh/e80q1.css
85.25.74.22200 OK 121 kB URL HTTP/1.1 www.heraldonews.com/wp-content/cache/wpfc-minified/kmcyf8hh/e80q1.css
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
Size 121 kB (121400 bytes)
Hash 01ecc5d2468fbd0df8a0bf40629e48bf
eb438a8b6ecfe782a8f1f99dafb3727a72432422
c7db50d7c861cd5c284ebf4356d0cc057049ad9e723a5ac0dd3c36ee29e396b0
GET /wp-content/cache/wpfc-minified/kmcyf8hh/e80q1.css HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 10 Sep 2022 07:50:09 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bfc8c650e23854f708a3dd54fca4393f
b54c061cf5a5306a68112d403471914e839a68c8
84b8c36947944ea94b27e053f2abb944e6951157e256991f8b1523b9cacfe362
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/uploads/2022/06/HN-LOGO.png
85.25.74.22200 OK 27 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/06/HN-LOGO.png
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type PNG image data, 1841 x 376, 8-bit/color RGBA, non-interlaced\012- data
Hash d20746dbea15389c0193fc77d7fd5072
de127197956327cf39e5e1a3a1ad1910c4c5d732
185aa0eaac5ecab033379cf9f38cf8efa2376742a013ddbaf3fbdff880696109
GET /wp-content/uploads/2022/06/HN-LOGO.png HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:12 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Thu, 23 Jun 2022 08:18:42 GMT
Accept-Ranges: bytes
Content-Length: 26780
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash c939f97c8bcbfea356e92036803714bc
608c795e7c4fb943a4db49a4e4533c41ea717023
b05b38c78c15c259720bfc6783ac65ab60ceb1e6037b45b08113f183554f08cb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4538701cf9bc34d908f50370beb922f4
df141b9c3ec626ecaba7c1899073a48b811c4113
61497b93eb237687a8fff5845a7a81aff2f2f53dc56f2d0818bfb98dd1256d6f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
85.25.74.22200 OK 77 kB URL HTTP/1.1 www.heraldonews.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
GET /wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://www.heraldonews.com/wp-content/cache/wpfc-minified/qvjgtp20/e80q1.css
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Wed, 22 Jun 2022 22:22:42 GMT
Accept-Ranges: bytes
Content-Length: 77160
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Type: application/font-woff2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.163200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heraldonews.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:30:59 GMT
expires: Thu, 21 Sep 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 479294
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.163200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heraldonews.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:32:09 GMT
expires: Thu, 21 Sep 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 479224
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/themes/soledad/fonts/penciicon.ttf
85.25.74.22200 OK 20 kB URL HTTP/1.1 www.heraldonews.com/wp-content/themes/soledad/fonts/penciicon.ttf
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt\012- data
Hash 6c3af26948683d25dec13518b3fb2d85
4cb91ade518aced2af15ab369de4993dd90d85b0
512c7aceca17731b78bb38cdcebe088bd278baaec61db62ed2ace3cd4727f48e
GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/wp-content/cache/wpfc-minified/eetirdz0/e80q1.css
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Wed, 22 Jun 2022 22:22:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 20423
Keep-Alive: timeout=5, max=97
Content-Type: x-font/ttf
fonts.gstatic.com/s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2
142.250.74.163200 OK 34 kB URL HTTP/2 fonts.gstatic.com/s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 33580, version 1.0\012- data
Hash 848cd2ecd011428969dc6b90431bc482
6b1a7b562a56bd54510e0f6f95e26babca331a1b
981307dcbbd348f6fb4e3eab184077392f9ee15097ea868f630debefad9044e9
GET /s/rubik/v21/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heraldonews.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:08:19 GMT
expires: Tue, 26 Sep 2023 21:08:19 GMT
cache-control: public, max-age=31536000
age: 41454
last-modified: Mon, 18 Jul 2022 19:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 737756d717fd215d94458a21028ae486
ee3c3097bcb2ff3f5482b0dc6056b1549afa8f1f
8e705bae2060960e1b2f79c42ebc445d52f307aeac41b34d3a1789879e51b85a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heraldonews.com/wp-content/uploads/2022/06/hn_2.png
85.25.74.22200 OK 6.1 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/06/hn_2.png
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type PNG image data, 453 x 316, 8-bit/color RGBA, non-interlaced\012- data
Hash 104713bb072bb1cb36d04630e3779591
f54a90780afbad80bacb57809410536edca94244
c3df1755afde43bff217bd867845f415f3f87d9c90738c2741b6643f59664f93
GET /wp-content/uploads/2022/06/hn_2.png HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Fri, 24 Jun 2022 21:20:35 GMT
Accept-Ranges: bytes
Content-Length: 6106
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/png
www.youtube.com/iframe_api
216.58.207.238200 OK 957 B URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.207.238:0
File type ASCII text, with very long lines (509)
Hash de3b46c845e1e1313329144fc2589f39
49550385c13f9a98d815216bddc4cb81eb35d501
8970626950a827bc5b3f6f6de58bcd20769369d19a7f9b73b7cb6eb82d56033d
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 27 Sep 2022 08:39:12 GMT
date: Tue, 27 Sep 2022 08:39:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=JfPiKyvXeXI; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=iJfG4wvwYdc; Domain=.youtube.com; Expires=Sun, 26-Mar-2023 08:39:12 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+066; expires=Thu, 26-Sep-2024 08:39:12 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.heraldonews.com/wp-content/uploads/2022/09/bf575beb-9d23-429e-8b5a-2b7a8e331c0f_16-9-aspect-ratio_default_0-585x390.jpg
85.25.74.22200 OK 23 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/bf575beb-9d23-429e-8b5a-2b7a8e331c0f_16-9-aspect-ratio_default_0-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash 35c7bf700b825a00f8ba1e3c01a131e6
59700223367c63ea0b6d0a47cf14c825c7e24476
b2bd66cb98bc8d07396af9e77122e65363004cbd79eed4c50fab6247aadcd38f
GET /wp-content/uploads/2022/09/bf575beb-9d23-429e-8b5a-2b7a8e331c0f_16-9-aspect-ratio_default_0-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 03:06:31 GMT
Accept-Ranges: bytes
Content-Length: 22973
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/cc9e2c0e-2f7d-4870-8c64-2ae190254c45_16-9-aspect-ratio_default_0-585x390.jpg
85.25.74.22200 OK 47 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/cc9e2c0e-2f7d-4870-8c64-2ae190254c45_16-9-aspect-ratio_default_0-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type gzip compressed data, max speed, from Unix\012- data
Hash 556c5ebb6ca9c42c26a8c8e57c505da6
14fdaac7fda4db257fa31ec5fa17f0ede79097bc
40830e11dc4c889f5619a33cb8c820d13ecc3a9652dd692e215eedaf9a23bf6c
GET /wp-content/uploads/2022/09/cc9e2c0e-2f7d-4870-8c64-2ae190254c45_16-9-aspect-ratio_default_0-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 03:01:05 GMT
Accept-Ranges: bytes
Content-Length: 41329
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Type: image/jpeg
dibsemey.com/zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 dibsemey.com/zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash fa972f42d39cc5898ac13e6a6d5c992a
b3a1e9885140911259490e48d0b4f87aa4c68849
e4b836d71b7cfe2095d620aba850af6dfa0d395a236e8b583f99fda328836c5d
GET /zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3= HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: 0c1931d651014e1ad0771f4519cba2c8
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.heraldonews.com/wp-content/uploads/2022/09/6e4e6cac-0b4b-42a6-907b-5c5713ea71e8_16-9-aspect-ratio_default_0-780x495.jpg
85.25.74.22200 OK 42 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/6e4e6cac-0b4b-42a6-907b-5c5713ea71e8_16-9-aspect-ratio_default_0-780x495.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 780x495, components 3\012- data
Hash c4814ad7345d9f4e90b5a4e53fe77bda
a068efe15d5eccf9779ec7da1a5ed860fc71ae02
9f1198350b8f7515504d163647f804b886ca15cf91b4b5061f28fa40c48a2c90
GET /wp-content/uploads/2022/09/6e4e6cac-0b4b-42a6-907b-5c5713ea71e8_16-9-aspect-ratio_default_0-780x495.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 03:01:59 GMT
Accept-Ranges: bytes
Content-Length: 42470
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/2794a358-805c-412e-938c-467fee6536af_16-9-aspect-ratio_default_0-585x390.jpg
85.25.74.22200 OK 41 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/2794a358-805c-412e-938c-467fee6536af_16-9-aspect-ratio_default_0-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash ec9f12228a2e9e0bc51d1518a0aeba74
be50446667284dcebf4db843efca5735ee695f37
a8883bc7a48a77565f9f2cb912b38a89d19da12c8fae657131770879cd544841
GET /wp-content/uploads/2022/09/2794a358-805c-412e-938c-467fee6536af_16-9-aspect-ratio_default_0-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 03:01:23 GMT
Accept-Ranges: bytes
Content-Length: 40952
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-198-585x390.jpeg
85.25.74.22200 OK 40 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-198-585x390.jpeg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash de133149c0bab5fbd59b0bd392a367a5
efcb5461b7de92a56f6f62cf483992733d7f33d1
bbdb64c155d86d15bb2e99a322a970d821de3f847bf077c2c0797743cf3d8e09
GET /wp-content/uploads/2022/09/unnamed-file-198-585x390.jpeg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 07:54:55 GMT
Accept-Ranges: bytes
Content-Length: 39527
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-494-585x390.jpg
85.25.74.22200 OK 39 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-494-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash 2e355d646eda361de1a3d50dd7185299
d0d1c5954febf711f8964a8a44636f0ebaabf834
bb4930f088cfb90ad0e1976dbac9159fb9de8954cf885879376564e26f3f75cb
GET /wp-content/uploads/2022/09/unnamed-file-494-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 07:54:38 GMT
Accept-Ranges: bytes
Content-Length: 39372
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-460-585x390.jpg
85.25.74.22200 OK 28 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-460-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash 55b1d7d7a0b8db6d5d0124a0d885cc32
dd7caeba467395f5fa9c967e3269e2ee26efbd34
c091e3a66521d4b0dc8c6725ae56557a4df22bb3704fdc5206bf268baa8e8075
GET /wp-content/uploads/2022/09/unnamed-file-460-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 07:54:20 GMT
Accept-Ranges: bytes
Content-Length: 28288
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-513-585x390.jpg
85.25.74.22200 OK 15 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/unnamed-file-513-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash bf8f71c19e089808400f56331335b8e8
afb59f0e14e27b18f8bae3aa0349d21b187e49fc
667c73549adaa4c154067b81e8f9a503278f279e4d95a935ad3159fedb3df14c
GET /wp-content/uploads/2022/09/unnamed-file-513-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 07:55:13 GMT
Accept-Ranges: bytes
Content-Length: 15419
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=94
Content-Type: image/jpeg
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5786597119941231
172.217.21.162200 OK 52 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5786597119941231
IP 172.217.21.162:0
File type ASCII text, with very long lines (5047)
Hash b9e99160ee260df85572b4ea6cb55da2
5c60137dcfb32e8a87d325cead63722640ff0a5a
1e57f439687a5fa37eaa8a7e5995af4df52541d129f379bfd36418c45b87d122
GET /pagead/js/adsbygoogle.js?client=ca-pub-5786597119941231 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Tue, 27 Sep 2022 08:39:13 GMT
expires: Tue, 27 Sep 2022 08:39:13 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10161432548854869576
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 51927
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.heraldonews.com/wp-content/uploads/2022/09/4KK5HGKVMJCO7AG3XWDCQ6JIY4-1-585x390.jpg
85.25.74.22200 OK 49 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/4KK5HGKVMJCO7AG3XWDCQ6JIY4-1-585x390.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 585x390, components 3\012- data
Hash 69003b0146f386326a488a297aa726a7
4852835a7b8ab9877c6e0c12a3fbf551a69e46c5
9a8600de9e3e70b9a520e59ee445985947dbe85e31ce7a6eb6273bf7455ea62c
GET /wp-content/uploads/2022/09/4KK5HGKVMJCO7AG3XWDCQ6JIY4-1-585x390.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Tue, 27 Sep 2022 07:43:09 GMT
Accept-Ranges: bytes
Content-Length: 48598
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/Feijoo-propone-bajar-del-10-al-4-el-IVA-de-la-carne-el-pescado-el-aceite-la-pasta-y-las-conservas-1-263x175.jpg
85.25.74.22200 OK 9.0 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/Feijoo-propone-bajar-del-10-al-4-el-IVA-de-la-carne-el-pescado-el-aceite-la-pasta-y-las-conservas-1-263x175.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 263x175, components 3\012- data
Hash eab9c5ab2cf06e9f7bf16ee199ee492b
1de47d1b2d529a20f187aef5dccf323399f29b8b
f16dcb5b64a97ad7da991210daa45a859ab162cad6a926969971d2bc006d44e2
GET /wp-content/uploads/2022/09/Feijoo-propone-bajar-del-10-al-4-el-IVA-de-la-carne-el-pescado-el-aceite-la-pasta-y-las-conservas-1-263x175.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Mon, 26 Sep 2022 11:33:09 GMT
Accept-Ranges: bytes
Content-Length: 9044
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=94
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/Ultima-hora-de-las-elecciones-en-directo-Salvini-Italia-tiene-cinco-anos-de-estabilidad-por-delante-1-263x175.jpg
85.25.74.22200 OK 13 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/Ultima-hora-de-las-elecciones-en-directo-Salvini-Italia-tiene-cinco-anos-de-estabilidad-por-delante-1-263x175.jpg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 263x175, components 3\012- data
Hash 0bffdf8e2a83a39b2b9109005b9b9931
55289f26b734adb06443b970c3f7452179bac11c
e8084935940f636ae1559e9fb874e0ef0e122af78bc90b68fd5cf1e665c53f86
GET /wp-content/uploads/2022/09/Ultima-hora-de-las-elecciones-en-directo-Salvini-Italia-tiene-cinco-anos-de-estabilidad-por-delante-1-263x175.jpg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Mon, 26 Sep 2022 11:32:08 GMT
Accept-Ranges: bytes
Content-Length: 12603
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=95
Content-Type: image/jpeg
www.heraldonews.com/wp-content/uploads/2022/09/Asi-sera-la-reapertura-de-la-frontera-entre-Colombia-y-Venezuela-este-lunes-263x175.jpeg
85.25.74.22200 OK 13 kB URL HTTP/1.1 www.heraldonews.com/wp-content/uploads/2022/09/Asi-sera-la-reapertura-de-la-frontera-entre-Colombia-y-Venezuela-este-lunes-263x175.jpeg
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 263x175, components 3\012- data
Hash 074fac637ad0c74bef35fbb7c7eda07b
5e62e1f36d7fe4f115b8d2cc331eb9c7521522d4
7562b2154b03cd08d49a5012d35aab9a36aa97ff6a45f081d65e30dc11e7e675
GET /wp-content/uploads/2022/09/Asi-sera-la-reapertura-de-la-frontera-entre-Colombia-y-Venezuela-este-lunes-263x175.jpeg HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Mon, 26 Sep 2022 11:35:02 GMT
Accept-Ranges: bytes
Content-Length: 13240
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/jpeg
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1443a3c7918eed8a3a735d37f26be7d4
6f76c5591acc0050d7a413d6e4f1756742102396
3fd8251638bb83e6a6dcefee48b0cb1f4c2ed42970028f2b0f53ac7c56894066
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3FD8251638BB83E6A6DCEFEE48B0CB1F4C2ED42970028F2B0F53AC7C56894066"
Last-Modified: Sun, 25 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4292
Expires: Tue, 27 Sep 2022 09:50:45 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 87bbbd17b7e3672de6c4f4603c33eea6
5b9fb3884f19e50848bfcb3c48bd78e5aac3e1c9
36129d85326736c50e24579f2d114433ebc04f86644912ea9dc2f4a772db0c7d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36129D85326736C50E24579F2D114433EBC04F86644912EA9DC2F4A772DB0C7D"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7795
Expires: Tue, 27 Sep 2022 10:49:08 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b02c0c94200033af34cda15ebbbb1d52
52e6a79df678c5d1a8288fb63fd6ac86107b30b9
52b73249d787244356d8fadc4ee2c73acfaa25ec2586b3cd5f00dba23148f94b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52B73249D787244356D8FADC4EE2C73ACFAA25EC2586B3CD5F00DBA23148F94B"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2071
Expires: Tue, 27 Sep 2022 09:13:44 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 002d49bafbcc428a44fe523322ad9e05
b39aad0d1e941121f28af8f9b6d76f19216800d5
59a10c7762be219b689cd518aea4d034aa725c6a632b7f866989dcf984b5e007
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 0869109d63ef5270595fb34384023a90
f2ec69fdaca2a0327cd3599ac05d0051df3dee41
c4a67afda7094519228049f837e2e0c1674148bd2e564ae2dccc3458bbdb9ed4
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 06:25:19 GMT
Expires: Mon, 03 Oct 2022 06:25:18 GMT
Etag: "f2ec69fdaca2a0327cd3599ac05d0051df3dee41"
Cache-Control: max-age=509764,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7512ed74d8cd1c12-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2937
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
pseepsie.com/pfe/current/tag.min.js?z=5355918
139.45.197.250200 OK 6.5 kB URL HTTP/2 pseepsie.com/pfe/current/tag.min.js?z=5355918
IP 139.45.197.250:0
Hash 268508b410f6b07fe4f71cd9d04fd3a2
f3ec17f252de9769e25db2f1f6354d34c1208c71
6ec7f0ce113d42143791121c1ab4096f6dfb14f6ecdc9f5e344b7d5921589ecf
GET /pfe/current/tag.min.js?z=5355918 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-39be"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2937
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2937
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 639785692dc29802e484e1e1d0ec86c4
cf81784351ce6302f540f491f893b44496809677
0e47d6e33fe9f6e588d308b62fa059c960a000c56651713e30baf6cd09b7de41
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E47D6E33FE9F6E588D308B62FA059C960A000C56651713E30BAF6CD09B7DE41"
Last-Modified: Sun, 25 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2937
Expires: Tue, 27 Sep 2022 09:28:10 GMT
Date: Tue, 27 Sep 2022 08:39:13 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa70ece15044b7318cb11ae5e37a64e7
04a0665f771562c3e56ac3542abe5bd3c4c1a6b5
8c974283b2ba0058114404af3e4818daa8cc56f270cb8a46f5f2f54de9d2f0e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F14ab4d12-a7de-4708-a657-df4600198640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8255
x-amzn-requestid: 3bf29c4a-406a-4645-ad18-44cd6f05d457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4VnFEV-IAMFQMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632ccfc6-3eaa337d1e1c1b6d5e951419;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:12:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: X-6P09-hgjmDFe4Y7P1KnXtJAuvJNen8XsBVIexf521SOxMivJ4t7A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 17:53:33 GMT
age: 53140
etag: "04a0665f771562c3e56ac3542abe5bd3c4c1a6b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 91d97447a6a35813e57d942f685544c4
3b660de9902fbfcf2efb477f40480b08545ebc5f
08c1ea19c4918273da12c9a2e962edf4463c486a30f60c8a279a45e5edcf972a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff092f2d0-abd6-40d2-ad33-9fb0ded1ec0a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11881
x-amzn-requestid: 584a2270-56ef-4f46-8ab2-dc0e519b5f45
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YshLfEfoIAMFX9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6328157c-12f8e8e31318d2da70796520;Sampled=0
x-amzn-remapped-date: Mon, 19 Sep 2022 07:08:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bDpP2pZgrMz5bH_vy76SvyPojDGhPIHfOtv2i4dfHCs1GUuSZVC87w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 22:33:24 GMT
age: 36349
etag: "3b660de9902fbfcf2efb477f40480b08545ebc5f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbde62996-d83a-4f97-a8ad-f7719aff0bff.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbde62996-d83a-4f97-a8ad-f7719aff0bff.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ff2dbdbf6d450f0d9774777b3c5aa6e
2f7876bd0e4b52aa04ccf1c2a45359156eaefb97
4c2184b8150834adf1e9ec807f3175b6fcd574920a98c857db2cfb01b78da2fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbde62996-d83a-4f97-a8ad-f7719aff0bff.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7701
x-amzn-requestid: 63bfd7b5-f18e-4396-99a8-fb24dee1ee0c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGCmmGswoAMF2zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324af6-04fa1b18525182b7213f844c;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 00:59:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DiTKUZCtnzzWsLnaX07RzIFfcP2_SiKqzETIMe3RoXWnQOBaB8BhmQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:05:14 GMT
age: 27239
etag: "2f7876bd0e4b52aa04ccf1c2a45359156eaefb97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 56c3768b851e6a5206cbfbe3f5a97cae
2a2fabd9f9792daf9c058fc754d5616267b703f1
668dba22a0c81c4580637806c293521b176512b18ebcc2fe951be2f27f43134d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F334b6513-7266-4f03-aae2-328c1b58a30e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10864
x-amzn-requestid: 104fb4b4-d1cc-47ee-9cc2-9b61e235d43f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4e41GJUoAMFs6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cde9e-55cda4c12c907e8d74ec9730;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 22:15:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: W7NFcpiPV1dBHdWeQnhlOwWtNQ6-opRHWo6U49ECaRYDjyRNbVx9KQ==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 07:52:35 GMT
age: 2798
etag: "2a2fabd9f9792daf9c058fc754d5616267b703f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=98e6342cc10e42e19c2b8443e729e25e
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=98e6342cc10e42e19c2b8443e729e25e
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash f9e77b02efac9176673dfd711d9582be
d5c8a3eecf5613b4541efdf9e05b4ae16276a4dd
e831f9b9b9ee5eb2c47dcfab48f928b8bede6ca59e6df114d09277173a28d2df
GET /gid.js?userId=98e6342cc10e42e19c2b8443e729e25e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14218a43c5e5bbce546735a780c8ccce
61676358cdbb2373bc644e66f8a84fbc8cc5daf6
905b1c30a2273aef69904f2eb1451c756fc1fdba02e86ea5c957629dd056aeda
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F658e1cdd-3e54-47dd-9724-ec65659721ea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6390
x-amzn-requestid: b2681ff8-ab83-41e6-adef-3e6772c93c3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZGFJ6Gc_oAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63324f0c-3dbf9f4e2047567b5abdbe74;Sampled=0
x-amzn-remapped-date: Tue, 27 Sep 2022 01:17:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8JXEBo_L_xKuKdeoOXEJ6FO7ZVsZVQzUmQFe7fYcxaHRQNEq1HWp6w==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 27 Sep 2022 01:37:50 GMT
age: 25283
etag: "61676358cdbb2373bc644e66f8a84fbc8cc5daf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 46e31aa06b8e86a9a5f9ba1cc3feca08
75df3341e30281fcbf78c7074980356fdf0be8e2
d1fd4f81b7e0f43de960f0ee024d9e87bcb395f032a4ab0360e3829d1ec8a42b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63a7aeb3-999a-4e57-9255-c40e0376d08e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5319
x-amzn-requestid: 74191b02-ebea-48bd-8522-f05bf8080f31
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZFlOKFtsIAMFyGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63321bf4-1f2daa9d7906bf9812e10953;Sampled=0
x-amzn-remapped-date: Mon, 26 Sep 2022 21:39:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Y0gjPs-l9_JD9F-LSH_i1uL2Nz0UcWCG-9PmDmRH8cN_cNAeSchJTA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 26 Sep 2022 21:39:00 GMT
etag: "75df3341e30281fcbf78c7074980356fdf0be8e2"
content-type: image/jpeg
age: 39613
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20220922/r20190131/zrt_lookup.html
216.58.211.2200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220922/r20190131/zrt_lookup.html
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 682bf699cccbc0ff817e1fcb7b95262a
11ad3edf0008f52b733c2d6d7199e1f052318d58
bd42f773d589f85cf6884d7893746d5d4e0c082f78e1c80511cf3aefa1c69a0f
GET /pagead/html/r20220922/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4420
x-xss-protection: 0
date: Mon, 26 Sep 2022 21:34:34 GMT
expires: Mon, 10 Oct 2022 21:34:34 GMT
cache-control: public, max-age=1209600
age: 39879
etag: 9671129459699598864
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pseepsie.com/zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3=
139.45.197.250200 OK 664 B URL HTTP/2 pseepsie.com/zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (663)
Hash fa972f42d39cc5898ac13e6a6d5c992a
b3a1e9885140911259490e48d0b4f87aa4c68849
e4b836d71b7cfe2095d620aba850af6dfa0d395a236e8b583f99fda328836c5d
GET /zone?pub=0&zone_id=5355918&is_mobile=false&domain=www.heraldonews.com&var=&ymid=&var_3= HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/json; charset=utf-8
content-length: 664
x-trace-id: a80fec9e062867715cd9dd35e9ba3249
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/42/38?z=5355915
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=5355915
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /42/38?z=5355915 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Cookie: scm=1; OAID=ccd759ea267b44bbaf94c563497b370c; oaidts=1664267953
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 60eb28a0c3e7af33ac44fc5f651c5666
access-control-expose-headers: X-Sc
set-cookie: OAID=ccd759ea267b44bbaf94c563497b370c; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
oaidts=1664267953; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 12 kB IP 172.67.194.45:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Hash c0878ba8f298403c13d587eadd4879fe
19d4c4d687404e49627e5caeab50a65a0762634d
bab3c4fd78e3677002928f921b2be5f75955d65a8dbd6dfa5a02b9af32b834d8
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2984
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M9jH2PmLumHQMUEbdFaP9efCtPfm0bIQdn1omsDBfZRxCwlLkpyZ3NUCLlxv4AtIW0JW3MCEGr3lE3avzt%2Fe9RTOr8R%2BINtz6EJXKJb3aTojY9Zoe7iRMRaOOL2JEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7512ed7639b3fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8cd97aaf3e95e1e9bbdf8b739727d7cd
858cf438048356fc972c737cc84e1439c18dec5e
18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8cd97aaf3e95e1e9bbdf8b739727d7cd
858cf438048356fc972c737cc84e1439c18dec5e
18e601b130747b5b70afa4a4614e9b7d8c7f3df5cd72725e1488c5b411a452e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=www.heraldonews.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=www.heraldonews.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.heraldonews.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 27 Sep 2022 08:39:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.heraldonews.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 27 Sep 2022 08:39:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 95f95fee6e94fb192e7c06459e3e3f8e
025638b85afcc833cd592c98cc941dd011d2526f
dbc8654990b37741f8e393d069054ae68d584c2496421892e814e7a8c45467fd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tovanillitechan.com/1?z=5355915
139.45.197.239200 OK 3.5 kB URL HTTP/2 tovanillitechan.com/1?z=5355915
IP 139.45.197.239:0
File type ASCII text, with very long lines (7767)
Hash 39a3cf76d7b3e22ab0516e44240e3e70
3910daed4bf26de106ec246bd40f98e5fc6cee7e
97659cd92d8a0def72c31cc5c8acf8b0b1eaa61774909b5e688a9e1e0f780b58
GET /1?z=5355915 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 4b0bbee976b6da747fc66b0548a6bcf9
access-control-expose-headers: X-Sc
x-sc: p8_DP50iVeR6WccFZjn-QMfhqfMwebEBn3nBBNcv8HBY2pnlZLDYT_Jd9b4MAuDriwvBJGRTID9XbxDp_5YVBrSkN9c=
set-cookie: scm=1; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
OAID=ccd759ea267b44bbaf94c563497b370c; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
oaidts=1664267953; expires=Wed, 27 Sep 2023 08:39:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 008bb0f15929580c49beb48408615d01
a28e34ab71eea646efaf0a505a3bd07671bd6012
f612ef9519f2b8baad9918a77a873fb28c691518df1504fb32a47af79b8f7e18
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 26 Sep 2022 00:52:20 GMT
Expires: Mon, 03 Oct 2022 00:52:19 GMT
Etag: "a28e34ab71eea646efaf0a505a3bd07671bd6012"
Cache-Control: max-age=489784,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7512ed79ee691c12-OSL
dozubatan.com/500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heraldonews.com
Content-Length: 1515
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 27 Sep 2022 08:39:32 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heraldonews.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
www.heraldonews.com/sw.js
85.25.74.22200 OK 2.4 kB URL HTTP/1.1 www.heraldonews.com/sw.js
IP 85.25.74.22:0
ASN #8972 Host Europe GmbH
File type ASCII text, with very long lines (5235)
Hash 3947b93f79e5edf959ec07029e02cb0d
683a8474a030aae231ebe9d6a31483a18732983c
7e4d828aa7714325faabb0b2247e421d1f9e39a0f0336e2da61f95b40d4030e5
GET /sw.js HTTP/1.1
Host: www.heraldonews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Cookie: __gads=ID=079a1615abb5d8bb-22d2be712fce003a:T=1664267953:RT=1664267953:S=ALNI_Matpg386gj47Ff5sGvpbBR4pQEYng; prefetchAd_5355919=true; _ga_D7N32RCTS7=GS1.1.1664267952.1.0.1664267952.0.0.0; _ga=GA1.1.579692095.1664267952
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Tue, 27 Sep 2022 08:39:14 GMT
Server: Apache
Content-Security-Policy: upgrade-insecure-requests
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Last-Modified: Sat, 03 Sep 2022 08:53:43 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10368000
Expires: max-age=A10368000, public
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Content-Length: 2380
Keep-Alive: timeout=5, max=94
Content-Type: application/javascript
dibsemey.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
OPTIONS /custom HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
dibsemey.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Origin: https://www.heraldonews.com
Content-Length: 375
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8e864007e6305855494bbc2b7404678d
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
tovanillitechan.com/9?z=5355915&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.heraldonews.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=98e6342cc10e42e19c2b8443e729e25e
139.45.197.239200 OK 2.7 kB URL HTTP/2 tovanillitechan.com/9?z=5355915&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.heraldonews.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=98e6342cc10e42e19c2b8443e729e25e
IP 139.45.197.239:0
File type JSON data\012- , ASCII text, with very long lines (6423), with no line terminators
Hash c47cbb5a3eca3a15c1444eb55253448d
4607d840b7fdb4594ec55bb14233c5c321c82330
39dd12e21f1e1ab0e681b16637fb7248a948803470207822ae93499ec8ae22d3
POST /9?z=5355915&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.heraldonews.com%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=98e6342cc10e42e19c2b8443e729e25e HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Content-Length: 273
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: scm=1; OAID=ccd759ea267b44bbaf94c563497b370c; oaidts=1664267953
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 13eef828ec73e73d148589827e9f7178
access-control-expose-headers: X-Sc
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:14 GMT; secure; SameSite=None
oaidts=1664267953; expires=Wed, 27 Sep 2023 08:39:14 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d5e41047464169794ef5adbb3b72a686
f758bd6475f218b2e9c8177e124e873e5ba82e1a
418d7041cef79064c8a712b184b7251ba94428dac6de40e5abc5152cb8d07b09
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "418D7041CEF79064C8A712B184B7251BA94428DAC6DE40E5ABC5152CB8D07B09"
Last-Modified: Mon, 26 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1094
Expires: Tue, 27 Sep 2022 08:57:28 GMT
Date: Tue, 27 Sep 2022 08:39:14 GMT
Connection: keep-alive
offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
104.22.32.172200 OK 76 kB URL HTTP/2 offerimage.com/www/images/a563edd673308b2cd8cc1ec9c0543417.png
IP 104.22.32.172:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash a563edd673308b2cd8cc1ec9c0543417
bff09cb9d8c3dadb244db8d24b6f58b8dfab6469
bbd22caad95af25c9ccf019fe7499c74743b7ef4eaceeffe0781c3f64f054b0c
GET /www/images/a563edd673308b2cd8cc1ec9c0543417.png HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: image/png
content-length: 76281
last-modified: Tue, 07 Jun 2022 21:58:32 GMT
etag: "629fca08-129f9"
expires: Tue, 27 Sep 2022 22:10:39 GMT
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-max-age: 86400
timing-allow-origin: *
cf-cache-status: HIT
age: 37715
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7512ed7bd9b298f7-ARN
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/ce/99/a6/01265fa9e5c31dada900870d7f/01310893827865.jpeg
139.45.197.153200 OK 25 kB URL HTTP/2 interstitial-07.com/contents/s/ce/99/a6/01265fa9e5c31dada900870d7f/01310893827865.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash ce99a601265fa9e5c31dada900870d7f
ab71f9a154eb4483874800d024a3627c5fd0d01f
833bfae4c3e0710f7913efe21caf2a641d55b54cdd0dbe77e4b6faed2a80548c
GET /contents/s/ce/99/a6/01265fa9e5c31dada900870d7f/01310893827865.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3905926979%26z%3D5355915%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dg3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D7be8573c-9227-496d-b566-e6075c0a9bd1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.heraldonews.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: image/jpeg
content-length: 24908
last-modified: Mon, 06 Jun 2022 13:58:07 GMT
etag: "629e07ef-614c"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb82e48b44032641b378d3f5a76b802c
fe190266fba048f25f01ad0fcfce4878bc6b3437
e2152a24b4c23c3d9a7f82466e34e4959c3acea55228e9993e67f4ec8220c4d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E2152A24B4C23C3D9A7F82466E34E4959C3ACEA55228E9993E67F4EC8220C4D0"
Last-Modified: Mon, 26 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4479
Expires: Tue, 27 Sep 2022 09:53:53 GMT
Date: Tue, 27 Sep 2022 08:39:14 GMT
Connection: keep-alive
interstitial-07.com/contents/s/4a/99/77/2107149f60d6eff18b9d5b53e0/01198882198633.jpeg
139.45.197.153200 OK 54 kB URL HTTP/2 interstitial-07.com/contents/s/4a/99/77/2107149f60d6eff18b9d5b53e0/01198882198633.jpeg
IP 139.45.197.153:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 4a99772107149f60d6eff18b9d5b53e0
5beb10695e9d76e04c95239a1d70095dc2fe17f7
3eaa5fa0a60738c49226982a0fe9f1ddd270f3383a6c7731816e18da4b0845bc
GET /contents/s/4a/99/77/2107149f60d6eff18b9d5b53e0/01198882198633.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3905926979%26z%3D5355915%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dg3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D7be8573c-9227-496d-b566-e6075c0a9bd1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.heraldonews.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: image/jpeg
content-length: 53466
last-modified: Tue, 10 May 2022 17:34:16 GMT
etag: "627aa218-d0da"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3905926979%26z%3D5355915%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dg3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D7be8573c-9227-496d-b566-e6075c0a9bd1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.heraldonews.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.153200 OK 5.1 kB URL HTTP/2 interstitial-07.com/?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3905926979%26z%3D5355915%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dg3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D7be8573c-9227-496d-b566-e6075c0a9bd1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.heraldonews.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.153:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (5213)
Hash 97984bd676048bda521fc4eaf9c8c13b
724bec0cb072e649bcdcd1d41c37156457c5e5ed
649e692baaee248e0040d07ea6e548e3e7065e75dc5d8576bfaa0707d937645a
GET /?l=5KiJw7BDBzgssAn&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3905926979%26z%3D5355915%26b%3D14505326%26c%3D5990211%26var%3D%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D350%2526key%253D2c1f9aa01554345b3025ac0d005c7bea%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Dg3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg%3D%3D%26bag%3DrECJmtGDoFy5o1Vh6XUGUA%3D%3D%26ruid%3D7be8573c-9227-496d-b566-e6075c0a9bd1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fwww.heraldonews.com%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=Ob71NZhd380CaDHXSvRfsTDY20UPUUdkLjRx40u91j4; expires=Tue, 27-Sep-2022 09:39:14 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
dibsemey.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Origin: https://www.heraldonews.com
Content-Length: 749
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a20765361624fefe68f6102b36390d2c
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2
142.250.74.163200 OK 8.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 8668, version 1.0\012- data
Hash a242ba0df3a128a2cab929a8c45d5056
d70e2c70b21cbb66cd883ae56e2dedacefd81c7c
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
GET /s/poppins/v20/pxiGyp8kv8JHgFVrJJLucHtA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.heraldonews.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8668
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:53:36 GMT
expires: Thu, 21 Sep 2023 19:53:36 GMT
cache-control: public, max-age=31536000
age: 477938
last-modified: Wed, 27 Apr 2022 16:07:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-D7N32RCTS7>m=2oe9l0&_p=684161103&gdid=dZTNiMT&cid=579692095.1664267952&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664267952&sct=1&seg=0&dl=https%3A%2F%2Fwww.heraldonews.com%2F&dt=HeraldoNews.com%20-%20Todas%20las%20noticias%20de%20Espa%C3%B1a%20y%20Am%C3%A9rica%20Latina&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-D7N32RCTS7>m=2oe9l0&_p=684161103&gdid=dZTNiMT&cid=579692095.1664267952&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664267952&sct=1&seg=0&dl=https%3A%2F%2Fwww.heraldonews.com%2F&dt=HeraldoNews.com%20-%20Todas%20las%20noticias%20de%20Espa%C3%B1a%20y%20Am%C3%A9rica%20Latina&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-D7N32RCTS7>m=2oe9l0&_p=684161103&gdid=dZTNiMT&cid=579692095.1664267952&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1664267952&sct=1&seg=0&dl=https%3A%2F%2Fwww.heraldonews.com%2F&dt=HeraldoNews.com%20-%20Todas%20las%20noticias%20de%20Espa%C3%B1a%20y%20Am%C3%A9rica%20Latina&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.heraldonews.com
date: Tue, 27 Sep 2022 08:39:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dozubatan.com/400/5355914
139.45.197.237200 OK 43 kB URL HTTP/2 dozubatan.com/400/5355914
IP 139.45.197.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b3a9de331c6920e2954d999a418ccebb
b206f3ca724f1b02de01bf7b520647edd17b0e59
1e1f3ba0c179fbb8335720ee73a5ac1b7e4d13cb80268d7079dc71d16cd8d913
GET /400/5355914 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
x-trace-id: 8b336105ba4fd0511b703e96c621c628
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4fca73074db04a3cb8a8e6518ab40251; expires=Wed, 27 Sep 2023 08:39:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.heraldonews.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 27 Sep 2022 08:39:15 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 27 Sep 2022 08:39:15 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a9f9ebd58812b0b78358a1292dc46466
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23d19b3f71f6460e3d033f2516cbb30e
0eba190af730382c4ac0a433424a4c7a8c796064
b52695792218b549e210c8ce75ef9fca11319ed2ee82447817460bb7e7e87ae1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=www.heraldonews.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=www.heraldonews.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 27 Sep 2022 08:39:15 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dozubatan.com/500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 7.7 kB URL HTTP/2 dozubatan.com/500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (1597)
Hash 37164ab0f7547534833d18b57afafe9d
67a3ab16f601651977fd8bc542ffd912164b0233
799192f4efd1fd44f696cbb07c29d23e3a57f9a8e690ac6f8bc3fd8c67e38397
GET /500/5355914?excludes=&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: OAID=4fca73074db04a3cb8a8e6518ab40251
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:14 GMT
content-type: application/javascript
x-trace-id: 284347af1ae783ebb8cda3e8ebda90aa
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www.heraldonews.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:14 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.574%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.574%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.574%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: scm=1; OAID=98e6342cc10e42e19c2b8443e729e25e; oaidts=1664267953
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 27 Sep 2022 08:39:15 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fffd265ecc31a78159a5c91ee5a92c43
access-control-expose-headers: X-Sc
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:15 GMT; secure; SameSite=None
oaidts=1664267953; expires=Wed, 27 Sep 2023 08:39:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5b7b66f5886a12421c3f3970bbf49d5a
13a31565fb5b2f1e75d67ba1ce09dae339f1c0e8
3ed8ffa99cefdf81381912b426c0ab9091fb5888836665d9012435965f99feba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 515 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 1f28d17f611f18a6c1c35c742f95abdb
ec0c744df92a8e9fbc54bd9d6e1f2ad60abdb5ff
41bae208e7a7c35c6969643d45a9ac3681fe73548b6bb6d575fe54a3fa9c12f5
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 27 Sep 2022 08:39:15 GMT
date: Tue, 27 Sep 2022 08:39:15 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-O8YXGfUxS5zrIsFaW945KQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
142.250.74.162200 OK 44 kB URL HTTP/2 www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
IP 142.250.74.162:0
File type ASCII text, with very long lines (3498)
Hash f6b1f2456b44a6f219d0aed4e1a437e7
4c993a7a8f983d1b80b596b8aa65c6314bc8def7
05b89601f9c3a01b5c2efbe7a5cca69859e9c974e254501bb79d8d3a24c1267b
GET /activeview/js/current/rx_lidar.js?cache=r20110914 HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-length: 44528
date: Tue, 27 Sep 2022 08:39:15 GMT
expires: Tue, 27 Sep 2022 08:39:15 GMT
cache-control: private, max-age=3000
etag: "1664191987193040"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ce9fa7c0f8c668afd33a2fa65bf285e5
0333c06c16ea38e346cee9aad19965aa9d2729b1
50b7e5b9d9833fbd2c737642a86c63217f3296fb4bce6c7a876e4cde3dcddbd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
216.58.211.6200 OK 24 kB URL HTTP/2 s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
IP 216.58.211.6:0
File type ASCII text, with very long lines (60805)
Hash 8bb0a6e91cbcf4aca9c691e9225b34a8
83d921cf6e8334253aded6cd30ffb5781cf3c0cb
06df011163bc2147a0b8dbf5d412f24bfe7ebaaa1654a2d4ac2c68cc71373ddd
GET /ads/studio/cached_libs/gsap_3.5.1_min.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 24155
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 08:39:17 GMT
expires: Tue, 27 Sep 2022 08:39:17 GMT
cache-control: public, max-age=0
age: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ce9fa7c0f8c668afd33a2fa65bf285e5
0333c06c16ea38e346cee9aad19965aa9d2729b1
50b7e5b9d9833fbd2c737642a86c63217f3296fb4bce6c7a876e4cde3dcddbd8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 27 Sep 2022 08:39:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dozubatan.com/impression/xhxVriSj0EsQoPb1Dktc9GJb2Djco48qZL-zHeTRUzF7kZhqIkwKnIEvbof8d0WZmRlV-xDFj93J6vA3oam8znbMcFSOsnpsU3kmaJdMkVYbGTd9ofKM8RWOv-8dENp_5uJBhLaVVVHWb1_LVOL6-vBtorF53YW1_1nYjLAZp749reT5aEFmsisPj4mtpXotoX2GjSKBxxfKh6GTsDz3io2mTk1L6R_K_qQMSradfFL60NQFPpyiiKLObcKA9hAVtDWgm3jOPwQAsxQAayFQ30AdiIGC2KaCyOBYxPmyBakQ8gBvfEOX7WIqBI7E7dLPi1xUbPT__kf-LXor7B3LOBV8ZLbe_NCgNPh5IldBOWh8PNvWe_9jiNlqzLiqdgLkEcnQ1ZB3AfhNTQKYgYENCrLuag6JtABSX31-7Bhov1PNeCD-7jLgVB3gt9wcs4DF04HY-A48EpOMvM7jcykcdNNe9xpJCjA_c1E8xNQOW8SgZc9cdDcIpKO60CZ7jBXtNuw2jovdsOlA3BtQcOe2dRPp7TUhftBa-r4t1QApq19b8NCFTAYRwDUOzA9yPwrEdW8vr5vWOwk0cdKVCfGNpYv-frqbUfbXFFUe5wyn4cVUIWwTRnQtcDHZTY0ISJYyr2sGbcXUttwUr73Z1zxK5HnxDEo=?_z=5355914&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=15&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 dozubatan.com/impression/xhxVriSj0EsQoPb1Dktc9GJb2Djco48qZL-zHeTRUzF7kZhqIkwKnIEvbof8d0WZmRlV-xDFj93J6vA3oam8znbMcFSOsnpsU3kmaJdMkVYbGTd9ofKM8RWOv-8dENp_5uJBhLaVVVHWb1_LVOL6-vBtorF53YW1_1nYjLAZp749reT5aEFmsisPj4mtpXotoX2GjSKBxxfKh6GTsDz3io2mTk1L6R_K_qQMSradfFL60NQFPpyiiKLObcKA9hAVtDWgm3jOPwQAsxQAayFQ30AdiIGC2KaCyOBYxPmyBakQ8gBvfEOX7WIqBI7E7dLPi1xUbPT__kf-LXor7B3LOBV8ZLbe_NCgNPh5IldBOWh8PNvWe_9jiNlqzLiqdgLkEcnQ1ZB3AfhNTQKYgYENCrLuag6JtABSX31-7Bhov1PNeCD-7jLgVB3gt9wcs4DF04HY-A48EpOMvM7jcykcdNNe9xpJCjA_c1E8xNQOW8SgZc9cdDcIpKO60CZ7jBXtNuw2jovdsOlA3BtQcOe2dRPp7TUhftBa-r4t1QApq19b8NCFTAYRwDUOzA9yPwrEdW8vr5vWOwk0cdKVCfGNpYv-frqbUfbXFFUe5wyn4cVUIWwTRnQtcDHZTY0ISJYyr2sGbcXUttwUr73Z1zxK5HnxDEo=?_z=5355914&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=15&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/xhxVriSj0EsQoPb1Dktc9GJb2Djco48qZL-zHeTRUzF7kZhqIkwKnIEvbof8d0WZmRlV-xDFj93J6vA3oam8znbMcFSOsnpsU3kmaJdMkVYbGTd9ofKM8RWOv-8dENp_5uJBhLaVVVHWb1_LVOL6-vBtorF53YW1_1nYjLAZp749reT5aEFmsisPj4mtpXotoX2GjSKBxxfKh6GTsDz3io2mTk1L6R_K_qQMSradfFL60NQFPpyiiKLObcKA9hAVtDWgm3jOPwQAsxQAayFQ30AdiIGC2KaCyOBYxPmyBakQ8gBvfEOX7WIqBI7E7dLPi1xUbPT__kf-LXor7B3LOBV8ZLbe_NCgNPh5IldBOWh8PNvWe_9jiNlqzLiqdgLkEcnQ1ZB3AfhNTQKYgYENCrLuag6JtABSX31-7Bhov1PNeCD-7jLgVB3gt9wcs4DF04HY-A48EpOMvM7jcykcdNNe9xpJCjA_c1E8xNQOW8SgZc9cdDcIpKO60CZ7jBXtNuw2jovdsOlA3BtQcOe2dRPp7TUhftBa-r4t1QApq19b8NCFTAYRwDUOzA9yPwrEdW8vr5vWOwk0cdKVCfGNpYv-frqbUfbXFFUe5wyn4cVUIWwTRnQtcDHZTY0ISJYyr2sGbcXUttwUr73Z1zxK5HnxDEo=?_z=5355914&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=15&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Cookie: OAID=98e6342cc10e42e19c2b8443e729e25e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:19 GMT
content-type: image/gif
content-length: 43
x-trace-id: 6b79106fd08fe7c6c55c08010cd2d098
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tovanillitechan.com/15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A5.089%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A5.089%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /15?rnd=1811155723&z=5355915&var=&rb=g3EMVk4PMSHQwgkqf8LNP_TlQYgAZwBxDbM80YovkiQEiIPFYaPY8qCzn6U25EE4LnmOPxxfLdWI9zqXwWXjBw9UX_hgDd-TecZTYpDWLsA-GJIUekVNnkL1HSP3WTEJBdiPMFEIGTuKZAQPzKO7bqXMwLR0i2_rWyG3QchMZ-r9-AxDW-HQMOnQfDbZ1n7ckWicEJf_sG0_difNY9csuQReDf_Clbteo6twXNkslKcR2p99YN8kBPhQEaMBaDDfQeHPgzNLOHDqt4RdEAE2MJXWOIDEEC4fTyJtfSiCvNHLJcxHdnWjIJIh-TZ9u-VTIqgdho-lf8LdUENo0kFjgzJaJmkuKEuevXpvXvUAUyMel8eIhpaCHOE1izcnfweezNOC5rgbEJk0aFd14zYJLuO2MGqWGI0yhMeQW8XlbI9iKan-Ua_XIQDkKfss8tNF4HcKZvwgT5bUXi-Vzljo4vIUbdbWf6poAgDsoz6wa26cmdcGdx9r6xI8PtP9foF3WD4kGTsf7dXggog-FkdDoh--EGmHdrZLNjJijaJBBpYZ8-MnBJsLyiMyiD47LTbLOiLAxVH4mxydTNAIspUKC3powKb1RKDoVomfmHxwxNnV3fIKqWOIBkSR2lN9OI7h9Vw1vwpn46YFR7tMLmwXjg==&ruid=7be8573c-9227-496d-b566-e6075c0a9bd1&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A5.089%2C%22location%22%3A%22https%3A%2F%2Fwww.heraldonews.com%2F%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: scm=1; OAID=98e6342cc10e42e19c2b8443e729e25e; oaidts=1664267953
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 27 Sep 2022 08:39:19 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 416434b3412c73f57165f652f7e99d66
access-control-expose-headers: X-Sc
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:19 GMT; secure; SameSite=None
oaidts=1664267953; expires=Wed, 27 Sep 2023 08:39:19 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dozubatan.com/500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:19 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
104.22.32.172200 OK 13 kB URL HTTP/2 offerimage.com/www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg
IP 104.22.32.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 375d4eace3e9692bfe2fc21648f4c59a
57ef9b8278b63d567eab92b8607b68cee29071b8
46005b3961515220591e6df79d2713774deb57a082dda8162c3d182bcad3aa1b
GET /www/images/375d4eace3e9692bfe2fc21648f4c59a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 27 Sep 2022 08:39:19 GMT
content-type: image/jpeg
content-length: 13449
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6231b480-3489"
expires: Tue, 27 Sep 2022 13:38:20 GMT
last-modified: Wed, 16 Mar 2022 09:57:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 68459
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7512ed9a5a6898f7-ARN
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=01a2d3f753704250b36e816e80364844&zoneId=5355918&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=01a2d3f753704250b36e816e80364844&zoneId=5355918&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash f9e77b02efac9176673dfd711d9582be
d5c8a3eecf5613b4541efdf9e05b4ae16276a4dd
e831f9b9b9ee5eb2c47dcfab48f928b8bede6ca59e6df114d09277173a28d2df
GET /gid.js?pub=0&userId=01a2d3f753704250b36e816e80364844&zoneId=5355918&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: ID=98e6342cc10e42e19c2b8443e729e25e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:20 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:20 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dibsemey.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
Analyzer Verdict Alert fortinet Malware
POST /custom HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Origin: https://www.heraldonews.com
Content-Length: 383
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:20 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 96b4bd23185e55c686edf8f1c42adb82
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
whairtoa.com/5/5355919
139.45.197.238200 OK 0 B IP 139.45.197.238:0
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5355919 HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:12 GMT
content-type: application/javascript
x-trace-id: e5aa14dd0f10b2bc7d34e9ad24b31f71
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:12 GMT; path=/; secure; SameSite=None
oaidts=1664267952; expires=Wed, 27 Sep 2023 08:39:12 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Rubik%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CPoppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Rubik%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CPoppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap
IP 142.250.74.10:0
GET /css?family=Rubik%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CPoppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 27 Sep 2022 08:39:12 GMT
date: Tue, 27 Sep 2022 08:39:12 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
pseepsie.com/pfe/current/universal.min.js?v=3.1.395
139.45.197.250200 OK 0 B URL HTTP/2 pseepsie.com/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: pseepsie.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dibsemey.com/pfe/current/universal.min.js?v=3.1.395
139.45.197.250200 OK 0 B URL HTTP/2 dibsemey.com/pfe/current/universal.min.js?v=3.1.395
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.395 HTTP/1.1
Host: dibsemey.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Origin: https://www.heraldonews.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 07:25:49 GMT
etag: W/"63296afd-1fafa"
access-control-allow-origin: https://www.heraldonews.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
GET /500/5355914?excludes=14745758&oaid=98e6342cc10e42e19c2b8443e729e25e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=16&pl=https%3A%2F%2Fwww.heraldonews.com%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Content-Type: application/json
Origin: https://www.heraldonews.com
Connection: keep-alive
Cookie: OAID=98e6342cc10e42e19c2b8443e729e25e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:19 GMT
content-type: application/javascript
x-trace-id: 64b243d5d237eeae29151bede17ff84c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www.heraldonews.com
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=98e6342cc10e42e19c2b8443e729e25e; expires=Wed, 27 Sep 2023 08:39:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/27/b7bd02994a2771796f8a835cfb750d4b
IP 139.45.197.239:0
GET /27/b7bd02994a2771796f8a835cfb750d4b HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heraldonews.com/
Connection: keep-alive
Cookie: scm=1; OAID=ccd759ea267b44bbaf94c563497b370c; oaidts=1664267953
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 27 Sep 2022 08:39:13 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 22 Sep 2022 08:42:06 GMT
expires: Thu, 22 Oct 2082 08:42:06 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2