qeextension.com/
85.187.128.60301 Moved Permanently 707 B IP 85.187.128.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 31 Mar 2023 22:39:47 GMT
server: LiteSpeed
location: https://qeextension.com/
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3050
Expires: Fri, 31 Mar 2023 23:30:37 GMT
Date: Fri, 31 Mar 2023 22:39:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cca063332ba9a89eadd62a8dd7f81a9b
d473b2a7a32c964599ff3bac8f98fa578f03d1d1
02fb74c7c695ad99f7f2fd7c02ae2b88e2da1c5db339f883333d9090291931dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02FB74C7C695AD99F7F2FD7C02AE2B88E2DA1C5DB339F883333D9090291931DC"
Last-Modified: Wed, 29 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3506
Expires: Fri, 31 Mar 2023 23:38:13 GMT
Date: Fri, 31 Mar 2023 22:39:47 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 31 Mar 2023 22:16:13 GMT
content-type: application/json
age: 1414
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 76218c893040d958ae1c4231cdd2133c
6a7b336dee91d4aec26ace0a5883ecdfac52e68f
d35492b04d16ed00e9e195e7c84c99aa6a2b8a93abeb656baae0918986f0a7e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D35492B04D16ED00E9E195E7C84C99AA6A2B8A93ABEB656BAAE0918986F0A7E4"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6269
Expires: Sat, 01 Apr 2023 00:24:16 GMT
Date: Fri, 31 Mar 2023 22:39:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: lrWGZ8+T7fF0t1HtLGGe5NcrQZ9pDBqIQWAzJhDRNix4EVLRZFFBROmdXKG/Lb2x/cyTWtFJIXk=
x-amz-request-id: WZV2DK268HN6AVXX
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 31 Mar 2023 22:12:21 GMT
age: 1646
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:47 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 31 Mar 2023 22:14:39 GMT
age: 1509
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b3df8c73360b4239af64e11f9d2388be
dc5463ff26615b40e4eab388052790d6c30ea5e6
877b23d16abf2e0e9f649f53747e82af0b75e8595abd71728254e612847cfdb6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "877B23D16ABF2E0E9F649F53747E82AF0B75E8595ABD71728254E612847CFDB6"
Last-Modified: Wed, 29 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14346
Expires: Sat, 01 Apr 2023 02:38:54 GMT
Date: Fri, 31 Mar 2023 22:39:48 GMT
Connection: keep-alive
push.services.mozilla.com/
54.200.47.185101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.200.47.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tuqYgr0NWzluC5TtkCN9tA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OrfULUzBP+clh2dT3+jyutJl2a0=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Sat, 01 Apr 2023 02:42:09 GMT
Date: Fri, 31 Mar 2023 22:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Sat, 01 Apr 2023 02:42:09 GMT
Date: Fri, 31 Mar 2023 22:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Sat, 01 Apr 2023 02:42:09 GMT
Date: Fri, 31 Mar 2023 22:39:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 14539c5e0ca6ce826e62bdadad738bbd
92ce1bbc7f338d3e48e35d637513ab0aba610a98
58e8d186f5d0531c2597d267b0a92bb46909e8fa162b2b5f7fa6e50b2e0af357
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "58E8D186F5D0531C2597D267B0A92BB46909E8FA162B2B5F7FA6E50B2E0AF357"
Last-Modified: Fri, 31 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14541
Expires: Sat, 01 Apr 2023 02:42:09 GMT
Date: Fri, 31 Mar 2023 22:39:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KkjS04mCLqFET4v9-sePYK-zcztrds608GECT1Fxz3BEpslgxnpLOg==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:37:17 GMT
age: 3751
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7abfd37bfd9b14a195c3de2d399b6d8a
65c966c2dd0015ffa61acea36212a538eccd5fd9
c80e0dc705226d0b96fbb2fc7dde331ba5ebca2e887d6b77661d7c6a6efdd49d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc960713a-d448-4b65-8d89-5da5a2031c7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14764
x-amzn-requestid: 76fa5c4f-2fa7-4310-9ad8-80cd096fb636
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqnIXF_aoAMFtGA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64275235-2846a8ee4376c7c02a919ed9;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:35:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: xJUHKE8Bh953Z2jOnjklqpmLOxq-UITKQhncKJ6f87w1-vpRcIM2Hw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:59:12 GMT
age: 2436
etag: "65c966c2dd0015ffa61acea36212a538eccd5fd9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 63f65b3207378879c6e794007b8a11ee
f0ee85f6acc45822ca5dc638bedefb21618d9127
dadd45018a3f500653176e5d585284fa28ca8140ec71c666feb4ab1b93f54c54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9720e87-c9ea-45dd-b03b-959a201d1cd5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8479
x-amzn-requestid: 918a80ec-9fed-420b-b213-3c7e34e007ed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9WEw_IAMF53g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-7cdad9533b2617c0043823f2;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: jh-3_Rb1rG13lHKqhXtUe3dt6pO2CADP7IL_zAadlgCvgoNiWDQ8jQ==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 22:00:04 GMT
age: 2384
etag: "f0ee85f6acc45822ca5dc638bedefb21618d9127"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 613b90b49678a72443e992713b7eb711
f4216e9b06d9cb62aadfafce434789a3cc5d1fe2
7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 9bed2cbf-18d6-4cac-8ac0-32e831ff1d9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClWGeHbhIAMFn5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642536f5-3d548aea13f757a85ca99750;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:15:01 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: cWC8mfkQdpMt1CB3QLj4CRjiegMidFxcrzKqAnvyF1RLJ6_0bYCUSA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 07:29:07 GMT
age: 54641
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c193cd4520e8ee5d17cd1f3faadc1c73
b46effcb93e0ad066474ec1f67bcd54020615caf
bc824341b884278e7e69ae3bb87484ad914e5909544959ebc8f8661a545cb929
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10128
x-amzn-requestid: bdd46a1d-4b43-4450-be32-3e3947d2fcd7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VELdIAMFmmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-346e92d143f6fcf46db741c8;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: jidQVHgb6EK_fyGj4wYgdWEBeth8CIB5szPrwrgmirz4Q9tSYpRrsw==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:47:06 GMT
age: 3162
etag: "b46effcb93e0ad066474ec1f67bcd54020615caf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif
34.120.237.76400 Bad Request 3 B URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif
IP 34.120.237.76:0
File type ASCII text, with no line terminators
Hash fcc3d7489d15ef49dbbf735234234cf7
654e0aaee80e38636c503629d32225db31a616de
52109349dabf69106e04ec2f493fb8b6ade94ea100227cccce6559ab8b96553f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/json
content-length: 3
x-amzn-requestid: e998de5a-5bdb-4776-823e-b6bb9ca9bbf5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqwSXHrLIAMF9fA=
cache-control: max-age=120,public
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642760db-4ae4913254bc8f0d44fc37bc;Sampled=0;lineage=69363f46:0
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Error from cloudfront
x-amz-cf-id: EWSWMFi4cyw2gpMdY4yubYp063oOZ9u6LVzyn9u2TJbbXSOAvkXhkg==
age: 64
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif&resize=w450
34.120.237.76200 OK 1 B URL HTTP/2 img-getpocket.cdn.mozilla.net/direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif&resize=w450
IP 34.120.237.76:0
File type very short file (no magic)
Hash 7215ee9c7d9dc229d2921a40e899ec5f
b858cb282617fb0956d960215c8e84d1ccf909c6
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
GET /direct?url=https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab3267a3-5b54-4897-9b87-b135a35c1c32.avif&resize=w450 HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 1
x-amzn-requestid: 79cd5e44-e83d-40dc-94b9-c2735e93c702
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9eGVHIAMF3VQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ef-530fe76753a3c02d34350ef9;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date:
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: NvjNL4v9ue2MdQd9EUdiORSLU6iI4e_uH0zT5Bm_RUPkgFEWVWsTAg==
via: 1.1 ec27e2bbc77d9805bead471453d2094c.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:58:56 GMT
age: 2453
etag:
content-type: application/x-empty; charset=binary
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/css/classic-themes.min.css
192.0.77.37200 OK 291 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/css/classic-themes.min.css
IP 192.0.77.37:0
Hash 1a0804b1a9d09705657f91fe7cad4c5a
feeece6f0b3e0bcf090547c475329a2772f6b26b
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
GET /c/6.2/wp-includes/css/classic-themes.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
content-length: 291
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce.css
192.0.77.37200 OK 9.3 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce.css
IP 192.0.77.37:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 9fcee94e3117b44ef1f1223eca25f557
d74ca56d8fc0b216de111f202289f5bb82b09e54
52e9ae8445795327654e7ee3c75d07a7b5da89dc1e12c1b1272103e4ef6a1252
GET /p/woocommerce/7.4.0/assets/css/woocommerce.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:19:11 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5b6731341a66be32757ea461f5bd605a
f9a017cd1195d1eafb3839a899baf75f2e71958f
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ac29d7d71ef6c0cc7547974c8c4f7b
29108a8370757ef63f347d1fd2ae696f5842342c
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0.wp.com/c/6.2/wp-includes/js/jquery/jquery-migrate.min.js
192.0.77.37200 OK 5.1 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/jquery/jquery-migrate.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (13326)
Hash dd73b7af6770fa566107449cb37441a0
979125d4bbbca71ac29f1116a47f2f74f2d275e1
eabdb0eec2cdb60b96e062b23a5a8634f0a361b52edbbb282e9f19d38a137955
GET /c/6.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/common-style.css?ver=2.5.5
85.187.128.60200 OK 591 B URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/common-style.css?ver=2.5.5
IP 85.187.128.60:0
Hash 20914b6aa5f445d9d80d92c8f5740608
599894d0a67f1c4fa17244236b851c8c653e90f6
ad86887d0fbc5d94c0dd4caf522f021ef0b69fc7b125e131015bdb2d857b8a34
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/common-style.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 591
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/style-index.css?ver=2.5.5
85.187.128.60200 OK 2.7 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/style-index.css?ver=2.5.5
IP 85.187.128.60:0
Hash 927638d86000b4eb840a2984b3291678
e5f91d77a8a8f823fe1a954b607978625d05f55d
af26180b8e7fe7d2fae24c78123a0188d2c995b25db70a75ebfb86c64cb994de
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolentor-addons/woolentor-blocks/src/assets/css/style-index.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2690
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4
85.187.128.60200 OK 878 B URL HTTP/2 qeextension.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4
IP 85.187.128.60:0
Hash 51a9519e6d91dbbf3c880cad07eacb29
3cf55904c0b00a805533ab2e23e8425e6129bf6b
5473babede3fa1c5d174a237e8c66601f7e82b550c74eeecdfae74ea315f3a1e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.4 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:54:25 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 878
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/iqonic-extensions/assest/css/flaticon.css?ver=1.0.0
85.187.128.60200 OK 2.1 kB URL HTTP/2 qeextension.com/wp-content/plugins/iqonic-extensions/assest/css/flaticon.css?ver=1.0.0
IP 85.187.128.60:0
Hash ee5cffd11934fea5a88bee57505393c7
8ecf7492b5c4a662a5d7c572f7f6c4c959d877f4
ce9e8d7b7111c5d7c4481c0440991c575ed291c8e58338168ef01e5abc5cbe3f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/iqonic-extensions/assest/css/flaticon.css?ver=1.0.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 07:28:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2114
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=
142.250.74.40200 OK 39 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=
IP 142.250.74.40:0
File type ASCII text, with very long lines (2206)
Hash 996f4fce56aa9ed6d706e7425837e2ac
8442e06789965cfd35f1cc353f237c2170b390c3
40f7baa1e2f6a7b985384d6f74011b163ade14631cb0cd0f86de382c64160f12
GET /gtag/js?id= HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 31 Mar 2023 22:39:49 GMT
expires: Fri, 31 Mar 2023 22:39:49 GMT
cache-control: private, max-age=900
last-modified: Fri, 31 Mar 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38788
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/iqonic-extensions/assest/css/iqonic-extenstion.css?ver=1.0.0
85.187.128.60200 OK 21 kB URL HTTP/2 qeextension.com/wp-content/plugins/iqonic-extensions/assest/css/iqonic-extenstion.css?ver=1.0.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (814)
Hash a28cabbb5bf490935a4da7fe49a7a743
a175247a1b00851874404c87fa67b81f577935d9
c90b1cbe64bfab4fe34582970a025482236aac38a28a1d64e5b2b13ec9ed7870
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/iqonic-extensions/assest/css/iqonic-extenstion.css?ver=1.0.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 07:28:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 21167
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a5ac29d7d71ef6c0cc7547974c8c4f7b
29108a8370757ef63f347d1fd2ae696f5842342c
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5b6731341a66be32757ea461f5bd605a
f9a017cd1195d1eafb3839a899baf75f2e71958f
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qeextension.com/wp-content/plugins/quick-license-manager/css/agile-bootstrap.css?ver=6.2
85.187.128.60200 OK 18 kB URL HTTP/2 qeextension.com/wp-content/plugins/quick-license-manager/css/agile-bootstrap.css?ver=6.2
IP 85.187.128.60:0
File type HTML document, ASCII text, with very long lines (547), with CRLF line terminators
Hash 93612098b88537ea87d5ac096f9ba079
1eb40e5c1329755445c7b81eb72eed3f00453dd0
b46c782ebef9bb7db0b1e0b29cb4007d31ea4e000001a6ee4dae8a805fafa547
GET /wp-content/plugins/quick-license-manager/css/agile-bootstrap.css?ver=6.2 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:59:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 17583
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolementor/assets/css/front.min.css?ver=3.9
85.187.128.60200 OK 409 B URL HTTP/2 qeextension.com/wp-content/plugins/woolementor/assets/css/front.min.css?ver=3.9
IP 85.187.128.60:0
File type troff or preprocessor input, ASCII text, with very long lines (984), with no line terminators
Hash 56096c3a6a07b09688548fb3da09e63f
d3cf429c7b0e34490c7573bc85043613237c9e76
0dac2d9bf6176bce2b5ad33c18b24f8abd7c732b1e25f64a4d22c5518232ce2e
GET /wp-content/plugins/woolementor/assets/css/front.min.css?ver=3.9 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:53:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 409
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.5
85.187.128.60200 OK 12 kB URL HTTP/2 qeextension.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.5
IP 85.187.128.60:0
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash d9e87ca4b1794034e57c7084192964b4
8c2bb3a54f8f37862cba0da963b2e344db6c5dc6
24fb2fb63a83d7a52273cf5a54af6f233ae0859900b7f228eb4bb1fba56f264b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.3.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 07:28:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12135
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolementor/assets/css/cx-grid.min.css?ver=3.9
85.187.128.60200 OK 1.3 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolementor/assets/css/cx-grid.min.css?ver=3.9
IP 85.187.128.60:0
File type ASCII text, with very long lines (9747), with no line terminators
Hash 4101f6630704649128457ce5dd83c3b4
6eee75c84a63bcfec435fe01981b842580094649
1e98ccc8c5a8e6f62f681a3748f5ec6db1a87fd087dc678c294f5f0e3069fba0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolementor/assets/css/cx-grid.min.css?ver=3.9 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:53:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1286
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/wp-whmcs-extension/elementor/css/wp-whmcs-extension-public.css?ver=1.0.0
85.187.128.60200 OK 1.2 kB URL HTTP/2 qeextension.com/wp-content/plugins/wp-whmcs-extension/elementor/css/wp-whmcs-extension-public.css?ver=1.0.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (580)
Hash 561543be48d8e3421d28a2d4fc358daf
a5dc4fabcc718a46849465ff220f5dc35ca4892c
63f70577722684769b9d237be26879d57f8e791b34a66e3311e5bde5e7040df4
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-whmcs-extension/elementor/css/wp-whmcs-extension-public.css?ver=1.0.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 07:28:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1237
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13
85.187.128.60200 OK 259 B URL HTTP/2 qeextension.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13
IP 85.187.128.60:0
Hash 49736e2d926fb2846e2df8fc0a1b69f8
0c415addd3603df8843209de4fc448ef5c443761
be091ce2d9948f24a59c9d1578557cd92e8180e2318dc0a21308ca180071f8d0
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.13 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 01:28:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 259
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0
85.187.128.60200 OK 3.6 kB URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (19004)
Hash 50b87cec4577ab86bcd2be17c0721a4e
99adaa3153c9c60adbd506389dddb7df71e6e307
32bfae98d3ef6c2bf6c5822ae4ff8eb91b1d804e5f65e32f54e5fe114821c2b3
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.14.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3589
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.5.6
85.187.128.60200 OK 741 B URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.5.6
IP 85.187.128.60:0
File type ASCII text, with very long lines (13766)
Hash 1cc078fa76d8018bf327f9b6947d5481
442161b68ecc870a5b2af73e532a870a66b62039
331a9e07a04ad5b8de1ceab969a7397204e75bd5ed0048399b3e89f9c8515d1a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.5.6 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 741
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/uploads/elementor/css/post-11.css?ver=1655866228
85.187.128.60200 OK 310 B URL HTTP/2 qeextension.com/wp-content/uploads/elementor/css/post-11.css?ver=1655866228
IP 85.187.128.60:0
File type ASCII text, with very long lines (1013), with no line terminators
Hash 03a62f61b5f369f5d438c61eb7e8d7d7
fb6cdef113cc35844fab5c0aa87aaa5b914094f3
4ee364c3515ad9c730c9b238ac2f6de3ef3c6805dd8e18553cca0721c9a5c8f6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-11.css?ver=1655866228 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:26:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 310
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/uploads/elementor/css/global.css?ver=1655894263
85.187.128.60200 OK 2.6 kB URL HTTP/2 qeextension.com/wp-content/uploads/elementor/css/global.css?ver=1655894263
IP 85.187.128.60:0
File type ASCII text, with very long lines (9051)
Hash ea9174f924b123ef3536e92b4534e947
39fc792dc899e3c0a8aa155530e931a97457c9b5
3d7b7f610a229555bee970823be6da915c04e32dab2eca00be4a34c2c9f64643
GET /wp-content/uploads/elementor/css/global.css?ver=1655894263 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:37:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2623
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woo-variation-swatches/assets/css/frontend.min.css?ver=1676951920
85.187.128.60200 OK 4.1 kB URL HTTP/2 qeextension.com/wp-content/plugins/woo-variation-swatches/assets/css/frontend.min.css?ver=1676951920
IP 85.187.128.60:0
File type ASCII text, with very long lines (34869)
Hash 84fe7c34d4461d4975f72b3a97300181
00b2164f51f29eabf3eddecffce66e8e6ee06d5f
7b1e54d2bbfcd75d299053753c8e10fc750076d0c0f3c37cdba8121e8cfe2f1f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woo-variation-swatches/assets/css/frontend.min.css?ver=1676951920 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:58:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4052
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/assets/css/htflexboxgrid.css?ver=2.5.5
85.187.128.60200 OK 1.6 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/assets/css/htflexboxgrid.css?ver=2.5.5
IP 85.187.128.60:0
Hash e23d143f3c5063516c4c6960cc0c5459
81d472a7b524f4b3c6c1c945b55ad26e3afc4a04
88675745109b545aa0d3998489e3dbf389967b67dcdf5fec098f78eb353dda8a
GET /wp-content/plugins/woolentor-addons/assets/css/htflexboxgrid.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1643
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/assets/css/simple-line-icons.css?ver=2.5.5
85.187.128.60200 OK 1.9 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/assets/css/simple-line-icons.css?ver=2.5.5
IP 85.187.128.60:0
File type ASCII text, with very long lines (360)
Hash 281fe007e26b99f320ff583976146db9
0a456fd21e4542ed15fea9c65833e9bfb24bbd58
a5851c3fda89de9786c6c5c4a2e1ad62a4789d9d3f40119ed7ec5378b02ddb4d
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolentor-addons/assets/css/simple-line-icons.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1856
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/checkout-widget-elementor/asserts/css/ecw_style.css?ver=6.2
85.187.128.60200 OK 296 B URL HTTP/2 qeextension.com/wp-content/plugins/checkout-widget-elementor/asserts/css/ecw_style.css?ver=6.2
IP 85.187.128.60:0
File type ASCII text, with CRLF line terminators
Hash e32d2ddb0777734112d0558442f3bbc7
8a04e6b108086c11efd6746ce3d4d4ff273d5f47
a68f01adebe71b87d84f6d0f4783d585d5a3cae8a1804de821b4882662ad5366
GET /wp-content/plugins/checkout-widget-elementor/asserts/css/ecw_style.css?ver=6.2 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 21 Oct 2021 07:28:14 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 296
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolementor/assets/third-party/slick/slick.css?ver=1.8.1
85.187.128.60200 OK 483 B URL HTTP/2 qeextension.com/wp-content/plugins/woolementor/assets/third-party/slick/slick.css?ver=1.8.1
IP 85.187.128.60:0
Hash 1e4f6b1a5456c5cefdd025118bf4e6b5
5713171df86af73933ccb408bd352ae4267fd196
80a0639fa558bbfef356bcdbf900c4586b7b51834efcec690384317ec52c7676
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolementor/assets/third-party/slick/slick.css?ver=1.8.1 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:53:53 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 483
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/assets/lib/css/magnific-popup.css?ver=2.5.5
85.187.128.60200 OK 1.5 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/assets/lib/css/magnific-popup.css?ver=2.5.5
IP 85.187.128.60:0
File type ASCII text, with very long lines (5249), with CRLF line terminators
Hash a69a22588661f699735f4f32ed4cef6f
0b193f943a5bd659c8f52f4f54e0f77421aff855
4c0cde93a996796d708a0c505a1391096085003d759564043c10a8337ec3eefe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolentor-addons/assets/lib/css/magnific-popup.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1495
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/typicon.min.css?ver=2.0.0
85.187.128.60200 OK 2.4 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/typicon.min.css?ver=2.0.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (15016), with no line terminators
Hash b6cd0e289471844144a2d6a85fd22ae7
5e3c7f78b1f92da56801491e9dc1d667f91dc52c
1ddd2c2cb819394fe37a4727aa63b30cfa0c2dec44a2da5f87c40e38834e946f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/qloud/assets/css/typicon.min.css?ver=2.0.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2374
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/uploads/elementor/css/post-3833.css?ver=1655894263
85.187.128.60200 OK 104 B URL HTTP/2 qeextension.com/wp-content/uploads/elementor/css/post-3833.css?ver=1655894263
IP 85.187.128.60:0
File type ASCII text, with very long lines (304), with no line terminators
Hash 75b49e56d3ec295876cb43ea6222bb85
03b6ac50c8648fec577db3662b2c7b4dd28f9348
db9681f5b619349719582f16929b703ae5a3cc3d6d6ab46182f52799040348d2
GET /wp-content/uploads/elementor/css/post-3833.css?ver=1655894263 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:37:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 104
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/qloud-responsive.css?ver=1.0
85.187.128.60200 OK 2.0 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/qloud-responsive.css?ver=1.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (623)
Hash edf99759b2aefcd9da287a8a49ffe923
5725754259c9034c1a8cba8a4fb75c19278fbc47
6358608cf757ec8f012d7b92f101ff4fbad45bbe19f4c392032b55d0f422dbbc
GET /wp-content/themes/qloud/assets/css/qloud-responsive.css?ver=1.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1975
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.18.0
85.187.128.60200 OK 1.7 kB URL HTTP/2 qeextension.com/wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.18.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (7454), with no line terminators
Hash ec8b67a61ece93dc6a3dd83a474b81aa
40db6bb1da9f83d807f7cc3f68ade69fd4cc8556
55685cbb3ea42954d05f0af76539d9dd75853ea8d3c8dde9075ba07525172cc5
GET /wp-content/plugins/popup-maker/assets/css/pum-site.min.css?ver=1.18.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:55:52 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1694
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.5.6
85.187.128.60200 OK 16 kB URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.5.6
IP 85.187.128.60:0
File type ASCII text, with very long lines (65497)
Hash 48d276b35947e294ad4d22ba7905d92a
101f6bc97f9654608f667a9392b8c3ef94c2b6b7
0ce796b738c2d821a948d2483af9ce26369055666dc1cddfc456b88bbc60201f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.5.6 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 16226
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13
85.187.128.60200 OK 7.4 kB URL HTTP/2 qeextension.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13
IP 85.187.128.60:0
File type Unicode text, UTF-8 text, with very long lines (1646)
Hash 806afc62d640eb03fccbd5fe46ed8666
31259bb9e403fbe379125ea0c562ac11d76dc4d7
f7ceb3661377e98e71ccebe4d91336ac77e4e62a84bff79a1e6f865f3d00c26f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.13 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Thu, 25 Aug 2022 01:28:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7374
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
85.187.128.60200 OK 6.7 kB URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0
IP 85.187.128.60:0
File type ASCII text, with very long lines (30837)
Hash 5dbbe85d6a3308dceb97d91b740b0f11
3f70abf9963371962665167f98ba52365481496d
751d4fdd16bd33cc9c93bcaadcd316922ca9bbd74cb6a9e1705c8bef4330dabf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 6657
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/uploads/elementor/css/post-227.css?ver=1659347803
85.187.128.60200 OK 5.1 kB URL HTTP/2 qeextension.com/wp-content/uploads/elementor/css/post-227.css?ver=1659347803
IP 85.187.128.60:0
File type ASCII text, with very long lines (55648)
Hash 4a42a0f1376d38e5b5f080bd16cfebdf
d50b5418072a25248b216a4af9b5549f087ee065
d1aa58e084d6a448961f938f07260bd64d79fcc46297b0ce6400f4be5b867fd5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-227.css?ver=1659347803 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Mon, 01 Aug 2022 09:56:43 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5119
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css
192.0.77.37200 OK 7.9 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css
IP 192.0.77.37:0
File type ASCII text, with very long lines (10435), with no line terminators
Hash aa14d2dc33431b3314d7b2c0c725fb8f
e17be77d532d967d2965b4227d0712dddeaab13e
9780736655e4472e859bc914994fd40edffe3a2e5da3219cbdf2c0cf9149fe8f
GET /p/woocommerce/7.4.0/packages/woocommerce-blocks/build/wc-blocks-vendors-style.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:19:11 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/wow.css?ver=3.7.0
85.187.128.60200 OK 4.4 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/wow.css?ver=3.7.0
IP 85.187.128.60:0
Hash 17be0def5969ac26c2c2ee8589f92d6a
32fa146dd7c15e7a9d3929f6210554d36c1365ae
750a9f714f71e17e2293048db28c17e68819c0bdcecbc3f0dba358ddfde18bde
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/qloud/assets/css/wow.css?ver=3.7.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:12 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4435
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/ionicons.min.css?ver=2.0.0
85.187.128.60200 OK 7.5 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/ionicons.min.css?ver=2.0.0
IP 85.187.128.60:0
File type Unicode text, UTF-8 text, with very long lines (50806)
Hash 7cb0574e13158d4120e3dd88cd9db0c7
3474d291b7a5cafd9672895f7e0d8ca621003ce6
ad2ff62765780edf3b4a79abfcbb12bf744d63fd618990cf164d7146d2b23d5f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/qloud/assets/css/ionicons.min.css?ver=2.0.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7532
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/qloud-style.css?ver=1.0
85.187.128.60200 OK 12 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/qloud-style.css?ver=1.0
IP 85.187.128.60:0
File type assembler source, ASCII text, with very long lines (654)
Hash 8cdf945e034671479195228eca2502df
7d31e5c1d7410206e5d4fc80c3ba3b80759f8482
843051c974939c813d032463d4f2b86bca0d25b43627edf221ddb26a099f90f9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/qloud/assets/css/qloud-style.css?ver=1.0 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:11 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12216
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/woolentor-addons/assets/css/woolentor-widgets.css?ver=2.5.5
85.187.128.60200 OK 21 kB URL HTTP/2 qeextension.com/wp-content/plugins/woolentor-addons/assets/css/woolentor-widgets.css?ver=2.5.5
IP 85.187.128.60:0
File type Unicode text, UTF-8 text, with very long lines (347)
Hash 7638fbc131c505da4b687db9a1b204f5
7f87886c8090cfbe5ea688cf04a39c02ce8baadf
e24277ec7bd5e21b94acb0ba80987594793d700ce3e94ae83e4ff9c47ba966cf
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/woolentor-addons/assets/css/woolentor-widgets.css?ver=2.5.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Tue, 21 Feb 2023 03:56:07 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 20760
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/themes/qloud/assets/css/bootstrap.min.css?ver=4.1.3
85.187.128.60200 OK 19 kB URL HTTP/2 qeextension.com/wp-content/themes/qloud/assets/css/bootstrap.min.css?ver=4.1.3
IP 85.187.128.60:0
File type ASCII text, with very long lines (65324)
Hash b6b383145e197a1b40aa6daf56fe7566
0bdbc156e92bb7421269b82f6502694d712ca6ed
6322011d290b52b62f9271be21a5b39163ad6ee6bede57d7d81446384c61db45
GET /wp-content/themes/qloud/assets/css/bootstrap.min.css?ver=4.1.3 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Wed, 22 Jun 2022 10:32:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 19049
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
85.187.128.60200 OK 283 B URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3
IP 85.187.128.60:0
File type ASCII text, with very long lines (491)
Hash 453a93dc816be89f942ebb253ff199fb
01563d6019803e3ff2a94c5397e7e771ee6f440d
36beebcd3778e04c8973faa581d07c7e7dc0bac2a77f637379e7d110383ab5d7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.15.3 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 283
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
85.187.128.60200 OK 286 B URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
IP 85.187.128.60:0
File type ASCII text, with very long lines (483)
Hash 8828fa3c5bdcfa66615714a2b8c9d807
4f556d0b005ac7754af607418df445f8cf98e8b1
16950dcce60bc3ee2613b60439c99e7ed74d10245f59fe6f68346b7e72dd95e7
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 286
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
85.187.128.60200 OK 12 kB URL HTTP/2 qeextension.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
IP 85.187.128.60:0
File type ASCII text, with very long lines (57726)
Hash f463afd8661ddc733305df1f0cbdaff2
77262f0209e75e340eb7014aba9cd8d69966032f
c4b6541be58a0ca61549cd4562850315077880c459c019f01e835cf2d7b764de
GET /wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: text/css
last-modified: Fri, 04 Mar 2022 17:02:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 12133
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/quick-license-manager/js/js-agile-bootstrap.js?ver=6.2
85.187.128.60200 OK 7.4 kB URL HTTP/2 qeextension.com/wp-content/plugins/quick-license-manager/js/js-agile-bootstrap.js?ver=6.2
IP 85.187.128.60:0
File type ASCII text, with very long lines (28941), with CRLF line terminators
Hash 8e64307eaa8f1011ca54ee45420e3ece
48355a59b1d66127a9e6ca56d50d4fa98d8e38e0
34ba5c00eca35d49457ae3a7509bda9cfa7dcb3050b9776cb88d114fc3d7b1ba
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/quick-license-manager/js/js-agile-bootstrap.js?ver=6.2 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: application/javascript
last-modified: Tue, 21 Feb 2023 03:59:32 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 7380
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce-layout.css
192.0.77.37200 OK 7.0 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce-layout.css
IP 192.0.77.37:0
File type ASCII text, with very long lines (17572), with no line terminators
Hash fec453ffe5854dffc06e96317ce61e6b
9934894e3c3f2dfc70929d6b15a7526ad09d6edc
62ff4e1fdbbd3e14bad222d1bda2763385bc0297ae4904e528be5116d6a9a633
GET /p/woocommerce/7.4.0/assets/css/woocommerce-layout.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 24 Jan 2023 22:19:11 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.5
85.187.128.60200 OK 45 kB URL HTTP/2 qeextension.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.5
IP 85.187.128.60:0
File type ASCII text, with very long lines (42889)
Hash a0a18e7e0789276c6b68d8ab4fb25789
479e5b35c1b9d2124b4f573bcbb045f881be9447
597f8bc491267954b3e1f3dc9614e0d3e4a26ff8eccc3f84d6a4f3d921d028bb
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.3.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: application/javascript
last-modified: Tue, 26 Oct 2021 01:40:16 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 44725
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.5
85.187.128.60200 OK 82 kB URL HTTP/2 qeextension.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.5
IP 85.187.128.60:0
File type ASCII text, with very long lines (64270)
Hash d9340ebf741bb032c1e6d9eace232df5
95b8b721a5588e65b6d74106bf956e0bc0bbf02f
2ceb9cbaed951f50b55f1eb4d5fea8f53cd5799a2e28cd4c95f29f6a0225c653
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.3.5 HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: application/javascript
last-modified: Tue, 26 Oct 2021 01:41:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 81908
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:400%2C700%7CHanuman:400
142.250.74.74200 OK 4.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:400%2C700%7CHanuman:400
IP 142.250.74.74:0
Hash b1860be4b1428e82b6e1d371ef5c4bff
b671659158f6d1754d9e3ba14e278f8fbf133bc3
430ece8933ca200f383e2c9657f1056fba1b25cf0ba6496d2581b8f0e8af5ea0
GET /css?family=Roboto:400%2C700%7CHanuman:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 22:39:49 GMT
date: Fri, 31 Mar 2023 22:39:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/js/jquery-blockui/jquery.blockUI.min.js
192.0.77.37200 OK 7.7 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/js/jquery-blockui/jquery.blockUI.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (9111)
Hash 1c1ab82960230fd51ee5213bf96a9379
bc505185f93790b20efeca319aaa28585c8b360c
cbaaabe7e221e3c5df960c46a44ac8778d122819707dd750f358ec86f4662085
GET /p/woocommerce/7.4.0/assets/js/jquery-blockui/jquery.blockUI.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 20:34:37 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/woocommerce.min.js
192.0.77.37200 OK 3.5 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/woocommerce.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (2139), with no line terminators
Hash 410db48fbb0bb298e1d4f0249a26cff3
8b52c45f304882940d0839324eec8dfeeba87afd
185764e72045391a891db76ae7b27ffd1aa26fa5aeab2d0c460784aceea42904
GET /p/woocommerce/7.4.0/assets/js/frontend/woocommerce.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 May 2021 17:00:20 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/add-to-cart.min.js
192.0.77.37200 OK 35 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/add-to-cart.min.js
IP 192.0.77.37:0
File type HTML document, ASCII text, with very long lines (3029), with no line terminators
Hash f9ba36030c4f7ab98b1fc521378b69d5
9f779b050ed64cd857cb20ac21df615df9656793
19972c9b9028cf71578eba0057da26dc4d852bd86e2a8e1e230f70854065d30e
GET /p/woocommerce/7.4.0/assets/js/frontend/add-to-cart.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 18 Oct 2022 20:34:37 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/cart-fragments.min.js
192.0.77.37200 OK 2.0 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/js/frontend/cart-fragments.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (2938), with no line terminators
Hash f2aafa6bde95583c0c048e79f57ed355
1905bce3a2607eb2e584f2852e66785770a39b9e
a4a7d343d5575eaa020f90b2ae34d7ce3cebfb4be3588c41e130fa770b940e21
GET /p/woocommerce/7.4.0/assets/js/frontend/cart-fragments.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 23 Nov 2021 22:30:13 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/js/js-cookie/js.cookie.min.js
192.0.77.37200 OK 4.2 kB URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/js/js-cookie/js.cookie.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (1668)
Hash 6e4ebcc261095e6fc960bfd470aeb422
c84f33cde923f3a1c04bfce6c361e82802042e6c
5a94e34dad298f40d9021b16920fb5e909412d3944aba320884bbcafcdd08de2
GET /p/woocommerce/7.4.0/assets/js/js-cookie/js.cookie.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 19 Jan 2021 23:55:30 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0.wp.com/c/6.2/wp-includes/js/jquery/ui/core.min.js
192.0.77.37200 OK 17 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/jquery/ui/core.min.js
IP 192.0.77.37:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash a746c5b7cbaaa3db52a34a0f42e86de8
43d156ef2af2bc4ba5df98c3268072b008fe7368
130b183f61c14de1c4e9e382932697082c56b630f34329022e5fdefb5d95e6aa
GET /c/6.2/wp-includes/js/jquery/ui/core.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:23 GMT
expires: Wed, 27 Mar 2024 10:31:23 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 302907
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0.wp.com/c/6.2/wp-includes/js/underscore.min.js
192.0.77.37200 OK 7.5 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/underscore.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (18798)
Hash 6f431d31ed112829691975e129ca68ed
a94e9bcc213d2dacf6fda1cb24824a4a45042498
cb4043455940e640a0bcad060b23f95e370cc37da79808ddc8d1aa01132d6a30
GET /c/6.2/wp-includes/js/underscore.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 27 Sep 2022 15:18:25 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/jquery/ui/tabs.min.js
192.0.77.37200 OK 16 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/jquery/ui/tabs.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (11760)
Hash 1d422b7e158ceef6abefbe2b6567ed2b
eed38a046924c9393304052b4d0aac13381bba04
d3cd14f68cc708b80dbcd4242b06ef25a09e924a5188b73b9775c9b2adb8ddac
GET /c/6.2/wp-includes/js/jquery/ui/tabs.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Mon, 19 Sep 2022 18:04:09 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:10 GMT
expires: Wed, 27 Mar 2024 10:31:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 302920
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/api-request.min.js
192.0.77.37200 OK 1.4 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/api-request.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (988)
Hash 0ccacad7a525a6655c965da9e2302fbd
690a918c1925140c6b6baaf3066d2bad5c3716f1
6f0c2edeb5217436fc7847e6149713e05eaf060aaa070223f9017bbeefecd4a2
GET /c/6.2/wp-includes/js/api-request.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 08 Apr 2022 20:07:18 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/hanuman/v22/VuJxdNvD15HhpJJBSKrdObFn.woff2
142.250.74.35200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/hanuman/v22/VuJxdNvD15HhpJJBSKrdObFn.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 37636, version 1.0\012- data
Hash d2fafd0b5120900226fa32708ddc8fa3
6902ee53a8b19aa0392946e34e17fce5046e2346
7ee180b81085dd71870dba2646e06bcd4e599aaeb7931c293cc0a1d08f315126
GET /s/hanuman/v22/VuJxdNvD15HhpJJBSKrdObFn.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37636
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 05:19:02 GMT
expires: Thu, 28 Mar 2024 05:19:02 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 16:45:35 GMT
content-type: font/woff2
age: 235248
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15752, version 1.0\012- data
Hash b20371a6daf29d4a1f2e85dbbf40fb20
0355a01c1ccb45cb728e7e07c41c8ebf456f70bb
7e262106f82cc52663e403f5b73795bbeab9ca0630c33c03579354fbcd4fae1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15752
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:58 GMT
expires: Wed, 27 Mar 2024 10:31:58 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
age: 302872
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/wp-util.min.js
192.0.77.37200 OK 8.4 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/wp-util.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (1391)
Hash 4f05cb95ab6e00d6dc92ad6dce93bf81
6b40247713aae6e0e1e33f5c579d3618c4acfef7
867a8f69b5ee0a3a4497f3878fcf99a663c2fe8c7c6f0ddc9ad347ce682e649f
GET /c/6.2/wp-includes/js/wp-util.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 20 Sep 2022 03:52:10 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Hanuman:700&subset=khmer&display=swap&ver=1647198288
142.250.74.74200 OK 10 kB URL HTTP/2 fonts.googleapis.com/css?family=Hanuman:700&subset=khmer&display=swap&ver=1647198288
IP 142.250.74.74:0
Hash b0b97570a9fdbf0ba0163feadbf2d07b
5a4ebc0139c4d4c26315cff5fc470e2890e83e26
3eceba597654f826319566b8cc5ed66c0eb63912309657d75a921d16d2affc7b
GET /css?family=Hanuman:700&subset=khmer&display=swap&ver=1647198288 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 22:39:49 GMT
date: Fri, 31 Mar 2023 22:39:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LIVGZCNc.woff2
142.250.74.35200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LIVGZCNc.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 36356, version 1.0\012- data
Hash 00b0721a74e7ee2f9a30a5121f265f44
d94579d7df75eeaa8293fa7e88a1df86a66d272d
09957d178c1bf083123e858ce0cbe08ddc33724b98b3e3f05bcdf926a8411897
GET /s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LIVGZCNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 36356
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Mar 2023 07:03:27 GMT
expires: Fri, 29 Mar 2024 07:03:27 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 16:51:33 GMT
content-type: font/woff2
age: 142583
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stats.wp.com/e-202313.js
192.0.76.3200 OK 14 kB IP 192.0.76.3:0
File type ASCII text, with very long lines (2690)
Hash 90c5e54d6fb3f11a55f3540021f21fb2
92eb220dbb89b09216ee8f4813885beccbef698a
6f6d47e58e97ff0d4fe673d2d77f0ef400dc4a44395535f525dfcd31fc04dd63
GET /e-202313.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 25 Mar 2024 05:36:17 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:17 GMT
expires: Wed, 27 Mar 2024 10:31:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 302913
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
142.250.74.35200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 35904, version 1.0\012- data
Hash c26b97e7f5bb7a34d190703522d75e16
69d9e5aea0544dbaf9b78c1b65139c03eceece8f
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
GET /s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35904
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:36:08 GMT
expires: Wed, 27 Mar 2024 10:36:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
content-type: font/woff2
age: 302622
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/odormeanchey/v27/raxkHiKDttkTe1aOGcJMR1A_4lrU0TukKQ.woff2
142.250.74.35200 OK 38 kB URL HTTP/2 fonts.gstatic.com/s/odormeanchey/v27/raxkHiKDttkTe1aOGcJMR1A_4lrU0TukKQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 37864, version 1.0\012- data
Hash 44adb5165941c9ed2dd45b71de72eee4
67883ffff21eb8604ada239b7742b61d380cc13a
025d635dcdc5fa3162786b0f143eb16de2a51a1ba4c1e15328866cf16f3d51bf
GET /s/odormeanchey/v27/raxkHiKDttkTe1aOGcJMR1A_4lrU0TukKQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 37864
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 13:19:39 GMT
expires: Sat, 30 Mar 2024 13:19:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 09 May 2022 20:10:04 GMT
content-type: font/woff2
age: 33611
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LI5GZA.woff2
142.250.74.35200 OK 11 kB URL HTTP/2 fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LI5GZA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 11364, version 1.0\012- data
Hash 15e2ff0b0f141b528ddb5fcb545cd3aa
0f603412d3a742622d7d3d7e66ce89273b72a718
7e26866cfacd2f6e74837a40f926906c01b54f83a75f9b54fa0640170b493c35
GET /s/hanuman/v22/VuJ0dNvD15HhpJJBQBr4LI5GZA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11364
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Mar 2023 10:00:34 GMT
expires: Thu, 28 Mar 2024 10:00:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 16:40:41 GMT
content-type: font/woff2
age: 218356
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQCL6LIVGZCNc.woff2
142.250.74.35200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/hanuman/v22/VuJ0dNvD15HhpJJBQCL6LIVGZCNc.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 35936, version 1.0\012- data
Hash 3594bbd2ad277b729b1e97bb08839d70
bef502c40c7b913698674a2de721ca3b57dd751d
b7d3802965b966d9da3b3322c016f200a1c011450fc03774a23cc7c212f278a4
GET /s/hanuman/v22/VuJ0dNvD15HhpJJBQCL6LIVGZCNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qeextension.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: font/woff2
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35936
date: Fri, 31 Mar 2023 22:39:50 GMT
expires: Sat, 30 Mar 2024 22:39:50 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 21 Apr 2022 16:51:28 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pixel.wp.com/g.gif?v=ext&blog=203172265&post=227&tz=7&srv=qeextension.com&j=1%3A11.8.4&host=qeextension.com&ref=&fcp=3047&rand=0.7540433144031988
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&blog=203172265&post=227&tz=7&srv=qeextension.com&j=1%3A11.8.4&host=qeextension.com&ref=&fcp=3047&rand=0.7540433144031988
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&blog=203172265&post=227&tz=7&srv=qeextension.com&j=1%3A11.8.4&host=qeextension.com&ref=&fcp=3047&rand=0.7540433144031988 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:50 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
i0.wp.com/qeextension.com/wp-content/uploads/2021/01/QE_logowith_text.png?fit=562%2C150&ssl=1
192.0.77.2200 OK 13 kB URL HTTP/2 i0.wp.com/qeextension.com/wp-content/uploads/2021/01/QE_logowith_text.png?fit=562%2C150&ssl=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash e4a45b5b5bc0b299e2a97966b6c8e961
ec6e16255b88148fe2799e708c88e97158501a34
5c6f1a175d2ff5b93d58ce45c34cc7062c64e2630fa5201d2e08b3ef43143e33
GET /qeextension.com/wp-content/uploads/2021/01/QE_logowith_text.png?fit=562%2C150&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:50 GMT
content-type: image/webp
content-length: 12744
last-modified: Fri, 31 Mar 2023 22:39:50 GMT
expires: Mon, 31 Mar 2025 10:39:50 GMT
cache-control: public, max-age=63115200
link: <https://qeextension.com/wp-content/uploads/2021/01/QE_logowith_text.png>; rel="canonical"
x-content-type-options: nosniff
etag: "241d8cbf138aa4aa"
vary: Accept
x-nc: MISS arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
192.0.77.37200 OK 191 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (8171), with no line terminators
Size 191 kB (190829 bytes)
Hash 8a0cd70ff8419c723ae45135f2e009f8
72c8cf1582cac9992f781a25b86ddc4ada6f64dd
9af72344935855cf0dbcf5058111180f9abe3eab4eee0dd942e8a0a718fa64cf
GET /c/6.2/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Fri, 31 Mar 2023 22:05:12 GMT
expires: Sat, 01 Apr 2023 00:05:12 GMT
cache-control: public, max-age=7200
age: 2079
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 02303126c6c390b3c06593625186f4bf
1b71c1b9a6e5c84536de78021f94f87424579298
2cffed5b6470da73dc57dd9c5c7a5683e83f0e947eb63fbd8a8e226b18192a76
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6043
Cache-Control: max-age=166811
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:51 GMT
Etag: "64273237-1d7"
Expires: Sun, 02 Apr 2023 21:00:02 GMT
Last-Modified: Fri, 31 Mar 2023 19:19:19 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 28 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64347)
Hash 7716e124e19760049484d1bcde4a8af2
51d50c9e9b7fc658c1316d1844418cee0baffa2a
fa7968a9a888e1a6dc6ac6126b8edd6e73974c2b0629f669bfb74916f0e7d534
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: Aazbd1yfi0xzwIRoDUaJfRSjZOIwuXWJF0/pi+kQU7XzILgaAWVXRSsabIDsRcyRFctTWRECOO8j7J2LVony7g==
content-length: 27909
x-fb-trip-id: 1904183273
date: Fri, 31 Mar 2023 22:39:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 02303126c6c390b3c06593625186f4bf
1b71c1b9a6e5c84536de78021f94f87424579298
2cffed5b6470da73dc57dd9c5c7a5683e83f0e947eb63fbd8a8e226b18192a76
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6043
Cache-Control: max-age=166811
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:51 GMT
Etag: "64273237-1d7"
Expires: Sun, 02 Apr 2023 21:00:02 GMT
Last-Modified: Fri, 31 Mar 2023 19:19:19 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i0.wp.com/qeextension.com/wp-content/uploads/2021/03/Screenshot-2021-03-19-144614.png?resize=525%2C377
192.0.77.2200 OK 51 kB URL HTTP/2 i0.wp.com/qeextension.com/wp-content/uploads/2021/03/Screenshot-2021-03-19-144614.png?resize=525%2C377
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 9911860ec6e4bdcb7a172b137844158e
a733151012ae9586bbe9bf57f4242357ecc835cf
8336dee444e90b4d68cc3812fa12133e9ca51dcbe1eccbdf24f0d95bb9a6e8bf
GET /qeextension.com/wp-content/uploads/2021/03/Screenshot-2021-03-19-144614.png?resize=525%2C377 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:51 GMT
content-type: image/webp
content-length: 50900
last-modified: Fri, 31 Mar 2023 22:39:51 GMT
expires: Mon, 31 Mar 2025 10:39:51 GMT
cache-control: public, max-age=63115200
link: <http://qeextension.com/wp-content/uploads/2021/03/Screenshot-2021-03-19-144614.png>; rel="canonical"
x-content-type-options: nosniff
etag: "743868d7e09a7069"
vary: Accept
x-nc: MISS arn 8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=1014793545691021&ev=PageView&dl=https%3A%2F%2Fqeextension.com%2F&rl=&if=false&ts=1680302390565&sw=1280&sh=1024&v=2.9.100&r=stable&a=wordpress-6.2-3.0.8&ec=0&o=30&cs_est=true&fbp=fb.1.1680302390564.1755316072&it=1680302390267&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=1014793545691021&ev=PageView&dl=https%3A%2F%2Fqeextension.com%2F&rl=&if=false&ts=1680302390565&sw=1280&sh=1024&v=2.9.100&r=stable&a=wordpress-6.2-3.0.8&ec=0&o=30&cs_est=true&fbp=fb.1.1680302390564.1755316072&it=1680302390267&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=1014793545691021&ev=PageView&dl=https%3A%2F%2Fqeextension.com%2F&rl=&if=false&ts=1680302390565&sw=1280&sh=1024&v=2.9.100&r=stable&a=wordpress-6.2-3.0.8&ec=0&o=30&cs_est=true&fbp=fb.1.1680302390564.1755316072&it=1680302390267&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 31 Mar 2023 22:39:51 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:35 GMT
expires: Wed, 27 Mar 2024 10:31:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 302897
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:03 GMT
expires: Wed, 27 Mar 2024 10:31:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 302929
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
i0.wp.com/qeextension.com/wp-content/plugins/revslider/public/assets/assets/transparent.png?w=525&is-pending-load=1
192.0.77.2200 OK 44 B URL HTTP/2 i0.wp.com/qeextension.com/wp-content/plugins/revslider/public/assets/assets/transparent.png?w=525&is-pending-load=1
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash a27eb91ec0fd0f7028df161ed1a850aa
d81e96b0f1596a2ecf29d2af842545641e7896d6
59838aba3221fe69d2e4d7acf254576c6937b3e6d3a4d78c9baa702f63668b3b
GET /qeextension.com/wp-content/plugins/revslider/public/assets/assets/transparent.png?w=525&is-pending-load=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:52 GMT
content-type: image/webp
content-length: 44
last-modified: Fri, 31 Mar 2023 22:39:52 GMT
expires: Mon, 31 Mar 2025 10:39:52 GMT
cache-control: public, max-age=63115200
link: <http://qeextension.com/wp-content/plugins/revslider/public/assets/assets/transparent.png>; rel="canonical"
x-content-type-options: nosniff
etag: "cd3f74bf081f22f9"
vary: Accept
x-nc: MISS arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b659ba21b71473d2f3b2d4aa16e37f06
bb64d95a2d25e7fa9c2577e16d7be664816bdb94
5220ed8dd94613cf15ac539ad97b9fbe9b47e19c68d3873f48f837a291039325
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 30 kB IP 142.250.74.131:0
Hash 40d86ddcca7cd7a5b7eb037db1f5831b
b0707c00b71e8a5446ee88a39a197ad5e69a609b
af335dac9cc7da5fb393d39b9d8820fdc267dfd6dc1d3cb4cca0a676afa7326c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
142.250.74.38200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 142.250.74.38:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 22:35:12 GMT
expires: Fri, 31 Mar 2023 22:50:12 GMT
cache-control: public, max-age=900
age: 281
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.2302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.2:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 31 Mar 2023 22:39:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.2302 Found 30 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.2:0
Hash 0d902cd32e46783f50bcce94b319c4e9
5b4a4343f5c4ebc473a174152c8d009f6e3bcf82
9f6e8f37902c9ccd2cf395fc04d9f4cf927bc6c4774868275d1836e087a2883d
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 31 Mar 2023 22:39:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b659ba21b71473d2f3b2d4aa16e37f06
bb64d95a2d25e7fa9c2577e16d7be664816bdb94
5220ed8dd94613cf15ac539ad97b9fbe9b47e19c68d3873f48f837a291039325
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i0.wp.com/qeextension.com/wp-content/uploads/2021/03/91374-Copy-1.png?resize=525%2C305
192.0.77.2200 OK 46 kB URL HTTP/2 i0.wp.com/qeextension.com/wp-content/uploads/2021/03/91374-Copy-1.png?resize=525%2C305
IP 192.0.77.2:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b48658b940cfd0a31e73953da206c9ed
70cca96f1f5ba111e16fb16ec8c30369de0abc50
ce7a43fb1dff6201cf3c86963d81d6ea265d422f4195b1a2462f0f826b5a608f
GET /qeextension.com/wp-content/uploads/2021/03/91374-Copy-1.png?resize=525%2C305 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:54 GMT
content-type: image/webp
content-length: 45992
last-modified: Fri, 31 Mar 2023 22:39:54 GMT
expires: Mon, 31 Mar 2025 10:39:54 GMT
cache-control: public, max-age=63115200
link: <http://qeextension.com/wp-content/uploads/2021/03/91374-Copy-1.png>; rel="canonical"
x-content-type-options: nosniff
etag: "1bd295bd36cdb92e"
vary: Accept
x-nc: MISS arn 4
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 31 Mar 2023 22:39:55 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
216.58.207.202200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 216.58.207.202:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 84555ea4a8ccb663cb9a1fd85e1d0797
9fbe71c261b344c720bbec1b76644108b7fffaec
7337fee612bad4289518242f14c493a1079cdb17e86a844a1f7885d6210f3ee0
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 31 Mar 2023 22:39:55 GMT
server: ESF
cache-control: private
content-length: 31298
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 741a2f47aab81a2c7ed0fadaa1fa74e3
be34e0df4a5f272589a017ce77ece974d890f27c
4ea1737c8246072ea1072314ae684c1f7e518a81a5200c46374e47378bfb6b63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/09QSY-CUWkp9sd11ZUAJFeGr74Rau5wFI3HTYCOPMRs.js
142.250.74.132200 OK 14 kB URL HTTP/2 www.google.com/js/th/09QSY-CUWkp9sd11ZUAJFeGr74Rau5wFI3HTYCOPMRs.js
IP 142.250.74.132:0
File type ASCII text, with very long lines (36056)
Hash 91f33730e67e53c07fc9f1a051dcf0bc
bfa02f031e34fc25f4cc35bfcf7f194d5a306630
d264f134546c3036352d36ecad736309d84839740f7dc74052d185d12a380639
GET /js/th/09QSY-CUWkp9sd11ZUAJFeGr74Rau5wFI3HTYCOPMRs.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14271
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 31 Mar 2023 05:04:49 GMT
expires: Sat, 30 Mar 2024 05:04:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 20 Mar 2023 09:30:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 63306
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash acc41e80951534174d58e49379c02091
4158092d3bc68a0c970e006c2e41796ca0d2b823
6b89f21ed802b8d05e9ee4d3f551f9c947eddc97135e67a9aa635983f9eb9532
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi/PfRm6lm0aAM/default.jpg
142.250.74.86200 OK 32 kB URL HTTP/2 i.ytimg.com/vi/PfRm6lm0aAM/default.jpg
IP 142.250.74.86:0
Hash 9478bd16f980c8faf790fb9c4f03a47b
e970b1a3a1653e1e4ee5066d5488187fa67eab68
b7471e74f01d2498021667f24e03893c08c196c2f4e3094ba2b9412d095836b7
GET /vi/PfRm6lm0aAM/default.jpg HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
timing-allow-origin: *
content-length: 1465
date: Fri, 31 Mar 2023 22:39:55 GMT
expires: Sat, 01 Apr 2023 00:39:55 GMT
cache-control: public, max-age=7200
etag: "1603711443"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash acc41e80951534174d58e49379c02091
4158092d3bc68a0c970e006c2e41796ca0d2b823
6b89f21ed802b8d05e9ee4d3f551f9c947eddc97135e67a9aa635983f9eb9532
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0a48144d6cda73ca7d9de96dd6a73409
d6892e6fb892edaab9a53eb240de03553efa3cb1
0da835f0eafe277c7480efdfd80f52d73aeab2894db42827c120423bb7a187be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0.wp.com/c/6.2/wp-includes/js/dist/i18n.min.js
192.0.77.37200 OK 3.7 kB URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/dist/i18n.min.js
IP 192.0.77.37:0
Hash f7e6a7f7d45d18d4e5799e42e94458bc
4c4cbf5557dc2c72fbed876be111d1e9224bc49f
56054ca7dd44e3ebda43d48b6ec49c42730ee3b1cd9b65c8efa24223e128a0f9
GET /c/6.2/wp-includes/js/dist/i18n.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1e5dbb1-cba2-4500-9086-8f86460069ae.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1e5dbb1-cba2-4500-9086-8f86460069ae.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cfbc0c97bcd9123d224a861041b4bf8b
3703d612c4cd2eba9bf0d1ff51f18b82b0b56f2e
f20466a2a79c2ca459f0bc81ba3172b4ec299afd9238740f63974230e8d6bba3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1e5dbb1-cba2-4500-9086-8f86460069ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5035
x-amzn-requestid: 51fdff0b-5db9-4cc2-a09d-83ef5c9ce4dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm8FHMqoAMFRmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e6-3ebcdf7878b4481f599fac7f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: -Z8Nlb1yG4JUPwIzL-d_S113F8l6J9qvNpkF842e6KKuO24RQVyRYw==
via: 1.1 fb2e3e161147dc940086f9545b8e0e4a.cloudfront.net (CloudFront), 1.1 adc2002956acc4d61bfbf3b973fdf246.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 22:02:03 GMT
age: 2272
etag: "3703d612c4cd2eba9bf0d1ff51f18b82b0b56f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yt3.ggpht.com/ytc/AL5GRJV_IQyVOBw0cC_n0mPb7ML4F6mJNIXSGwaUmu_6=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.7 kB URL HTTP/2 yt3.ggpht.com/ytc/AL5GRJV_IQyVOBw0cC_n0mPb7ML4F6mJNIXSGwaUmu_6=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 45c6240088c0189ea7da0a828e5007c3
c903327023ed4b5a028913b226cba097363e28fd
862f791ac160bf6226926c1a3b870e6f3a4bfb92020dc6539197bc2abc4578ba
GET /ytc/AL5GRJV_IQyVOBw0cC_n0mPb7ML4F6mJNIXSGwaUmu_6=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
etag: "v72"
expires: Sat, 01 Apr 2023 22:39:56 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.jpg"
content-type: image/jpeg
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
date: Fri, 31 Mar 2023 22:39:56 GMT
server: fife
content-length: 3687
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0a48144d6cda73ca7d9de96dd6a73409
d6892e6fb892edaab9a53eb240de03553efa3cb1
0da835f0eafe277c7480efdfd80f52d73aeab2894db42827c120423bb7a187be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 31 Mar 2023 22:39:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qeextension.com/wp-content/uploads/2020/02/loader-1-6.gif
85.187.128.60200 OK 31 kB URL HTTP/2 qeextension.com/wp-content/uploads/2020/02/loader-1-6.gif
IP 85.187.128.60:0
File type gzip compressed data, max compression\012- data
Hash 89738e735fc0b215efb39e463a9b00f7
e0fc440307030881c6506b9c353f2dc4be003763
e47c35e33dd4e1d48e85d27650c1d03edfbab2a37f9ee7ced33ab807fdaefb41
GET /wp-content/uploads/2020/02/loader-1-6.gif HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: max-age=604800, public
expires: Fri, 07 Apr 2023 22:39:49 GMT
content-type: image/gif
last-modified: Wed, 22 Jun 2022 10:00:10 GMT
accept-ranges: bytes
content-length: 280851
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F365dc310-6867-454a-8e83-d6a28e4bc177.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F365dc310-6867-454a-8e83-d6a28e4bc177.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f992b95cc46e20672fed03dc4a3f8a7a
944f46cbcfaf9335466bfd1b23c5ef57a3503cd1
b7ee66b81aa60b9a5d8976b9e36161899aa03fab4676d44de21789231b18f658
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F365dc310-6867-454a-8e83-d6a28e4bc177.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10885
x-amzn-requestid: 129c4e54-5f31-45ab-bd0c-0ca20d561503
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NFNWoAMFXcA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-25d9470c2225c57512a18cd6;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: BbXG1JbDaAKexpnLt_k5-r58dMSwWvF1HL7wfYqdWVIYvF6qsy1UTA==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:48:12 GMT
age: 3104
etag: "944f46cbcfaf9335466bfd1b23c5ef57a3503cd1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.46200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.46:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Fri, 31 Mar 2023 22:39:51 GMT
date: Fri, 31 Mar 2023 22:39:51 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=KBJTM02uL00; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=FYPTQg8-g50; Domain=.youtube.com; Expires=Wed, 27-Sep-2023 22:39:51 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+914; expires=Sun, 30-Mar-2025 22:39:51 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/dist/api-fetch.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/dist/api-fetch.min.js
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/dist/api-fetch.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 15:12:47 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/dist/vendor/regenerator-runtime.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/p/jetpack/11.8.4/css/jetpack.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/jetpack/11.8.4/css/jetpack.css
IP 192.0.77.37:0
GET /p/jetpack/11.8.4/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Wed, 15 Feb 2023 21:41:23 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/jquery/jquery.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/jquery/jquery.min.js
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
qeextension.com/
85.187.128.60200 OK 0 B IP 85.187.128.60:0
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: qeextension.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/8.0.28
content-type: text/html; charset=UTF-8
link: <https://qeextension.com/wp-json/>; rel="https://api.w.org/", <https://qeextension.com/wp-json/wp/v2/pages/227>; rel="alternate"; type="application/json", <https://qeextension.com/>; rel=shortlink
content-encoding: br
vary: Accept-Encoding
date: Fri, 31 Mar 2023 22:39:49 GMT
server: LiteSpeed
strict-transport-security: max-age=63072000; includeSubDomains
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Hanuman:400|Montserrat:100
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Hanuman:400|Montserrat:100
IP 142.250.74.74:0
GET /css?family=Hanuman:400|Montserrat:100 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 22:39:49 GMT
date: Fri, 31 Mar 2023 22:39:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce-smallscreen.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/woocommerce/7.4.0/assets/css/woocommerce-smallscreen.css
IP 192.0.77.37:0
GET /p/woocommerce/7.4.0/assets/css/woocommerce-smallscreen.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:50 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 16 Feb 2021 23:11:32 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:50 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/js/dist/url.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/js/dist/url.min.js
IP 192.0.77.37:0
GET /c/6.2/wp-includes/js/dist/url.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 07 Feb 2023 07:04:52 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.2/wp-includes/css/dist/block-library/style.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.2/wp-includes/css/dist/block-library/style.min.css
IP 192.0.77.37:0
GET /c/6.2/wp-includes/css/dist/block-library/style.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
content-encoding: br
expires: Sat, 30 Mar 2024 22:39:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
stats.wp.com/s-202313.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /s-202313.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 31 Mar 2023 22:39:49 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"62f6b688-2494"
content-encoding: br
expires: Mon, 25 Mar 2024 16:24:11 GMT
cache-control: max-age=31536000
x-nc: HIT arn
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CHanuman%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7COdor+Mean+Chey%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CNunito%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CHanuman%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7COdor+Mean+Chey%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CNunito%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2
IP 142.250.74.74:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CHanuman%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7COdor+Mean+Chey%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CNunito%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qeextension.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 31 Mar 2023 22:39:49 GMT
date: Fri, 31 Mar 2023 22:39:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2