Overview

URL thequeensescape.com/quiaut/charts-459145349.zip
IP108.167.140.136
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-09-06 20:27:07 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-06 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-09-06 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-09-06 2 thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style. (...) Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2 Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2 Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7 Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2 Malware
2022-09-06 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gute (...) Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css (...) Malware
2022-09-06 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js Malware
2022-09-06 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads (...) Malware
2022-09-06 2 thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont (...) Malware
2022-09-06 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (21)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-06 04:43:30 UTC 52.41.98.34
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-06 17:28:25 UTC 142.250.74.174
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-06 08:08:24 UTC 34.120.237.76
mnemonic passive DNS stats.wp.com (1) 2711 2017-01-30 05:06:59 UTC 2022-09-06 05:57:08 UTC 192.0.76.3
mnemonic passive DNS snapwidget.com (10) 52354 2012-07-20 15:48:14 UTC 2022-09-06 16:28:50 UTC 172.67.75.33
mnemonic passive DNS bam.nr-data.net (1) 630 2015-02-10 00:06:27 UTC 2022-09-06 04:42:37 UTC 162.247.241.14
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-06 14:05:23 UTC 143.204.55.115
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-06 04:40:31 UTC 34.117.237.239
mnemonic passive DNS ocsp.pki.goog (8) 175 2017-06-14 07:23:31 UTC 2022-09-06 04:40:10 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-06 18:21:11 UTC 142.250.74.10
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-06 04:40:06 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-09-06 05:02:47 UTC 151.101.86.137
mnemonic passive DNS scontent.cdninstagram.com (9) 1107 2015-03-24 22:31:41 UTC 2022-09-06 14:02:39 UTC 31.13.72.53
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-06 04:39:59 UTC 31.13.72.36
mnemonic passive DNS r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-09-06 04:41:22 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-06 05:16:49 UTC 143.204.55.25
mnemonic passive DNS thequeensescape.com (19) 0 2019-11-03 19:43:31 UTC 2022-09-06 20:18:29 UTC 108.167.140.136 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (7) 86 2012-05-21 07:02:23 UTC 2022-09-06 12:27:00 UTC 93.184.220.29
mnemonic passive DNS static.xx.fbcdn.net (9) 661 2012-12-01 13:12:13 UTC 2022-09-06 04:43:21 UTC 31.13.72.12
mnemonic passive DNS pixel.wp.com (1) 2545 2017-01-30 05:31:40 UTC 2022-09-06 05:49:55 UTC 192.0.76.3
mnemonic passive DNS c0.wp.com (5) 6988 2018-09-24 15:59:05 UTC 2022-09-06 07:00:20 UTC 192.0.77.37


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 108.167.140.136

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-09 13:25:59 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-12-09 11:56:45 +0000
0 - 0 - 2 terramarbrands.com/online/30919f63d59c9452b74 (...) 162.241.103.53
2022-12-09 11:56:44 +0000
0 - 0 - 2 terramarbrands.com/online/5e794a1f0c590897c4e (...) 162.241.103.53
2022-12-09 11:56:43 +0000
0 - 0 - 2 terramarbrands.com/online/7d307ad0420da6fd72a (...) 162.241.103.53
2022-12-09 11:40:54 +0000
18 - 0 - 33 delivery.imaginedbyjess.co/public/smx4uzwh771 (...) 192.232.249.125
2022-12-09 11:39:53 +0000
0 - 0 - 3 souriquinho.com.br/uial/index.php?QBOT.zip 162.241.2.239

Last 5 reports on domain: thequeensescape.com

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-09 13:25:59 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-09 13:25:59 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136


JavaScript

Executed Scripts (44)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (94)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A0577A8FCFA81B3F86D99566EB4429655B93A238FFD1A3752BC9AAE3D969DEEA"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5683
Expires: Tue, 06 Sep 2022 22:01:39 GMT
Date: Tue, 06 Sep 2022 20:26:56 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 20:04:26 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: AcacPT7N6TWoN48qje4P0-Xt8kJM384u-NMs48y6BBCtgUvxsVXRwA==
Age: 1350


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    b593eb39329cfe060d55be5e4a5405e2
Sha1:   78e46c1028e9f94f8569303ad2d90d7df13a059a
Sha256: 08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xJEFSg0NtE_l9dFIV-8KZ1SjGHdDiWEf3FbXNRLS0UV0fEvJqtNGcA==
age: 69099
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         108.167.140.136
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 06 Sep 2022 20:26:55 GMT
Server: Apache
Expires: Tue, 06 Sep 2022 21:26:56 GMT
Cache-Control: max-age=3600
X-Redirect-By: redirection
Upgrade: h2,h2c
Connection: Upgrade
Location: https://thequeensescape.com/quiaut/charts-459145349.zip
Content-Length: 0


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:56 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F3BA628A2C14E6B3294A3C3266A98355FCC77CF6C9E2926E4EDA14E8AB71F4C7"
Last-Modified: Tue, 06 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21572
Expires: Wed, 07 Sep 2022 02:26:28 GMT
Date: Tue, 06 Sep 2022 20:26:56 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.115
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 19:38:19 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 19:42:43 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: rM9RO0_BJuBILjw9ot7QTA2X_DmIlCY9bRNg38dyVWzLU9macpB7Eg==
Age: 2918


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3649
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:56 GMT
Last-Modified: Tue, 06 Sep 2022 19:26:07 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         108.167.140.136
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thequeensescape.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 14794
date: Tue, 06 Sep 2022 20:26:56 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18721), with CRLF, LF line terminators
Size:   14794
Md5:    b531027b6a98cf9ef6cea1483f9c7141
Sha1:   1cb9ffe1ec893e98ced0f95788157725827d0a37
Sha256: 53b74efb7e755194befc97e19987c631ead5556b8d89d36b62fbadc2f5c895ad

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 07OQsOE2ClSCgK5SlovYuQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         52.41.98.34
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: d90bh2v8ZghA5DWV3AC1fASjToM=

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 01 Sep 2022 14:10:25 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16887
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   16887
Md5:    a195eb15b604d4705bd7a976cebcdb86
Sha1:   5665ff38c79c355f9cb38c7121527f608aca24dd
Sha256: 749920650adafc47ca4797ddf504c7d3312891ebdc0cdc61a950ca7ac195bc00

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 801
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   801
Md5:    3fcce85c25147b034d9b34ef0bb102c7
Sha1:   537ac2b5708750fd6694a4ab63ba03efca2a112f
Sha256: b25b8dc638fa4582ffa4617a3e77fab6ea2a69452162514f5c973b827976659a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /css?family=Playfair+Display%3A400%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 20:26:57 GMT
date: Tue, 06 Sep 2022 20:26:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            GET /wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7524
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  troff or preprocessor input, ASCII text, with very long lines (372)
Size:   7524
Md5:    425b9c5bb524774d7f30160c36771785
Sha1:   af60c1059fb990e6e86ff744f9c286e78f9966e8
Sha256: a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/style.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15480
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1145), with CRLF line terminators
Size:   15480
Md5:    03ab0bbdbc9cfde2ca00b2024a19f6f0
Sha1:   037f754bac6aaad7b44e62c0605e8ac6f8e2e88c
Sha256: 5515d8de0d37d1a9cbe4d1181a8c08a415411aa91aaa3b7cc99adac3bc7835f8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 464
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   464
Md5:    fec0675d238ab63f20af3798679ee257
Sha1:   fecccd03ed91c3755f6c4ce1564682ad6065958b
Sha256: 6a3384ea7d5c54d405f6f63fe7ff8ccc550f2644670dd31a077653dbd0a18750

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.59 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 155
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   155
Md5:    3940cb443469d5cc737f18bcb99ba882
Sha1:   7787f5b35bce9bd1abf13949bb0a0b4c611eec8f
Sha256: 0c181007406a290193553dc3177b342b85140bc92c9cb8a3026d5f0fd9b22e21

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 399
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   399
Md5:    626de1992de89bc6a753723ac232ec2f
Sha1:   d72ab26603b7bc512e424e4a6791098d0f1cf451
Sha256: fb52056de07749e6bcddb97b622780deabfe852a4058216724600b01190b6eff

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2774
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2774
Md5:    a9a04336d6412016b1c3398521d3de2c
Sha1:   071d301c2966d68abbf364e94b8acbecdbf350a3
Sha256: 5a5ea7abafc8c05557d4c717463a4995529b5c22d61d03d57af226898e4bc2ef
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   66
Md5:    35f69e2dd0d86627f53cb0eacfa6f4a5
Sha1:   c2d482462450addcd50d03b0704ef023150c8c80
Sha256: 932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.59 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   66
Md5:    35f69e2dd0d86627f53cb0eacfa6f4a5
Sha1:   c2d482462450addcd50d03b0704ef023150c8c80
Sha256: 932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5321
Md5:    710f8b142ea44c0682dc2c30f318f065
Sha1:   49144e9b3a76d3d383b1d4359cf7a25e947f4233
Sha256: 708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5150
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10620), with CRLF line terminators
Size:   5150
Md5:    1d8c9a1d5e603072bc8944c95fae6bd4
Sha1:   a679a7559e82184333423161a9487b7a10d8a787
Sha256: 613da5ea52bc16ed442cc77ec65f1987f1f51fed15489025bd08d710fadc9dbe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /g.gif?v=ext&j=1%3A11.2&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=1737&rand=0.4993068498775267 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.76.3
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Wed, 06 Sep 2023 20:26:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4466
Md5:    e3c8db40786fc62bf06a44a51f37cc01
Sha1:   8aa36c36d6265fbcc70f327b0d38f4fdf018d477
Sha256: 8dfd9beed1ec775601d303f49d6a9ff0d6fca4d186f286b77b9be6c88b3593dd
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
age: 42956
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:14:36 GMT
expires: Tue, 05 Sep 2023 21:14:36 GMT
cache-control: public, max-age=31536000
age: 83541
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Size:   35764
Md5:    60f23230f1a8d5c3b7d25b73f5b5ce23
Sha1:   ed08ada85d017893b9bcb8224e99154c6708f5d2
Sha256: 22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"62f0b6c4-5452"
last-modified: Mon, 08 Aug 2022 07:09:56 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1168517
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rw9E8xNmAgyu4vbTff1LbVDQIJUtj%2BxhatesFas1Rz0rnkYrT4h9EL9Q5lcQs%2BYD6RfdJbxUR11dIe9%2B1RjsFYbjkF9udblhpglGQNxLji7OGHZ0HxkovjLTnAuJvlmk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfeb7b509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21586), with no line terminators
Size:   6904
Md5:    0e82b050f45dc82a0866862f50fe402b
Sha1:   138b3525e5cf63d2d209aeb772bf5b15d588a150
Sha256: cf7e1af3e0fe555e31e5f13091dae5c096ad3c73a75fc94bd7a93fc3e76acbbb
                                        
                                            GET /images/post_type_icons.png HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/stylesheets/embed.style.min.307799cd3bc5b2ee.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: image/webp
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
content-length: 2288
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2778
content-disposition: inline; filename="post_type_icons.webp"
vary: Accept
etag: "63034179-ada"
last-modified: Mon, 22 Aug 2022 08:42:33 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 687875
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQrThkzvaoMbnvjI%2Fy3NDmr9FViGIiM8n%2Fg4RTiNU1wnPVHNAnd%2BiS7s9GLmaQvHWFalLRhiHUAcOv9Zazb0DrOOV9pA3dbSMtQxVIeZblW9tD69IIRw0n%2F2mO%2F6zV4r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14eafbeb509-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   2288
Md5:    b1be0c2f033b57b3163449e354d56c58
Sha1:   c85bc26ee45b104a8426e86d735ba37e1f2b233c
Sha256: 367635abeaa40ce11827271d48fd0ae5fa723bd00c398af5d1b8c8f6aa56d479
                                        
                                            GET /rsrc.php/v3/ys/l/0,cross/4_8X-2u0CDc.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Aug 2023 23:02:09 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: KZc887Dvnxb+Me2YGy9lcw==
x-fb-debug: 6fz6C88YLD0zrDgQWE8WbxUG/2QD+QJb5c3Bqi5EOEiYGzUgoHH9EDt5l3xqbMjKQGMAVO6FQr4s7IUQKPFUsA==
priority: u=3,i
content-length: 827
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (724)
Size:   827
Md5:    29973cf3b0ef9f16fe31ed981b2f6573
Sha1:   f22eb80b89b5e0ae9ace854aab6676d56eaef6a1
Sha256: 476822c80e0a0ee078edb7a74db59378f8b1d43d2de844e28a9e9c2f68a4c8d8
                                        
                                            GET /rsrc.php/v3iLl54/yY/l/en_US/aNjKFj6YixL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Aug 2023 03:18:59 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: p+ZoxEwcRKfrgr8kgA/16Q==
x-fb-debug: mCtcf9PLHTkSIqO5xU+7FoKtHXdlIowwP7BzCXO85B+EV0QrtccJAySH3hOLkmi0ZKCLDH3BKHwex4ndpbf7TA==
priority: u=3,i
content-length: 8358
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2905)
Size:   8358
Md5:    a7e668c44c1c44a7eb82bf24800ff5e9
Sha1:   6f2393e5cf5ef26d6a6d661b7856ffcd273a63a6
Sha256: ad110540fa27e40a9cf3de4aa42ca9632f03a622b73fe41b19f633fe81d6eaea
                                        
                                            GET /rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Aug 2023 23:54:58 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: dvWT6EJnf3PNCgYjKHSyww==
x-fb-debug: zd3gLYibMLVgTg1O+vGQKb1MUd9cBl68UbmwxABRKkyquumONApMAWSEbB1ZHfgksaB6H+t1p18knFmalg76HQ==
content-length: 338
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (327)
Size:   338
Md5:    76f593e842677f73cd0a06232874b2c3
Sha1:   25a13f79478d5a0e286a2299dca2f3b296463079
Sha256: 74dcbe026002f10b703960a500b50dabe518862e568a9e689dec7afa243fa44d
                                        
                                            GET /rsrc.php/v3/y9/r/JGf8H9KH1mW.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 06 Sep 2023 18:00:12 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Eu6M7KxDRPkREsQb3iVSPA==
x-fb-debug: MqAc4Jp2+8aL7LZlKJAbraCvKcEURp0q0RsSoBmKe7jjHyjMKuyfxH5p3qVBk2tTZvsov5TzFb7/BV4lJ40llw==
priority: u=3,i
content-length: 9040
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (9886)
Size:   9040
Md5:    12ee8cecac4344f91112c41bde25523c
Sha1:   ac8ea8f8b40bbaf2cf932ffdf67abb8b14d7ce0d
Sha256: 0558ee7b9742c0bdede937d19d585eec41b4011b9989f47264464eecb46caaa2
                                        
                                            GET /rsrc.php/v3iEpO4/yp/l/en_US/oRoYJ5VcosS.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Aug 2023 03:04:03 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: PORjSMbtqxUODG+M580KDQ==
x-fb-debug: 9k3KItzK+jyAlGUsl/EXGcRbDeLNjImcDRno3dv/GPOkIYeATdfHl02vY06eIXionZNV9G0/9BkdN/Up+tBbyw==
priority: u=3,i
content-length: 23301
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (41977)
Size:   23301
Md5:    3ce46348c6edab150e0c6f8ce7cd0a0d
Sha1:   6aea70ed9afc6f514f89c0bca5a99f04c331bc24
Sha256: 8ac7aadd7e52746a466b2721699b1430ab4360c52d4c73dab9f51a849b73857d
                                        
                                            GET /rsrc.php/v3/yV/r/oDVETVg4GJv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Sat, 02 Sep 2023 10:34:01 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 0bpo8UawH0rvYNearbkm6g==
x-fb-debug: 86y3i3sy9jjDaSwZdKwWDNfT0jhSZgIC/wO/r6UsDn/zT5AA7hVmL+J1eWzgzylntf4RiG+L/nvUQSjPsoquGQ==
priority: u=3,i
content-length: 7236
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4061)
Size:   7236
Md5:    d1ba68f146b01f4aef60d79aadb926ea
Sha1:   c6b4703c25d07fd2363e5d67d11e4846d9979b26
Sha256: abbff04acf96f39a3121ed97505b5a23cbeee9057dd7040c58c4e423c899805d
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 29 Aug 2023 21:51:15 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: FvCDsjtWXbnS8g0a11kzwQ==
x-fb-debug: R+zzX7WmRf1X+q8q6BPoX98sZT9HHmBK8mBuiUDRylG8YQE2dqj5AWC1p+a8DynhyN64NvyDA/IKk4p+bhwmbA==
priority: u=3,i
content-length: 1657
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1984)
Size:   1657
Md5:    16f083b23b565db9d2f20d1ad75933c1
Sha1:   6d74ad139c96b1e3fc9d541419788b5b4893ec9a
Sha256: 36b909cd9132a8996a1bbb221d05217c31506a6951bb408deeea6aa612dc4200
                                        
                                            GET /js/embed.vendor.min.2f17f0b14ee46c5a.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"62f0b6d6-9e1"
last-modified: Mon, 08 Aug 2022 07:10:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 685043
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TbyjvgSS3nKJL4oI6%2F8JN9MXfzGi%2FiiDP2UfM9edd8Qb%2Bw4bO%2FYd15Zjdmska0GeesFIaUueQV%2BkfCF8CzCUO1QwrqplBVuokOTNHm4tu28hIZeIdf5p7Bv6JAIqyzkA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfea9b509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2529), with no line terminators
Size:   6216
Md5:    c12613e7b5009ce437eb99b5514788ed
Sha1:   fcb0c1cd9ca32368570327c0d78a046c98258a74
Sha256: 8456972f034430f065bdd452ad969e29dd4023ac00be486443416d88fc79c553
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 06 Sep 2022 18:41:12 GMT
expires: Tue, 06 Sep 2022 20:41:12 GMT
cache-control: public, max-age=7200
age: 6345
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20006
Md5:    56f5d7f608e25d64207135f045f988cb
Sha1:   901eb59372ae330ae85e1384da93479b21ae1082
Sha256: 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
                                        
                                            GET /rsrc.php/v3/yN/r/mXu1RunczE9.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Mon, 04 Sep 2023 16:13:10 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: YFnykI/HivNtifNyMREW7w==
x-fb-debug: YQs2aq0nbp/h3uDN50vOAPYPOO9T0HhyH1PWoVMTwJQK2rLx7waDuFvPjsk03f6R49nuVvhhc5xcc6nt55ozyA==
priority: u=3,i
content-length: 12179
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5261)
Size:   12179
Md5:    6059f2908fc78af36d89f372311116ef
Sha1:   431905421a858f26f5624203b0ecae7b6d8c6c42
Sha256: 33ba2a807c3a7a85d489d24e1a843c4361a791492fdbe68e471d2064155467f0
                                        
                                            GET /rsrc.php/v3/yx/r/9QJEUDJuAYR.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: application/x-javascript; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Wed, 30 Aug 2023 21:53:52 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: Fibo6ChZjgbM0MR+VbQjBA==
x-fb-debug: 4WaYryAVZ7NetRVJPvbl+weVea9R3jmMamcOJQrFxhXTBDDbrCB57uesZD5Ni/mP6YsN/9Zo7rVbOSkgzixb3Q==
content-length: 15844
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  C source, ASCII text, with very long lines (7299)
Size:   15844
Md5:    1626e8e828598e06ccd0c47e55b42304
Sha1:   af5c62af35bf22b593fdbe758a2feea6bc1b057f
Sha256: 3798dbb7df2694a222f65f4cadc92e6d133fc8f5fc2b00f326df521cd0c24b25
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 06 Sep 2022 20:26:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Tue, 08 Sep 2020 17:45:37 GMT
accept-ranges: bytes
content-length: 385740
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 884 x 281, 8-bit/color RGBA, non-interlaced\012- data
Size:   385740
Md5:    f5f4dadc12f2095457c222d305a98385
Sha1:   054b4a891d2a2c3fd2d378aaf6e9e1d1447599ec
Sha256: 74ecdf4c6a34157fc496e23e91d1c1e5b8a6505e7014d85b6580ac24f122a2e6
                                        
                                            GET /wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: font/woff2
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
content-length: 77160
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-32x32.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 2260
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2260
Md5:    bfa3f0092d461e80f51b30ab5fa21dfd
Sha1:   6c580b1c67bb413f89883f11265066484a3c64ea
Sha256: 2fe38259678102b0e58fc32af42f3a5ef84ceec402322736c194c189cf228e65
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-192x192.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 40468
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   40468
Md5:    42ab481e6e5dce69fbd17d4b88760752
Sha1:   ca8ec06e87eb136bf1d3532130767af3a4884506
Sha256: 220fa076ad5a128fd0701c3f29fc21b8b2d6c9e8724459ac085cd359e0d10a62
                                        
                                            GET /nr-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 06 Sep 2022 20:26:57 GMT
via: 1.1 varnish
x-served-by: cache-bma1636-BMA
x-cache: HIT
x-cache-hits: 5339
x-timer: S1662496018.991314,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32022)
Size:   14391
Md5:    b7c09cc097b2847f9edc784adba62dcb
Sha1:   5aa648623cf5e3b4b215fe5d068a7904c59f2925
Sha256: 6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6170
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:58 GMT
Last-Modified: Tue, 06 Sep 2022 18:44:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6170
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:58 GMT
Last-Modified: Tue, 06 Sep 2022 18:44:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6170
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:58 GMT
Last-Modified: Tue, 06 Sep 2022 18:44:08 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4698
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:58 GMT
Last-Modified: Tue, 06 Sep 2022 19:08:40 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2134
Cache-Control: max-age=167243
Date: Tue, 06 Sep 2022 20:26:58 GMT
Etag: "63178f07-1d7"
Expires: Thu, 08 Sep 2022 18:54:21 GMT
Last-Modified: Tue, 06 Sep 2022 18:18:47 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /embed/705883 HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
cache-control: public, max-age=300
expires: Tue, 06 Sep 2022 20:28:12 GMT
x-robots-tag: all
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Tue, 06 Sep 2022 20:26:12 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0MBc8XApcE1p4u9CUUlqv%2BwOHnSKbulRzQYjsabxAkkKmEQnkcag92YHbtBMBlvGK90I%2B6TMLEiTpvIcLPywDq0kEQ%2BCLuiLaydaWNSY94vKvSdJuJv3pfUttmM1sgb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14d1d0db509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   15062
Md5:    3e71a0a463bba4390cf2af7f167c7ba6
Sha1:   6b128aac128a9a4814dccd3e31bacf8a39e20c30
Sha256: f891a1994071c3647c57383e86adc776c2dca153e14ca43a44cc2ce5d8b49f10
                                        
                                            GET /v/t51.29350-15/302386060_3162702923993058_8021699530736520297_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=9nNJ5zz9tQ4AX8J5VAh&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9VRiJBUYmRbUq59bTgHbZ2fV_e1ZLb4WMomyBkOlBmVg&oe=631C3E0C HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 01 Sep 2022 10:04:46 GMT
x-haystack-needlechecksum: 1392867941
x-needle-checksum: 2254941254
content-length: 54993
content-digest: adler32=2254941254
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: 586zwD7uliF-zPXy9GwxqtJxMcbxp51rhGXmT6QGQuTymom_-qcdJtvT4zi1QZTFvHNg-xBllnx2q_hm3chaVA
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   54993
Md5:    d1c5884b3cc9285bc5e014fe3fd85963
Sha1:   c4d502809f40ad594f3281a0d1284871ec4ff031
Sha256: 5d86749531c52125e7b787ce78af9dc1fbfa86e702dea22452f19bb3b2aa1abb
                                        
                                            GET /v/t51.29350-15/305223409_659601691856460_7090002961202109916_n.jpg?_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=PmUAjxwgOu4AX_Y6rSc&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_a3hicy73XydIh1vJ-Wf62jUEgbiMaxofBU2MXmGwlwA&oe=631C7642 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Mon, 05 Sep 2022 00:12:30 GMT
x-haystack-needlechecksum: 105019413
x-needle-checksum: 1657581890
content-length: 71175
content-digest: adler32=1657581890
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: 9ne80jDutdEsl4xtOakHCMcI2R4zeRePyLGwrV2ThGwVyov4JzbEtLkbgQIHXXGEQaNc4VyHzaYK_5AeLup0eQ
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   71175
Md5:    343d9cfc3b71a7bfd8d2d57d434ccb98
Sha1:   4a4361757d4a00d582207eaa076cd598bbe7d35a
Sha256: 929190f1cfcaaa8739236191f486e411ca10f0b75f49e2a1b630d18110817b62
                                        
                                            GET /v/t51.29350-15/298093372_1000695163919598_5056072002243268681_n.jpg?_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=lcHQzKak87cAX_72JYD&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8tw3HiLg4CiWti9AdtbUhWtmB9lmXKcWlKS67393r8MQ&oe=631CD752 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Wed, 10 Aug 2022 02:21:52 GMT
x-haystack-needlechecksum: 2883440041
x-needle-checksum: 3310704796
content-length: 197506
content-digest: adler32=3310704796
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: F7aJo98CZXs2BgSvztSQnA3diS7Uil-TuYFyju3dlY1ctEgs5g5sPUPQKISfVCCr99XOorW7820n3bt9QiZ76A
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1080x1920, components 3\012- data
Size:   197506
Md5:    9aa80c611d43034e29a178f1bae6f4ab
Sha1:   e2eaa13c2f6d424ec0d3f35ee6aebe73f1611777
Sha256: 7872b589b76829ffd0c9844c106696e9778d42d8df95233e747ebade0d9f9bb2
                                        
                                            GET /v/t51.29350-15/302090844_3117023888607633_4173839149446585899_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=LURi65iG6FkAX9bPi6w&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_25Pht2ft2GXoqRdzPJf58whEXEi0GwfFQk8iFxzSfVg&oe=631D0998 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 30 Aug 2022 10:42:09 GMT
x-haystack-needlechecksum: 1864183193
x-needle-checksum: 4074026190
content-digest: adler32=606457263
content-length: 238292
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: fUWfYkIZrYU7AaROop0EYBEIXVsibvo9QKgPT3d6Cg2c8ShobitbqLymkGQykshq8ouhZuFfvhJhGEhHtF7JSA
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1079x1349, components 3\012- data
Size:   238292
Md5:    1b8ce2fa82ddb72bbfccdc4a33ea5a72
Sha1:   cfec8c2a8ec036014864135392319070a0ed3f9a
Sha256: 207836f11e661c7e13d14efcac9a21351fbb551e3b5a5b83fe4c49b3fcaff5af
                                        
                                            GET /v/t51.29350-15/300785005_772491627323947_1904365575442050555_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=ixlah5oRS80AX9lIuTm&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_8EdOXMq3wQ8SuONAJ3EPmXNPacC4mTzMNs6zF6nB2Hw&oe=631C51C7 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 23 Aug 2022 04:05:09 GMT
x-haystack-needlechecksum: 3283498827
x-needle-checksum: 718294705
content-digest: adler32=2646180015
content-length: 176561
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: E09OemPZVwFEzswYn6YpAeIUZDZ43Z-UF48-SkIJ8MFIRLytgFOGLFUVp3Z1OB8L_YH-h3oygCd8iybGcyHePg
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   176561
Md5:    8d1bf229e9d3ba1b68d65326cc810e77
Sha1:   43230b82111962a858aa17e6dad5cc346aa08020
Sha256: 8a9a689799b67be1bdb62c059afe0740922d77354c6ae4698602827079982b8b
                                        
                                            GET /v/t51.29350-15/300238276_449251240470525_3840489065997612201_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=V0OyHA3nq5UAX-ngc1w&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8X9b96fZpBPNRlN2iJT2SpkYJmYJUA8WVbr7-loZuZ5w&oe=631C385C HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 21 Aug 2022 10:01:18 GMT
x-haystack-needlechecksum: 481931230
x-needle-checksum: 949444859
content-digest: adler32=4060807364
content-length: 123290
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: KrZHTpHT9mf_DXrL6-2ATqBpcaplnn-LFlQH-18wQKEAqFIY1v_jY1zGLZrr2wzH8Z04-iOUGYfAOx1iabq27w
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   123290
Md5:    3b61eca76ae66c12b9b1cadc3d42b201
Sha1:   bf0a61e5c7ca52317fde0bf2fb00a28151a14f5a
Sha256: d737320da5ef18ed354af84a942a24294e55bd38947c2953a34a2f3a3e7679a5
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6170
Cache-Control: 'max-age=158059'
Date: Tue, 06 Sep 2022 20:26:58 GMT
Last-Modified: Tue, 06 Sep 2022 18:44:08 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v/t51.29350-15/301224609_522376032982261_8860578228373543903_n.jpg?_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=wI4wQRQxNUwAX9lXiCd&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-p7RDTBTiG1pgJJgdTKgzCcIN45-7TFIMOcFU12W_hHg&oe=631D7376 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 26 Aug 2022 10:22:32 GMT
x-haystack-needlechecksum: 1999119380
x-needle-checksum: 2384835369
content-length: 191869
content-digest: adler32=2384835369
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: EUZpEWT-kN1uEkskj3PlCxuLLBb89ue4fwoW3n-FvTwVL95-IAWgqHtvnFBVU92nucY1qXaXUnPLUcAl7_qepQ
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   191869
Md5:    ab302a285aadf2dcf9b63f044796bd6a
Sha1:   7200f76332353160379c204283f2815a0da95019
Sha256: 587d087e0681fadfbe45f7de728fcc97dcf754b791e83b863009f370be8549d8
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6469
Expires: Tue, 06 Sep 2022 22:14:47 GMT
Date: Tue, 06 Sep 2022 20:26:58 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6469
Expires: Tue, 06 Sep 2022 22:14:47 GMT
Date: Tue, 06 Sep 2022 20:26:58 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6469
Expires: Tue, 06 Sep 2022 22:14:47 GMT
Date: Tue, 06 Sep 2022 20:26:58 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa58df54c-7833-44ce-9519-a44b50319614.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5775
x-amzn-requestid: dc0a6d9c-5aec-44a3-be54-69cec17f9de1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYfxE0noAMFz0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166dfe-6c8ec4b03fc761d81c988132;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: z3WamVQsZqAoYnfPZ0rgyYXGzs1jsv56D1oF4Wzva-H-T8a-xPU8mg==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:00:00 GMT
age: 80818
etag: "3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5775
Md5:    1a87857b93f99eab3118aae97a1c9d22
Sha1:   3aea6a5aaf5ccda356d7e0941b33a7c2e2b13e80
Sha256: 97ce11c0e0efe83d6568f173f9235160157c52b4ab4299823d508c072f113ddc
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6469
Expires: Tue, 06 Sep 2022 22:14:47 GMT
Date: Tue, 06 Sep 2022 20:26:58 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe1756524-f0d1-4149-aa44-603b827f87d4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6656
x-amzn-requestid: 2703eaf4-1a5a-41a6-859b-47255865efb0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAX-3F2ZIAMFpLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d2b-6df026de5a9230ed429d08c1;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FIIvB2jeQ_PBDzi8XRN0jnNxze3OwDbz8TBaIcadRvmQd2EFhCwX7Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:45:42 GMT
age: 81676
etag: "5fc951e5236edd282d4975853ca35dab2e55fb17"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6656
Md5:    983e705542fa78b4d5c876e0c1eada7e
Sha1:   5fc951e5236edd282d4975853ca35dab2e55fb17
Sha256: fa6e478fc213f6cb6c9f33c96c51105262c857bfe313b3d310755be30b1feeb3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bSBSzzRMdrVdoV3Ld8hYWq2AwO7Mswcwa8Tk_AKa44j1SlrFugNqpg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:48:06 GMT
age: 81532
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4426
Md5:    c81f3df885bdee8cac46ea9495e6b63b
Sha1:   fc766bca874a352a4acb569577d4cf6527f4f074
Sha256: e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8OlwFzmUfQEPeP7pT-g5wRMq0I1jllBnRU0Nxk4kNkcVD_evLZYc7g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:17:51 GMT
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
age: 79747
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7855
Md5:    8c23179b2131543088771e3fa84ff231
Sha1:   ae50ae4aecd962b698c19f2863857b51cea7fcec
Sha256: 660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8134
x-amzn-requestid: 5f6027e8-842f-476a-85e5-cc8b848e4567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEoVIAMFuiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7095c29a04d2f5310b1b84c4;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Gf6IGDeM-y_nDO1C3m9xeyAJdkYRe2CN87Pi986A7B1qsjq5p9VkQw==
via: 1.1 d7782b26e589b8e1397d352f4daf0d58.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:41:25 GMT
age: 45933
etag: "ec19429fa76d9ad47a0578734b011b530b79ebbf"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8134
Md5:    5540d72831e7e7b9fc287f92c48d9f5e
Sha1:   ec19429fa76d9ad47a0578734b011b530b79ebbf
Sha256: bc27a44853fd17cf51d6bba0db58a755c75a309d9b0cbcd454dfc9d62785f72f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:36:52 GMT
age: 57006
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12683
Md5:    ec466c0d472e43c11d36bf6fce068205
Sha1:   720d3624a76d060b8e2699e9aa7a320e3efd4878
Sha256: 5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
                                        
                                            GET /v/t51.29350-15/300644717_1028811554431355_1629857985078990935_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=6tQMJzApeG8AX9SBBnE&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-IVNKik-382Vbv6qmsBfuejmCfoNbsUwfeDwK98PZBAg&oe=631BC8B9 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 20 Aug 2022 00:51:56 GMT
x-haystack-needlechecksum: 1625528505
x-needle-checksum: 975954516
content-digest: adler32=3283876425
content-length: 437830
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: xHcdYZYVbzKV6r_7TB30SGwtqBDQ2uqEhtgMj_FROK5sjGGu34ouYN9jN3ggqn6AU7_WPpyVido12Urd-WaAIQ
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   437830
Md5:    1f67ac11b2f574ebae9b7c6344122480
Sha1:   a57b77eddfbd6044fb1f6795bea20eb68e32b296
Sha256: a08c0bd4b9e0cf8f3564a0311baa4878a18908da8ab9bb457f27f863199349ae
                                        
                                            GET /1/a53393d12f?a=453137&v=1216.487a282&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=611&ck=1&ref=https://snapwidget.com/embed/705883&ap=118&be=141&fe=483&dc=222&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1662496011597,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:2,%22rp%22:119,%22rpe%22:122,%22dl%22:126,%22di%22:203,%22ds%22:221,%22de%22:221,%22dc%22:482,%22l%22:482,%22le%22:483%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Tue, 06 Sep 2022 20:26:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7469f1533febb4fd-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=ac60672844275ecb; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   73
Md5:    516a128bb6000ca8154792678f4333fb
Sha1:   41d0257bea96afd36c6f3e40fcfdc9ca247f8e01
Sha256: 9fa62b52f24b87a40410fe842cb9be494abed114a2eac2eb406c8b4a4d372d10
                                        
                                            GET /v/t51.29350-15/299507298_1140336400199609_6221579676075730298_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=MmFumbXa52wAX-S1O0I&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_l5l-qLbZM8knISZCQTdgEmPYP-TQ1IF_XNOsLWrkXbw&oe=631C0B5E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 16 Aug 2022 04:25:45 GMT
x-haystack-needlechecksum: 3307334474
x-needle-checksum: 811688120
content-digest: adler32=2898683015
content-length: 257047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-fb-trip-id: 1512268381
date: Tue, 06 Sep 2022 20:26:58 GMT
x-fb-edge-debug: 6BG77xqIohIramhx-BiQLyfcpe2YYRxkY1PsBgclVI_NfbUn770iFdl_aYTxo4PR-wqxScizCbr7D38z0icMUA
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1350, components 3\012- data
Size:   257047
Md5:    988a672ab4440e72e3b60e07fd148e56
Sha1:   887f92a076a28b5806c021e687f7af3cb1952c57
Sha256: 45ca6955a9f09eee5bf473314cc452f0a4d314c834da1218a0dc10b485915555
                                        
                                            GET /e-202236.js HTTP/1.1 
Host: stats.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.76.3
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 28 Aug 2023 02:01:00 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stylesheets/embed.grid.min.4069f6f840f9102b.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"63034249-899"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1168518
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eKv1Ayi7wPvnFFiDEgy1ofL0thWqaRUHdUgHP2LXvoLJilyPsjooKFQuPoIitjEGVt%2FoZ44MrHAVWezy9159XSTm2uVrYmiMvhnlPLvuN1YZTcw0vNo%2BtZiJsocpEi0V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfea2b509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/snapwidget.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"630341e7-560f"
last-modified: Mon, 22 Aug 2022 08:44:23 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 682556
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BcNW45qyMrDZu8REkMgdRckstUSwPRmjQ2dv3uQe4EPTa%2FkE96JgdbaJ43mLDlq7FAnrn5tCyKJVKi8Y81UhabDIH5Nuar071TCVTVSag0xpPtLxXGl9t7OkEts3OAvv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14b1a3bb509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Wed, 06 Sep 2023 20:26:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/embed.main.min.b61fafc5de1ae792.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"63034249-b2e"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 701651
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYHcmNeFkUV0UdT1XWBPoMNxnbkV8PrK5ZLLbA9vn%2BmEprIG2JRQ5WBz1YA7E%2FCfNN2m1VKVxKo8q0Nj2nAEkYjmvY2RMDA7oMIhywRQBp%2BrMaV5TAeeRZkl%2FWteFWHd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfeafb509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stylesheets/embed.style.min.307799cd3bc5b2ee.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
cf-polished: origSize=15975
etag: W/"62f0b6a9-3e67"
last-modified: Mon, 08 Aug 2022 07:09:29 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1168539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3GSrf2Rb%2BZM%2FA95b90aCiVCiq2gf5VJzvSvkwOXWH1hFhdfxteGNCE%2Ftxuuwpig9KrUmfCsrG%2FowBi3dlMnGH1LOs4bDxG%2BFIXE1XGHtIzpaoEvpmP4Kj%2FLZrnUIie9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfe9bb509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: VQICUlZUGwcFV1BRAA==
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE0NTMwNyIsImFwIjoiNDUzMTUwIiwiaWQiOiI2YWJlNDFjZTFkMWY3ZjFiIiwidHIiOiI4ZmFiZjZjMWM5ZmRiNmJiMmNhOWU1MzNlNmE0Y2ZmZiIsInRpIjoxNjYyNDk2MDEyMDg5fX0=
traceparent: 00-8fabf6c1c9fdb6bb2ca9e533e6a4cfff-6abe41ce1d1f7f1b-01
tracestate: 145307@nr=0-1-145307-453150-6abe41ce1d1f7f1b----1662496012089
content-type: application/json
Content-Length: 3238
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: text/plain
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
access-control-allow-origin: https://snapwidget.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7469f15029f1b509-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FTheQueensEscapePH%2F&tabs=timeline&width=330&height=400&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-fb-debug: K9yMELw58iAp7uGfaYO4XniTLNQarX0nDB2P3aAdfDHnMDpnDeRy0FdRrJKWnU4CwAlfYuSM8Qcr69d0YU2gPg==
date: Tue, 06 Sep 2022 20:26:57 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Tue, 06 Sep 2022 20:26:57 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /stylesheets/embed.vendor.min.760717b3f565c387.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         172.67.75.33
HTTP/2 200 OK
content-type: text/css
                                        
date: Tue, 06 Sep 2022 20:26:57 GMT
cf-bgj: minify
etag: W/"62f0b6de-937"
last-modified: Mon, 08 Aug 2022 07:10:22 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1168539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mao%2BzKUYujGGjeGbXVjbtDF33V7yJyUZfF8xK34y1Gqb0%2Fmrr1SnAgB1su%2FqN3POIRSKq0uoY1efHAZw0yGyVG0bQHoffG0HYPLba6vsYy%2FTVKtEBr9aC9HnBi6lu07d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7469f14dfe82b509-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Wed, 06 Sep 2023 20:26:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
content-encoding: br
expires: Wed, 06 Sep 2023 20:26:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /p/jetpack/11.2/css/jetpack.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Tue, 06 Sep 2022 20:26:57 GMT
vary: Accept-Encoding
last-modified: Tue, 19 Jul 2022 17:25:16 GMT
content-encoding: br
expires: Wed, 06 Sep 2023 20:26:57 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 20:26:57 GMT
date: Tue, 06 Sep 2022 20:26:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---