Overview

URL thequeensescape.com/quiaut/charts-4197372583.zip
IP108.167.140.136
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-07-05 12:28:30 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-05 2 thequeensescape.com/quiaut/charts-4197372583.zip Malware
2022-07-05 2 thequeensescape.com/quiaut/charts-4197372583.zip Malware
2022-07-05 2 thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style. (...) Malware
2022-07-05 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gute (...) Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=5.8.4 Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=5.8.4 Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7 Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css (...) Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4 Malware
2022-07-05 2 thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4 Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 Malware
2022-07-05 2 thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (18)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] r3.o.lencr.org (6) 344 2020-12-02 08:52:13 UTC 2022-07-05 04:59:43 UTC 23.36.77.32
[Mnemonic Passive DNS] ocsp.digicert.com (9) 86 2012-11-29 12:49:49 UTC 2022-07-05 06:46:12 UTC 93.184.220.29
[Mnemonic Passive DNS] pixel.wp.com (1) 2545 No data No data 192.0.76.3
[Mnemonic Passive DNS] static.xx.fbcdn.net (1) 661 2017-01-30 05:00:11 UTC 2022-07-05 04:59:43 UTC 157.240.240.1
[Mnemonic Passive DNS] snapwidget.com (1) 52354 No data No data 104.26.9.123
[Mnemonic Passive DNS] bam.nr-data.net (1) 630 2022-05-18 16:30:58 UTC 2022-07-05 05:00:13 UTC 162.247.241.14
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-05 05:12:14 UTC 143.204.55.35
[Mnemonic Passive DNS] thequeensescape.com (15) 0 2020-04-18 07:47:41 UTC 2021-03-16 11:17:28 UTC 108.167.140.136 Unknown ranking
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-05 05:12:14 UTC 34.210.107.213
[Mnemonic Passive DNS] c0.wp.com (2) 6988 No data No data 192.0.77.37
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (5) 1631 2017-09-01 03:40:57 UTC 2022-07-05 04:01:24 UTC 34.120.237.76
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 143.204.55.36
[Mnemonic Passive DNS] scontent.cdninstagram.com (9) 1107 2017-02-22 19:40:09 UTC 2022-07-05 06:32:13 UTC 157.240.240.63
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.pki.goog (8) 175 2017-06-14 07:23:31 UTC 2022-07-05 04:59:45 UTC 142.250.74.3
[Mnemonic Passive DNS] fonts.gstatic.com (3) 0 2017-01-30 04:59:51 UTC 2022-07-05 04:59:30 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] static.cloudflareinsights.com (1) 1294 2020-12-15 12:18:07 UTC 2020-12-15 12:18:07 UTC 172.64.156.26
[Mnemonic Passive DNS] js-agent.newrelic.com (1) 378 2017-01-30 05:00:15 UTC 2022-07-05 04:59:53 UTC 151.101.86.137


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 108.167.140.136

Date UQ / IDS / BL URL IP
2022-08-09 04:34:27 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:31:12 +0000
0 - 0 - 12 thequeensescape.com/quiaut/iddistinctio-4379189 108.167.140.136
2022-08-09 04:31:07 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 04:28:42 +0000
0 - 0 - 14 thequeensescape.com/quiaut/nequeut-4080967 108.167.140.136
2022-08-08 20:40:27 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-08 02:27:14 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-04 17:12:12 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-04 03:38:59 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-07-31 02:13:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-07-31 02:09:48 +0000
0 - 0 - 12 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136

Last 10 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-08-09 11:14:58 +0000
0 - 0 - 5 mail.estartupchallenge-egabon.org/web/Jorange (...) 108.179.242.163
2022-08-09 11:13:43 +0000
0 - 0 - 7 https://ckcuisine.com/dn/isllnimieuihqi83908641 50.87.110.165
2022-08-09 11:13:38 +0000
0 - 0 - 117 https://riopiscinas.com.br/in/ccnnsneoettuor 162.241.85.131
2022-08-09 11:13:31 +0000
0 - 0 - 114 https://riopiscinas.com.br/in/quautsiqem84547018 162.241.85.131
2022-08-09 11:13:11 +0000
0 - 0 - 5 https://prontoperro.com.uy/ntd/etibcxaauplemo (...) 192.185.187.147
2022-08-09 11:10:47 +0000
0 - 0 - 7 https://engviniciusfranco.com.br/en/onqeuque 192.185.131.78
2022-08-09 11:10:36 +0000
0 - 0 - 3 https://feneloncostodio.com.br/olmr/voemnsnabii 108.167.132.218
2022-08-09 11:10:10 +0000
0 - 0 - 3 https://htech.eti.br/uet/altuaeaqerrob181285111 108.167.132.218
2022-08-09 11:10:07 +0000
0 - 0 - 5 https://jacquieclark.com/rm/mluareuaml 192.185.46.249
2022-08-09 11:10:00 +0000
0 - 0 - 3 https://htech.eti.br/uet/imomdxieam 108.167.132.218

Last 10 reports on domain: thequeensescape.com

Date UQ / IDS / BL URL IP
2022-08-09 04:34:27 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:31:12 +0000
0 - 0 - 12 thequeensescape.com/quiaut/iddistinctio-4379189 108.167.140.136
2022-08-09 04:31:07 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 04:28:42 +0000
0 - 0 - 14 thequeensescape.com/quiaut/nequeut-4080967 108.167.140.136
2022-08-08 20:40:27 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-08 02:27:14 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-04 17:12:12 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-04 03:38:59 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-07-31 02:13:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-07-31 02:09:48 +0000
0 - 0 - 12 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136


JavaScript

Executed Scripts (35)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (68)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CA12512DFBE8A007255191678A4ECD570026D865AE741C0D3025D8FE1A58659"
Last-Modified: Mon, 04 Jul 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5419
Expires: Tue, 05 Jul 2022 13:58:36 GMT
Date: Tue, 05 Jul 2022 12:28:17 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 05 Jul 2022 11:55:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: DvScR0HA5986J-cFTcOv31UE8aNqRh8u9hEvtquYFdq162cMFsCHrg==
Age: 1983


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 05 Jul 2022 03:26:45 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Ij0Rwms-jlJM_bKRvnhe_lX5hFhO9taoNUNEgIYgnKPN_pE3MWqe-g==
age: 32493
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 05 Jul 2022 12:28:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /quiaut/charts-4197372583.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         108.167.140.136
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 05 Jul 2022 12:28:17 GMT
Server: Apache
Expires: Tue, 05 Jul 2022 13:28:17 GMT
Cache-Control: max-age=3600
X-Redirect-By: redirection
Upgrade: h2,h2c
Connection: Upgrade
Location: https://thequeensescape.com/quiaut/charts-4197372583.zip
Content-Length: 0


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.36
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 05 Jul 2022 11:34:56 GMT
Expires: Tue, 05 Jul 2022 11:42:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 1ca0323262515c9240c58fe69a9ac826.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wQo_It30ip-xiGzYe96chrNIrPiVF3LeTjuwebu8wQmWhFQY723TXw==
Age: 3202


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3933
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 12:28:18 GMT
Last-Modified: Tue, 05 Jul 2022 11:22:45 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "50F0624A92BD0C026F2F6876AA1A823B55A8244BD4AE979C83D8DFFB6A92A9B4"
Last-Modified: Mon, 04 Jul 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 05 Jul 2022 18:28:18 GMT
Date: Tue, 05 Jul 2022 12:28:18 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1ZkQAjy3O2GDMft9MJtFSQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.210.107.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wt5c6ytzVbQwWDUtaLhdXk3e1po=

                                        
                                            GET /quiaut/charts-4197372583.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         108.167.140.136
HTTP/2 404 Not Found
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thequeensescape.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 14254
content-type: text/html; charset=UTF-8
date: Tue, 05 Jul 2022 12:28:18 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18721), with CRLF, LF line terminators
Size:   14254
Md5:    b92ac37b3e84641c2ef34bebe4bf5d17
Sha1:   f186268e89e350df841b5961f75f80cd85a7fde1
Sha256: 800d8e213514e6f773db050e62c32e4e1ecf5bad93bc59a2e12421db6b148fd8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/gutenberg/build/block-library/style.css?ver=13.5.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Fri, 01 Jul 2022 02:12:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16565
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   16565
Md5:    a2a21d93bd141e47981efa6ae9a9f1a0
Sha1:   40b3615adaac79881233e454c1be764d935d276a
Sha256: bb2259a01f5d2aad78731f26cfa2e8c77ce913cd68c089c73e7a10d60d5102d9

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.55 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Wed, 22 Jun 2022 23:34:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 155
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   155
Md5:    3940cb443469d5cc737f18bcb99ba882
Sha1:   7787f5b35bce9bd1abf13949bb0a0b4c611eec8f
Sha256: 0c181007406a290193553dc3177b342b85140bc92c9cb8a3026d5f0fd9b22e21

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/fontello.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 801
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   801
Md5:    3fcce85c25147b034d9b34ef0bb102c7
Sha1:   537ac2b5708750fd6694a4ab63ba03efca2a112f
Sha256: b25b8dc638fa4582ffa4617a3e77fab6ea2a69452162514f5c973b827976659a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/slick.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 464
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   464
Md5:    fec0675d238ab63f20af3798679ee257
Sha1:   fecccd03ed91c3755f6c4ce1564682ad6065958b
Sha256: 6a3384ea7d5c54d405f6f63fe7ff8ccc550f2644670dd31a077653dbd0a18750

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /c/5.8.4/wp-includes/js/wp-embed.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 05 Jul 2022 12:28:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
content-encoding: br
expires: Wed, 05 Jul 2023 12:28:19 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1391)
Size:   1136
Md5:    7670229e17cd8ad72c20e535c4abf95f
Sha1:   4a9a91d07076b2d759e57c9e48f71c864b8473df
Sha256: cfb813fec91ab8e3aa962d253a0dd148152e280bb4058745aa82a2a967a39f2f
                                        
                                            GET /wp-content/themes/ashe/style.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15480
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1145), with CRLF line terminators
Size:   15480
Md5:    e954c0305a499992971e13f5cd4b3b1a
Sha1:   64977fc16dbddf3903621cfc9835dbf828081b90
Sha256: 962d5b34c1dccd41fa3bbcf98692cd76dd77892aa62558325f5f3a9529272983

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 399
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   399
Md5:    626de1992de89bc6a753723ac232ec2f
Sha1:   d72ab26603b7bc512e424e4a6791098d0f1cf451
Sha256: fb52056de07749e6bcddb97b622780deabfe852a4058216724600b01190b6eff

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2774
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2774
Md5:    a9a04336d6412016b1c3398521d3de2c
Sha1:   071d301c2966d68abbf364e94b8acbecdbf350a3
Sha256: 5a5ea7abafc8c05557d4c717463a4995529b5c22d61d03d57af226898e4bc2ef
                                        
                                            GET /wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7524
content-type: text/css
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  troff or preprocessor input, ASCII text, with very long lines (372)
Size:   7524
Md5:    425b9c5bb524774d7f30160c36771785
Sha1:   af60c1059fb990e6e86ff744f9c286e78f9966e8
Sha256: a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Wed, 09 Jun 2021 08:45:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5243
content-type: application/javascript
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15224)
Size:   5243
Md5:    00af0ddf324f69fcb25f0d2e5d08910a
Sha1:   df0379ab0e1b2902957c8aba77f89d88e1239b59
Sha256: f0a06ed3b8d3917b358def04d87668001cd1c6da31a5cb4bb452313feb64a2a7

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5150
content-type: application/javascript
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10620), with CRLF line terminators
Size:   5150
Md5:    1d8c9a1d5e603072bc8944c95fae6bd4
Sha1:   a679a7559e82184333423161a9487b7a10d8a787
Sha256: 613da5ea52bc16ed442cc77ec65f1987f1f51fed15489025bd08d710fadc9dbe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3059
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 12:28:19 GMT
Last-Modified: Tue, 05 Jul 2022 11:37:20 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /g.gif?v=ext&j=1%3A10.9&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=2635&rand=0.3855392056696928 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.76.3
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 05 Jul 2022 12:28:19 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9882
Expires: Tue, 05 Jul 2022 15:13:01 GMT
Date: Tue, 05 Jul 2022 12:28:19 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9882
Expires: Tue, 05 Jul 2022 15:13:01 GMT
Date: Tue, 05 Jul 2022 12:28:19 GMT
Connection: keep-alive

                                        
                                            GET /s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16720
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:34:58 GMT
expires: Thu, 29 Jun 2023 19:34:58 GMT
cache-control: public, max-age=31536000
age: 492801
last-modified: Wed, 11 May 2022 19:25:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 16720, version 1.0\012- data
Size:   16720
Md5:    c416910cae8fe4258cdf8c35933e9f4c
Sha1:   4a768ba0a3abc49b572c08c235db9f066ffc2b18
Sha256: 9434dddcdf38e072b039bb92f9e90639ec0e0563e8ff51604a60d91830c29289
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9882
Expires: Tue, 05 Jul 2022 15:13:01 GMT
Date: Tue, 05 Jul 2022 12:28:19 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/playfairdisplay/v29/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19784
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:32:53 GMT
expires: Thu, 29 Jun 2023 19:32:53 GMT
cache-control: public, max-age=31536000
age: 492926
last-modified: Wed, 27 Apr 2022 16:55:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19784, version 1.0\012- data
Size:   19784
Md5:    2afc074b0a28a247a63a4bf7821476ee
Sha1:   bf13679b67c48e47947b3a044732b1cc55abc094
Sha256: 23a38ec96550f1c1cc8d6e9f83f9dc7dfeb046bd2d0d67db1590c86e7a098a70
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9882
Expires: Tue, 05 Jul 2022 15:13:01 GMT
Date: Tue, 05 Jul 2022 12:28:19 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8efc8db-c5e0-4a87-be5e-614d131a0768.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7752
x-amzn-requestid: e80b1951-682c-48b6-8dbc-4831440cea2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: UePkoFQhIAMFtGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62bbf950-3e961e9c3ac7ccc35311c0fb;Sampled=0
x-amzn-remapped-date: Wed, 29 Jun 2022 07:03:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: AzsTN4V1ZKz7i7FJSsjexJr2NNIVs0ry70NrstkPXUA8QsOPiaZt5w==
via: 1.1 34c44cb7892e57a3b6c51812bcf68ee4.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 10:20:53 GMT
age: 7646
etag: "fcef00cd4536dd7e96f20ac5a2545d662059ab7c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7752
Md5:    00e0456cd6656f615a6ea62da9488a35
Sha1:   fcef00cd4536dd7e96f20ac5a2545d662059ab7c
Sha256: 4c7b1aa7e0f10fe406e02e46688a88464d37c745cd81ae68333fa6fac589f60d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd06fa81-5ac9-4295-806a-c831c401721a.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4200
x-amzn-requestid: 2d5e08fb-e811-4d46-b6a6-234708fa21ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Up-c9G8woAMFfGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c0aab9-781b80882f892d46750460a0;Sampled=0
x-amzn-remapped-date: Sat, 02 Jul 2022 20:29:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _UTBzOCy8fX5BNktSzjbIo_0XiGySNSeo4t34pja9WYv1CuM_hygSA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 04 Jul 2022 15:24:03 GMT
age: 75856
etag: "245248a8bb7e566cfc35aaa1e83f2d9afdeb2990"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4200
Md5:    3869b8128e7d8a9f23ba26aabe4c718a
Sha1:   245248a8bb7e566cfc35aaa1e83f2d9afdeb2990
Sha256: 582f5382cb70f10b65794e8042fc0cbee11b11f030be39c87c7e2dc167622747
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F431f287f-9907-47aa-be38-0ff4e6db75fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8553
x-amzn-requestid: 2c1e16d1-357b-493e-bcf7-b4de1a34757f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Utd8tEKYIAMFbmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c21051-7382cb3050c6f13d70dd3706;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 21:55:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: QbUfJjPZPpKjVFzyb0NlS-aXRVWIs4MBDiR_3pNde5dAn7f097K8Lg==
via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 03:11:52 GMT
age: 33387
etag: "303f4efaa9b98e39a935fc6514d3731d40d2977c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8553
Md5:    e6f97e6b64100081e8bed56216564854
Sha1:   303f4efaa9b98e39a935fc6514d3731d40d2977c
Sha256: 92dd803f1633bd65a2b4ac3223d8aa93dd55ed64c74b338aff62323585a3623c
                                        
                                            GET /s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:35:18 GMT
expires: Thu, 29 Jun 2023 19:35:18 GMT
cache-control: public, max-age=31536000
age: 492781
last-modified: Wed, 11 May 2022 19:25:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 16796, version 1.0\012- data
Size:   16796
Md5:    f39b602d1b08fc398343e5c11cf8cd87
Sha1:   944ea7b3ca302c92a6414f203ab47803da20948b
Sha256: 511b67b07a90c30bed95a6e3b1a7708d978d53f01e5fad89403590aaf22fb134
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82c6fe48-cad7-447d-af08-03e130a67792.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 12087
x-amzn-requestid: 7cd842af-cbdd-46fd-94b0-f67895c350b0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Uq50KFMfoAMF8rA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c109b4-77eb5e3e5c01f25f6bf926ee;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 03:15:00 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IrVx1Jws840puxW9CzRHUIiEm7tU004lUmBOVLaw-ll_hLEwsIJAzg==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 04:11:48 GMT
age: 29791
etag: "01263eb9c35561bb52cf79d480533392179ad5e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12087
Md5:    17f863b2083b5221101950ac034a828f
Sha1:   01263eb9c35561bb52cf79d480533392179ad5e1
Sha256: 927ad484ccdacdd0d3cf0e7d9a9d4889b6d10613e52095c21c5936002a7e1ff8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6cf2c77e-1216-468a-93e4-edeb0ef5de0c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5358
x-amzn-requestid: b4b2e596-5ebb-4c10-81a9-c97e8a420f72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Uwt--HP0IAMFfTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c35d2c-35cd61767b05dc3337a99b0f;Sampled=0
x-amzn-remapped-date: Mon, 04 Jul 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: vP8cyZmESuMiC9jsUmXsEzpR4q2exw4RPVESaRY8IMSR79JOeJug8A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 04 Jul 2022 21:38:50 GMT
age: 53369
etag: "a5e489d3022da6019d7167e74d49f09c7d289b3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5358
Md5:    26979de2a867c073fcdee1d408ff12a2
Sha1:   a5e489d3022da6019d7167e74d49f09c7d289b3f
Sha256: 76d2db477c6eb793bddb6526572f2ba00e4067f8736c9f77d515301d7cfad262
                                        
                                            GET /c/5.8.4/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Tue, 05 Jul 2022 12:28:19 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Wed, 05 Jul 2023 12:28:19 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 2
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   12236
Md5:    0c5b6ab9bca392b42bc634717bc014ed
Sha1:   dfc1ef145bd4c7bd417d3d783c0ec8d34b6cf69c
Sha256: fc28db6206b0e057cde355b9ec9a935d65c434fe6da31733e3ef1a4ab61800aa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3059
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 12:28:19 GMT
Last-Modified: Tue, 05 Jul 2022 11:37:20 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /rsrc.php/v3/yz/l/0,cross/FjathrlAojI.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.1
HTTP/2 200 OK
                                        
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Tue, 04 Jul 2023 15:01:05 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: WA5orKIxZhKSa/uvFUqTzQ==
x-fb-debug: 9dZUCsr6glVXo0OCOxgosQMWHJV8u12kdP4bti+VS6Aoh/2EFgV6izteRAR+lRq8GNd+85DrDsUY2xg1Fr2Xrw==
content-length: 4717
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:19 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4093)
Size:   4717
Md5:    580e68aca2316612926bfbaf154a93cd
Sha1:   def7e89c85795001132c9b5bc19fce7bdd39110c
Sha256: 512e39dc857cc7d7620389cc682114ee8b09b437e4107de7699b353befa82d0a
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.64.156.26
HTTP/2 200 OK
                                        
date: Tue, 05 Jul 2022 12:28:19 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 7260199088c9fab8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13984)
Size:   25152
Md5:    9201d083d0df059945ac53b056ba3a54
Sha1:   84282a1852477bb802b414b51c4cf0153605e5a6
Sha256: 169b5448929d22e7b958cbac1e713bf64d82eaba9af51d837878c832322b32c9
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 05 Jul 2022 12:28:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /nr-1216.min.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
                                        
x-amz-id-2: Vf9xsFZHH0UI6bmTnW+KeBzegICGOxvtMLIWtbljNKoJtdkUEk/MfmbYPFui+bgtiUf/4lC5dk8=
x-amz-request-id: 4AV5AVKCCR961CNG
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Tue, 05 Jul 2022 12:28:20 GMT
via: 1.1 varnish
x-served-by: cache-bma1679-BMA
x-cache: HIT
x-cache-hits: 273
x-timer: S1657024100.132325,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 14391
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32022)
Size:   14391
Md5:    b7c09cc097b2847f9edc784adba62dcb
Sha1:   5aa648623cf5e3b4b215fe5d068a7904c59f2925
Sha256: 6da450b6a3ba53bdab36f6529e987a245cdfca9a37b77790f06dfd8d5797bdaa
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3310
Cache-Control: max-age=118672
Date: Tue, 05 Jul 2022 12:28:20 GMT
Etag: "62c34e06-1d7"
Expires: Wed, 06 Jul 2022 21:26:12 GMT
Last-Modified: Mon, 04 Jul 2022 20:31:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3310
Cache-Control: max-age=118672
Date: Tue, 05 Jul 2022 12:28:20 GMT
Etag: "62c34e06-1d7"
Expires: Wed, 06 Jul 2022 21:26:12 GMT
Last-Modified: Mon, 04 Jul 2022 20:31:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4212
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 12:28:20 GMT
Last-Modified: Tue, 05 Jul 2022 11:18:08 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2905
Cache-Control: max-age=118267
Date: Tue, 05 Jul 2022 12:28:20 GMT
Etag: "62c34e06-1d7"
Expires: Wed, 06 Jul 2022 21:19:27 GMT
Last-Modified: Mon, 04 Jul 2022 20:31:02 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2725
Cache-Control: 'max-age=158059'
Date: Tue, 05 Jul 2022 12:28:20 GMT
Last-Modified: Tue, 05 Jul 2022 11:42:55 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 08 Sep 2020 17:45:37 GMT
accept-ranges: bytes
content-length: 385740
content-type: image/png
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 884 x 281, 8-bit/color RGBA, non-interlaced\012- data
Size:   385740
Md5:    f5f4dadc12f2095457c222d305a98385
Sha1:   054b4a891d2a2c3fd2d378aaf6e9e1d1447599ec
Sha256: 74ecdf4c6a34157fc496e23e91d1c1e5b8a6505e7014d85b6580ac24f122a2e6
                                        
                                            GET /wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
content-length: 77160
content-type: font/woff2
date: Tue, 05 Jul 2022 12:28:19 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.9.123
HTTP/2 200 OK
                                        
date: Tue, 05 Jul 2022 12:28:19 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"62b144c8-5452"
last-modified: Tue, 21 Jun 2022 04:10:48 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 535006
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZNGlzwYa1JZJCyoRPnPcIK2AzbbpVQ5dKRxqKKbvRJI0QYYvq7YHadhKc9fyaEtebBEAuKFO%2FKxak%2BVGF04gQ1ABhyxt0MxMBW3kRHCprJejsuJfuMqHTnPEERelmeG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 726019905927b4f4-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21586), with no line terminators
Size:   46901
Md5:    c313e96b8007db061fce2f4cfd484045
Sha1:   757866d88d8baf14ef8a03990774ba3d55ccb220
Sha256: 2db5d73932ac79333e1978bd3b22407be51a8ed02384f282136e86efa49f8488
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-32x32.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-4197372583.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 2260
content-type: image/png
date: Tue, 05 Jul 2022 12:28:20 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2260
Md5:    bfa3f0092d461e80f51b30ab5fa21dfd
Sha1:   6c580b1c67bb413f89883f11265066484a3c64ea
Sha256: 2fe38259678102b0e58fc32af42f3a5ef84ceec402322736c194c189cf228e65
                                        
                                            GET /1/a53393d12f?a=453137&v=1216.487a282&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=524&ck=1&ref=https://snapwidget.com/embed/705883&ap=64&be=235&fe=437&dc=341&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1657024099607,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:10,%22rp%22:191,%22rpe%22:200,%22dl%22:221,%22di%22:286,%22ds%22:341,%22de%22:341,%22dc%22:436,%22l%22:436,%22le%22:437%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Tue, 05 Jul 2022 12:28:20 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 726019923a5cb52d-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=1076bea2b4607031; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   68
Md5:    a63df29d6e0417cc1d00d8743d0ae34c
Sha1:   4fe2dc626d476e9a32c8982587e33fbc8aaf7b0b
Sha256: 025635a81f1246880710db88c48cd051393836cfd7016eb9f4aac7ac7b739a4e
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3310
Cache-Control: max-age=118672
Date: Tue, 05 Jul 2022 12:28:20 GMT
Etag: "62c34e06-1d7"
Expires: Wed, 06 Jul 2022 21:26:12 GMT
Last-Modified: Mon, 04 Jul 2022 20:31:02 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v/t51.29350-15/286412291_152644647329727_8091110261468911622_n.webp?stp=dst-jpg&_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=5DCvx_DwwfEAX9GRY7F&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT99fP5I0WxN4nwGaONOmfkCOg8oOzXcihfnh6OzFE_bEA&oe=62C81EFE HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Wed, 08 Jun 2022 04:59:12 GMT
x-haystack-needlechecksum: 1586828437
x-needle-checksum: 3403400308
x-content-cdn-origin-ts: 1656889953555
content-type: image/jpeg
content-digest: adler32=637254533
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 136947
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   136947
Md5:    7d7c2e1ea4328854a862d531356309ec
Sha1:   d8aec582410ad268ad1b24e69fd3ab030edcf888
Sha256: cb5a18ea03ae120806e1ed1bf459fb55f70eece13dfc9a0a0b8750ffe2c163b4
                                        
                                            GET /v/t51.29350-15/280027849_138160538794763_1097565410079618103_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=i5zy17RNT3wAX_3Osbm&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_dkBVKj5p66ycp_lWxURPgy0sYGE9KXj_ZNZ7TWZdykA&oe=62C9B626 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Sun, 08 May 2022 03:11:38 GMT
x-haystack-needlechecksum: 3976056420
x-needle-checksum: 3509295565
x-content-cdn-origin-ts: 1656838235766
content-type: image/jpeg
content-digest: adler32=1180900908
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 64141
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 696x870, components 3\012- data
Size:   64141
Md5:    64314c16792506282d548e164e7723a6
Sha1:   30692a5bb8ae7266a7c28d03bf2657f3246d7ea6
Sha256: 1a694ae255a8c251525ffa99fa5277470c93ef28ba8a8cec7291d8d24b5abf59
                                        
                                            GET /v/t51.29350-15/278853672_380226003986558_2902118402150450259_n.webp?stp=dst-jpg&_nc_cat=107&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=sXrAOfvAqO8AX8epSG6&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9O5sO0VQdG6kmfgBqqMVH7xP704sssyE8RJi9Y6aJSgQ&oe=62C9077E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Thu, 21 Apr 2022 09:50:31 GMT
x-haystack-needlechecksum: 2033006132
x-needle-checksum: 3157969881
x-content-cdn-origin-ts: 1656843172489
content-type: image/jpeg
content-digest: adler32=942912085
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 195427
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   195427
Md5:    8aa7e9363ab7a6f3dbd317399f29d59c
Sha1:   f79cb1b62b57be36d993beb4a87adfa5652727ec
Sha256: f0d1b9b21370daeb53ae2c9ad5e77a77877082e66ff1478bca6a978eb8f55a4c
                                        
                                            GET /v/t51.29350-15/286960917_1144058099492919_2690375849574230424_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=W0Jba2X0RIUAX9kv-Bp&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_ZoDUV06Vj0kvrsQ1In_IImHixaBQQ1dAZhEEUcndS8Q&oe=62C81F48 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Sat, 11 Jun 2022 23:52:34 GMT
x-haystack-needlechecksum: 1197980126
x-needle-checksum: 1577350853
x-content-cdn-origin-ts: 1656959780859
content-type: image/jpeg
content-digest: adler32=352044999
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 269142
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   269142
Md5:    768e16515e63096068bf4c0d4f1fac80
Sha1:   edb462ee10919cabe321ae21488e46b160b02279
Sha256: 9e55d742e0e557b313463af5f5172db171551692b18c44ac23f393a146131442
                                        
                                            GET /v/t51.29350-15/279961423_369086411851005_4811844416311322927_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=xXIBA08i9pQAX_Fsaak&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9nFEVOLkNdz5_gyv8QNh3Qwoac39zU3ohUVynI1a_-fA&oe=62C8672D HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Fri, 06 May 2022 09:39:00 GMT
x-haystack-needlechecksum: 3073358330
x-needle-checksum: 3420874169
x-content-cdn-origin-ts: 1656838074365
content-type: image/jpeg
content-digest: adler32=409500873
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 205676
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1802, components 3\012- data
Size:   205676
Md5:    b928c87dd1cb00eb6aa5853fac38cc90
Sha1:   cbba55a8df4f7f49f5be284149cc7530ac827d6c
Sha256: ed225dcad34d3743775b87df0cd5701640e7beba8e2c863a213a9efa49269fe7
                                        
                                            GET /v/t51.29350-15/278210508_555669385766718_7685159737034062884_n.webp?stp=dst-jpg&_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GfNPeBHPgYwAX-SX4Bw&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8feA71y3LYcH7JsOeS-s9ZeVicRQgHoDAhK5Kqjck4BA&oe=62C8647E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Tue, 12 Apr 2022 10:03:56 GMT
x-haystack-needlechecksum: 3878808173
x-needle-checksum: 3284125582
x-content-cdn-origin-ts: 1656959780130
content-type: image/jpeg
content-digest: adler32=663077874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 215196
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   215196
Md5:    cc441e37f3025da6f866d0cfcda0092c
Sha1:   e34ba7111326713e6fb0ad0f8f88c29942b3c368
Sha256: e13595f291dad0309be765a0dce957ab4f9e97b953b3687750ba704a6dc3d37e
                                        
                                            GET /v/t51.29350-15/285876782_1069482720338470_4185602195639647536_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=CzQHFucf_y8AX-CWuxd&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8_-tW2eE3cuuOt6tI9S_vHTU7y3JjLmAd6__g6KIhDKQ&oe=62C951CC HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Mon, 06 Jun 2022 00:12:03 GMT
x-haystack-needlechecksum: 2550814245
x-needle-checksum: 1536395497
content-type: image/jpeg
content-digest: adler32=1457500344
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 220328
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1004x1256, components 3\012- data
Size:   220328
Md5:    bdce43dc09de1a9ab9965817da393ace
Sha1:   ce7b29aedb662eff7f853797edee37be15d1902a
Sha256: 327ee04c3cdd6e65977018979685e84e710c60e680370f99f10b14d9886e28ce
                                        
                                            GET /v/t51.29350-15/280332235_3089070181407229_7577133435762763679_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=WmKmOsKh7CwAX-4jM84&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9eCKwcA59nuqM6LRZNz_EpBvHtefwg99BozfZDrSXXcQ&oe=62C93F9C HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Tue, 10 May 2022 04:11:50 GMT
x-haystack-needlechecksum: 2738759859
x-needle-checksum: 1284722791
x-content-cdn-origin-ts: 1656924699607
content-type: image/jpeg
content-digest: adler32=536507802
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 269770
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   269770
Md5:    899a93f98e0e81caf83ecc650445e866
Sha1:   85562c6727c24d3e7a3510f0eb7060db3e5eac26
Sha256: 068a23faca66979910a790b9bd8d490f662966084be3ffe928585c04f770d141
                                        
                                            GET /v/t51.29350-15/280569283_560893435398655_7776663101021330165_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GGwljXmf6W8AX8qibM8&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9pR87zvLE8MOldF8eKuuwJjmvUmb8BH8CyWAxsRrCwRg&oe=62C9052E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.240.63
HTTP/2 200 OK
                                        
last-modified: Sat, 14 May 2022 00:20:58 GMT
x-haystack-needlechecksum: 2624670122
x-needle-checksum: 856935395
x-content-cdn-origin-ts: 1656956682150
content-type: image/jpeg
content-digest: adler32=2669243309
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 358909
x-fb-trip-id: 1679558926
date: Tue, 05 Jul 2022 12:28:20 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1052x1316, components 3\012- data
Size:   358909
Md5:    908ce9d131333c575f59a473af46afd4
Sha1:   05ac455f966bd2be3cd0c649939541b25a66cb4e
Sha256: b8208379e9e4c1fce50f0470ada42922a124d89d3ef47691ca96fa9989e395c6