Overview

URL thequeensescape.com/quiaut/charts-459145349.zip
IP108.167.140.136
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-07-06 17:21:37 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-07-06 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-07-06 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-07-06 2 thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style. (...) Malware
2022-07-06 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gute (...) Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=5.8.4 Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4 Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7 Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=5.8.4 Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css (...) Malware
2022-07-06 2 thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4 Malware
2022-07-06 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads (...) Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 Malware
2022-07-06 2 thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont (...) Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (19)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.7
[Mnemonic Passive DNS] r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-07-06 04:41:34 UTC 23.36.76.226
[Mnemonic Passive DNS] fonts.googleapis.com (2) 8877 2017-01-30 04:59:43 UTC 2019-10-16 05:12:41 UTC 142.250.74.10
[Mnemonic Passive DNS] static.cloudflareinsights.com (1) 1294 2020-12-15 12:18:07 UTC 2020-12-15 12:18:07 UTC 104.18.47.230
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-07-06 04:55:23 UTC 54.230.111.7
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] ocsp.pki.goog (7) 175 2017-06-14 07:23:31 UTC 2022-07-06 04:42:12 UTC 142.250.74.3
[Mnemonic Passive DNS] c0.wp.com (4) 6988 No data No data 192.0.77.37
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (2) 1631 2017-09-01 03:40:57 UTC 2022-07-06 15:18:09 UTC 34.120.237.76
[Mnemonic Passive DNS] pixel.wp.com (1) 2545 No data No data 192.0.76.3
[Mnemonic Passive DNS] static.xx.fbcdn.net (1) 661 2017-01-30 05:00:11 UTC 2022-07-06 04:41:57 UTC 157.240.200.14
[Mnemonic Passive DNS] push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2022-07-06 04:47:23 UTC 44.233.140.213
[Mnemonic Passive DNS] fonts.gstatic.com (3) 0 2017-01-30 04:59:51 UTC 2022-07-06 04:41:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] bam.nr-data.net (1) 630 2022-05-18 16:30:58 UTC 2022-07-06 04:45:35 UTC 162.247.241.14
[Mnemonic Passive DNS] thequeensescape.com (16) 0 2020-04-18 07:47:41 UTC 2021-03-16 11:17:28 UTC 108.167.140.136 Unknown ranking
[Mnemonic Passive DNS] ocsp.digicert.com (8) 86 2012-11-29 12:49:49 UTC 2022-07-06 12:49:14 UTC 93.184.220.29
[Mnemonic Passive DNS] www.google-analytics.com (1) 40 2017-01-30 05:00:06 UTC 2022-07-06 06:00:56 UTC 142.250.74.174
[Mnemonic Passive DNS] snapwidget.com (2) 52354 No data No data 104.26.8.123
[Mnemonic Passive DNS] scontent.cdninstagram.com (9) 1107 2017-02-22 19:40:09 UTC 2022-07-06 07:23:52 UTC 157.240.200.63


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 108.167.140.136

Date UQ / IDS / BL URL IP
2022-08-16 03:10:21 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-16 03:09:32 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 22:22:25 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 03:39:14 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 03:36:50 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 19:23:59 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 13:28:30 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:34:27 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:31:12 +0000
0 - 0 - 12 thequeensescape.com/quiaut/iddistinctio-4379189 108.167.140.136
2022-08-09 04:31:07 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136

Last 10 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-08-16 17:08:23 +0000
0 - 0 - 2 yasperfumes.com/lkk/index.html 108.167.164.71
2022-08-16 17:06:17 +0000
0 - 0 - 1 buyinhocomd.com/property/mdpg551096 192.185.78.9
2022-08-16 17:03:44 +0000
0 - 0 - 2 aimic.com/userfiles/file/92878385688.pdf 162.241.5.8
2022-08-16 17:02:09 +0000
0 - 0 - 2 www.reacredit.com.br/painel/wa/simple_slide/p (...) 162.241.203.21
2022-08-16 17:00:28 +0000
0 - 0 - 3 https://hostingparacolombia.com/i9dn32.rar 162.241.85.82
2022-08-16 17:00:22 +0000
0 - 0 - 3 hostingparacolombia.com/i9dn32.rar 162.241.85.82
2022-08-16 16:59:24 +0000
0 - 0 - 1 https://e-commerce.saleensuporte.com.br/z4voa7.rar 192.185.215.34
2022-08-16 16:57:57 +0000
0 - 0 - 3 https://lceventos.net/qqo0sk.tar 162.241.5.72
2022-08-16 16:57:31 +0000
0 - 0 - 1 crmfarko.manivelasst.com/e632uu.tar 162.144.7.57
2022-08-16 16:54:14 +0000
0 - 0 - 2 icscards.nl.online-identificatie.jaitech.co.t (...) 192.185.182.6

Last 10 reports on domain: thequeensescape.com

Date UQ / IDS / BL URL IP
2022-08-16 03:10:21 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-16 03:09:32 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 22:22:25 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 03:39:14 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-14 03:36:50 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 19:23:59 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-08-09 13:28:30 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:34:27 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-08-09 04:31:12 +0000
0 - 0 - 12 thequeensescape.com/quiaut/iddistinctio-4379189 108.167.140.136
2022-08-09 04:31:07 +0000
0 - 0 - 13 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136


JavaScript

Executed Scripts (35)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (67)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 06 Jul 2022 16:56:08 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wjQ94bRAlWkVaXxIeySp13zh31AUkoBVkDFaxezBLoGtcm-1shH4XA==
Age: 1515


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CA12512DFBE8A007255191678A4ECD570026D865AE741C0D3025D8FE1A58659"
Last-Modified: Mon, 04 Jul 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15579
Expires: Wed, 06 Jul 2022 21:41:02 GMT
Date: Wed, 06 Jul 2022 17:21:23 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-08-10-12-10-21.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
last-modified: Tue, 21 Jun 2022 12:10:22 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 06 Jul 2022 03:26:46 GMT
etag: "581454acdd98f34fd3fbabd0977ade29"
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: kM_cvkveuSsIIbhInPyMOHo92fiJCafNJtncuGhwQKeVBPprHLrXtA==
age: 50078
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    581454acdd98f34fd3fbabd0977ade29
Sha1:   d8d86c0b513137aeb85de01cea7b272c35eb6ab4
Sha256: e98f8f33ba5ed59c3cfdf2ae54957ed32652cf0899f3c8db4b5872e3ece1e4eb
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Content-Type, Last-Modified, Alert, Backoff, Pragma, Expires, Content-Length, Cache-Control
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2022 17:17:29 GMT
Cache-Control: max-age=3600
Expires: Wed, 06 Jul 2022 16:51:00 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SOfsyWZGGJJ0bfkyX4_tb2Xptiti06UFLEKmDBhECj16YjFMpiPbRQ==
Age: 2788


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         108.167.140.136
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Wed, 06 Jul 2022 17:21:23 GMT
Server: Apache
Expires: Wed, 06 Jul 2022 18:21:24 GMT
Cache-Control: max-age=3600
X-Redirect-By: redirection
Upgrade: h2,h2c
Connection: Upgrade
Location: https://thequeensescape.com/quiaut/charts-459145349.zip
Content-Length: 0


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2284
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 17:21:24 GMT
Last-Modified: Wed, 06 Jul 2022 16:43:20 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "50F0624A92BD0C026F2F6876AA1A823B55A8244BD4AE979C83D8DFFB6A92A9B4"
Last-Modified: Mon, 04 Jul 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21597
Expires: Wed, 06 Jul 2022 23:21:21 GMT
Date: Wed, 06 Jul 2022 17:21:24 GMT
Connection: keep-alive

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YCKey8zvmvU6IvH/df9qdw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.233.140.213
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EeWjtMzkY33bpwPG0SZQr7mhCpc=

                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         108.167.140.136
HTTP/2 404 Not Found
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thequeensescape.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 14254
content-type: text/html; charset=UTF-8
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18721), with CRLF, LF line terminators
Size:   14254
Md5:    b92ac37b3e84641c2ef34bebe4bf5d17
Sha1:   f186268e89e350df841b5961f75f80cd85a7fde1
Sha256: 800d8e213514e6f773db050e62c32e4e1ecf5bad93bc59a2e12421db6b148fd8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/gutenberg/build/block-library/style.css?ver=13.5.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Fri, 01 Jul 2022 02:12:04 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16565
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   16565
Md5:    a2a21d93bd141e47981efa6ae9a9f1a0
Sha1:   40b3615adaac79881233e454c1be764d935d276a
Sha256: bb2259a01f5d2aad78731f26cfa2e8c77ce913cd68c089c73e7a10d60d5102d9

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.55 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Wed, 22 Jun 2022 23:34:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 155
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   155
Md5:    3940cb443469d5cc737f18bcb99ba882
Sha1:   7787f5b35bce9bd1abf13949bb0a0b4c611eec8f
Sha256: 0c181007406a290193553dc3177b342b85140bc92c9cb8a3026d5f0fd9b22e21

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/fontello.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 801
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   801
Md5:    3fcce85c25147b034d9b34ef0bb102c7
Sha1:   537ac2b5708750fd6694a4ab63ba03efca2a112f
Sha256: b25b8dc638fa4582ffa4617a3e77fab6ea2a69452162514f5c973b827976659a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7524
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  troff or preprocessor input, ASCII text, with very long lines (372)
Size:   7524
Md5:    425b9c5bb524774d7f30160c36771785
Sha1:   af60c1059fb990e6e86ff744f9c286e78f9966e8
Sha256: a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /c/5.8.4/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:25 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Thu, 06 Jul 2023 17:21:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   4498
Md5:    1a82d8d969b71fdee7b9e9db80537b2a
Sha1:   e623ccae002748a90af581343c4c94663e657ec8
Sha256: ead27e10ce3f63212afba143a84b1965d1c3793b13cb765884ded92979c937d6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3400
Expires: Wed, 06 Jul 2022 18:18:06 GMT
Date: Wed, 06 Jul 2022 17:21:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "611E864D4A64EB7175BDED94052A41462E3215D329EF82CBEEA70D511B811E8D"
Last-Modified: Mon, 04 Jul 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3400
Expires: Wed, 06 Jul 2022 18:18:06 GMT
Date: Wed, 06 Jul 2022 17:21:26 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde8f4008-69f3-4766-a957-006ebc39d2e4.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9047
x-amzn-requestid: 8e0eccf9-7f3e-4333-a5d7-a35dd0e068eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: U0BU0HNmoAMFaQA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c4af51-1d81f8e10200694125ede95f;Sampled=0
x-amzn-remapped-date: Tue, 05 Jul 2022 21:38:25 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4HkBGv-aAOwIfyBaFSIlfMPFqYYUaIDzTfUADctfm1g3COtQS_UojA==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Tue, 05 Jul 2022 21:50:58 GMT
age: 70228
etag: "7aa6cd994a565c8b6832d48c1e36b17f33621e90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9047
Md5:    bb2f16af747cd633f71de1966771b532
Sha1:   7aa6cd994a565c8b6832d48c1e36b17f33621e90
Sha256: b61a354007e630a3be3ae0c2c2336d3dd71cec02eab7b4234ebb40f69561acf0
                                        
                                            GET /css?family=Playfair+Display%3A400%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 06 Jul 2022 17:21:26 GMT
date: Wed, 06 Jul 2022 17:21:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   7622
Md5:    e59edf4caa3bd5e13cf7181941ac1a54
Sha1:   fc4224280c02afea76b9a861e13f7ffeaf76ad2d
Sha256: 89aaa76aefbd7c8a2bbe15fdfd4d231e943fc794d44bf8a36e4a39166d04e871
                                        
                                            GET /css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 06 Jul 2022 17:21:26 GMT
date: Wed, 06 Jul 2022 17:21:26 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   13094
Md5:    6c879605d16248243986154cd34c0f58
Sha1:   3975e085ee4ee38b627ec587369dd397dcc94f43
Sha256: e818606727dc045da3435b107e57021400f82939283d3d3b11ecbd34ba333541
                                        
                                            GET /c/5.8.4/wp-includes/js/wp-embed.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:25 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
content-encoding: br
expires: Thu, 06 Jul 2023 17:21:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1391)
Size:   7375
Md5:    ca2e7ae3a4dceb183a33db44b920c263
Sha1:   3facd4d1e8282924b031652fdb8e065894b77ae4
Sha256: 38265533b1b50c2d80103ab2e1172f36cdd021ff33a4e8a80205330ef878d8a8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F431f287f-9907-47aa-be38-0ff4e6db75fc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 8553
x-amzn-requestid: 2c1e16d1-357b-493e-bcf7-b4de1a34757f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Utd8tEKYIAMFbmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62c21051-7382cb3050c6f13d70dd3706;Sampled=0
x-amzn-remapped-date: Sun, 03 Jul 2022 21:55:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wcT3TQNc1zixQ773IGnG_ghBAa2ELekTK0IyHJ3q_7RrgUTZ83spGQ==
via: 1.1 bd6f70221217681265382902c6157c76.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 06 Jul 2022 03:11:53 GMT
age: 50973
etag: "303f4efaa9b98e39a935fc6514d3731d40d2977c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8553
Md5:    e6f97e6b64100081e8bed56216564854
Sha1:   303f4efaa9b98e39a935fc6514d3731d40d2977c
Sha256: 92dd803f1633bd65a2b4ac3223d8aa93dd55ed64c74b338aff62323585a3623c
                                        
                                            GET /p/jetpack/10.9/css/jetpack.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 12 Apr 2022 17:20:54 GMT
content-encoding: br
expires: Thu, 06 Jul 2023 17:21:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size:   21597
Md5:    345c592234a4239d0ff719216f4dca07
Sha1:   dd5904a1a97fd19494cbd7bee9760281769348c7
Sha256: 782e47274274db38cbd39db894a4f343b2d79cdd3b12f41610f7e01e5408f377
                                        
                                            GET /wp-content/themes/ashe/style.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15480
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1145), with CRLF line terminators
Size:   15480
Md5:    e954c0305a499992971e13f5cd4b3b1a
Sha1:   64977fc16dbddf3903621cfc9835dbf828081b90
Sha256: 962d5b34c1dccd41fa3bbcf98692cd76dd77892aa62558325f5f3a9529272983

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/slick.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 464
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   464
Md5:    fec0675d238ab63f20af3798679ee257
Sha1:   fecccd03ed91c3755f6c4ce1564682ad6065958b
Sha256: 6a3384ea7d5c54d405f6f63fe7ff8ccc550f2644670dd31a077653dbd0a18750

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 399
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   399
Md5:    626de1992de89bc6a753723ac232ec2f
Sha1:   d72ab26603b7bc512e424e4a6791098d0f1cf451
Sha256: fb52056de07749e6bcddb97b622780deabfe852a4058216724600b01190b6eff

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2774
content-type: text/css
date: Wed, 06 Jul 2022 17:21:25 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2774
Md5:    a9a04336d6412016b1c3398521d3de2c
Sha1:   071d301c2966d68abbf364e94b8acbecdbf350a3
Sha256: 5a5ea7abafc8c05557d4c717463a4995529b5c22d61d03d57af226898e4bc2ef
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=5.8.4 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Wed, 09 Jun 2021 08:45:12 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5243
content-type: application/javascript
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15224)
Size:   5243
Md5:    00af0ddf324f69fcb25f0d2e5d08910a
Sha1:   df0379ab0e1b2902957c8aba77f89d88e1239b59
Sha256: f0a06ed3b8d3917b358def04d87668001cd1c6da31a5cb4bb452313feb64a2a7

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.55 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Wed, 22 Jun 2022 23:34:33 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
content-type: application/javascript
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   66
Md5:    35f69e2dd0d86627f53cb0eacfa6f4a5
Sha1:   c2d482462450addcd50d03b0704ef023150c8c80
Sha256: 932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5150
content-type: application/javascript
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10620), with CRLF line terminators
Size:   5150
Md5:    1d8c9a1d5e603072bc8944c95fae6bd4
Sha1:   a679a7559e82184333423161a9487b7a10d8a787
Sha256: 613da5ea52bc16ed442cc77ec65f1987f1f51fed15489025bd08d710fadc9dbe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3854
Cache-Control: max-age=134076
Date: Wed, 06 Jul 2022 17:21:26 GMT
Etag: "62c51e44-1d7"
Expires: Fri, 08 Jul 2022 06:36:02 GMT
Last-Modified: Wed, 06 Jul 2022 05:31:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /g.gif?v=ext&j=1%3A10.9&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=0&rand=0.5003906250481882 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.76.3
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:26 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /c/5.8.4/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
                                        
server: nginx
date: Wed, 06 Jul 2022 17:21:25 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Thu, 06 Jul 2023 17:21:25 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11256), with no line terminators
Size:   2866
Md5:    1488f30495ec920f38badf18dbeb0150
Sha1:   5b87a04917b1622f006207e2193e6a274c15e9fc
Sha256: 28fb61444d820df3467a5cfd112a0ddac1b289dbb21c1531e0983d3ccaa2adf3
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16720
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:34:58 GMT
expires: Thu, 29 Jun 2023 19:34:58 GMT
cache-control: public, max-age=31536000
age: 596788
last-modified: Wed, 11 May 2022 19:25:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 16720, version 1.0\012- data
Size:   16720
Md5:    c416910cae8fe4258cdf8c35933e9f4c
Sha1:   4a768ba0a3abc49b572c08c235db9f066ffc2b18
Sha256: 9434dddcdf38e072b039bb92f9e90639ec0e0563e8ff51604a60d91830c29289
                                        
                                            GET /s/playfairdisplay/v29/nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDXbtM.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19784
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:32:53 GMT
expires: Thu, 29 Jun 2023 19:32:53 GMT
cache-control: public, max-age=31536000
age: 596913
last-modified: Wed, 27 Apr 2022 16:55:47 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 19784, version 1.0\012- data
Size:   19784
Md5:    2afc074b0a28a247a63a4bf7821476ee
Sha1:   bf13679b67c48e47947b3a044732b1cc55abc094
Sha256: 23a38ec96550f1c1cc8d6e9f83f9dc7dfeb046bd2d0d67db1590c86e7a098a70
                                        
                                            GET /s/opensans/v29/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Jun 2022 19:35:18 GMT
expires: Thu, 29 Jun 2023 19:35:18 GMT
cache-control: public, max-age=31536000
age: 596768
last-modified: Wed, 11 May 2022 19:25:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 16796, version 1.0\012- data
Size:   16796
Md5:    f39b602d1b08fc398343e5c11cf8cd87
Sha1:   944ea7b3ca302c92a6414f203ab47803da20948b
Sha256: 511b67b07a90c30bed95a6e3b1a7708d978d53f01e5fad89403590aaf22fb134
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3854
Cache-Control: max-age=134076
Date: Wed, 06 Jul 2022 17:21:26 GMT
Etag: "62c51e44-1d7"
Expires: Fri, 08 Jul 2022 06:36:02 GMT
Last-Modified: Wed, 06 Jul 2022 05:31:48 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /rsrc.php/v3/yE/l/0,cross/PT_cki149Gq.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.14
HTTP/2 200 OK
                                        
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Thu, 06 Jul 2023 15:11:47 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: 1Bb1iI9Ok7wLcXUYnVlGUw==
x-fb-debug: rZ9ucDj4hqV64UcNhViPPVLCC+QIl1NfDPKZM4mKCoExCY2EwNLRzHBPbED8FD9urWecdRQ2tURU6+b+zMOghg==
content-length: 4800
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4093)
Size:   4800
Md5:    d416f5888f4e93bc0b7175189d594653
Sha1:   46f0d8d75a9659c89d3a14d0014bfc6ba3200cea
Sha256: b383b179610cf6d47b247e6d90c1194ad8c18a832241a690c28a52236f0c9e8c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Wed, 06 Jul 2022 16:41:12 GMT
expires: Wed, 06 Jul 2022 18:41:12 GMT
cache-control: public, max-age=7200
age: 2414
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20006
Md5:    56f5d7f608e25d64207135f045f988cb
Sha1:   901eb59372ae330ae85e1384da93479b21ae1082
Sha256: 1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
                                        
                                            GET /js/embed.vendor.min.2f17f0b14ee46c5a.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 17:21:26 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"62b144c8-9e1"
last-modified: Tue, 21 Jun 2022 04:10:48 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 155518
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cmQe6c0R24KitX6zXCf85bhIL1d1jdpYypji1X10miwPVjlCEWLNRcfnpD366T0K2VaaDv53b4fXBoerJ4%2Fz2SQ4THsTF6JbMMT6KesAukhTXzRE7B330MbBk3vTHPfY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 726a044c5890b505-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2529), with no line terminators
Size:   1610
Md5:    8b80b5df7e28d4462080c45f04a8dbf4
Sha1:   80510ff1743e68cb9f8ff1f34effe3dc5c907c09
Sha256: 7587ad169c6cbf3fefed1697ae36a6876ec9043221642a3fa8ebbd9dfca1e00d
                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.47.230
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 17:21:26 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 726a044c8aa6b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (45992)
Size:   19537
Md5:    8b2c07d821d7d613fcae8481d517ae6c
Sha1:   9a29f0d5292a4b7ea6233665b816c833d6f40bbb
Sha256: be64d9e91bd2b62745efc87f9a937615d1cfe1204f65caab367669d0251394ca
                                        
                                            GET /wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 08 Sep 2020 17:45:37 GMT
accept-ranges: bytes
content-length: 385740
content-type: image/png
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 884 x 281, 8-bit/color RGBA, non-interlaced\012- data
Size:   385740
Md5:    f5f4dadc12f2095457c222d305a98385
Sha1:   054b4a891d2a2c3fd2d378aaf6e9e1d1447599ec
Sha256: 74ecdf4c6a34157fc496e23e91d1c1e5b8a6505e7014d85b6580ac24f122a2e6
                                        
                                            GET /wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=5.8.4
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Tue, 05 Jul 2022 08:57:13 GMT
accept-ranges: bytes
content-length: 77160
content-type: font/woff2
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-32x32.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 2260
content-type: image/png
date: Wed, 06 Jul 2022 17:21:26 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2260
Md5:    bfa3f0092d461e80f51b30ab5fa21dfd
Sha1:   6c580b1c67bb413f89883f11265066484a3c64ea
Sha256: 2fe38259678102b0e58fc32af42f3a5ef84ceec402322736c194c189cf228e65
                                        
                                            GET /js/embed.main.min.b61fafc5de1ae792.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
                                        
date: Wed, 06 Jul 2022 17:21:26 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"62b144cb-b2e"
last-modified: Tue, 21 Jun 2022 04:10:51 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 172125
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OzUzB3ZyRubHBmwPLrJypYSmFTO0wfV3VjeMcSnYnhE%2FrKjj9XPUZPm0InhLywT8CX29APXzVwFtRCPDh%2BR7Gpv9nkmH1EeK516HGaXQJU4Ett8pE5VsDsgdC%2BPWXmNN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 726a044c6899b505-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2862), with no line terminators
Size:   41518
Md5:    fe98c36a169bd2478222e057cee4d316
Sha1:   c2a1b8a90983f30f0e30c63ec403f6a7cb6f907f
Sha256: 11caa5fb2af88e0af660f436c7d0ed628d06e056e2d46bf65bb5b5588d6a63e3
                                        
                                            GET /1/a53393d12f?a=453137&v=1216.487a282&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=434&ck=1&ref=https://snapwidget.com/embed/705883&ap=52&be=191&fe=364&dc=268&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1657128086207,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:6,%22rp%22:166,%22rpe%22:167,%22dl%22:172,%22di%22:247,%22ds%22:267,%22de%22:267,%22dc%22:363,%22l%22:363,%22le%22:364%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Wed, 06 Jul 2022 17:21:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 726a044dfd05b50f-OSL
Access-Control-Allow-Origin: *
Set-Cookie: JSESSIONID=f4920128c4ed058f; Path=/; Domain=.nr-data.net; Secure; SameSite=None
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   73
Md5:    516a128bb6000ca8154792678f4333fb
Sha1:   41d0257bea96afd36c6f3e40fcfdc9ca247f8e01
Sha256: 9fa62b52f24b87a40410fe842cb9be494abed114a2eac2eb406c8b4a4d372d10
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1442
Cache-Control: max-age=99213
Date: Wed, 06 Jul 2022 17:21:26 GMT
Etag: "62c49f81-1d7"
Expires: Thu, 07 Jul 2022 20:54:59 GMT
Last-Modified: Tue, 05 Jul 2022 20:30:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1442
Cache-Control: max-age=99213
Date: Wed, 06 Jul 2022 17:21:26 GMT
Etag: "62c49f81-1d7"
Expires: Thu, 07 Jul 2022 20:54:59 GMT
Last-Modified: Tue, 05 Jul 2022 20:30:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6079
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 17:21:26 GMT
Last-Modified: Wed, 06 Jul 2022 15:40:07 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2706
Cache-Control: 'max-age=158059'
Date: Wed, 06 Jul 2022 17:21:26 GMT
Last-Modified: Wed, 06 Jul 2022 16:36:20 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1442
Cache-Control: max-age=99213
Date: Wed, 06 Jul 2022 17:21:26 GMT
Etag: "62c49f81-1d7"
Expires: Thu, 07 Jul 2022 20:54:59 GMT
Last-Modified: Tue, 05 Jul 2022 20:30:57 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v/t51.29350-15/280027849_138160538794763_1097565410079618103_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=i5zy17RNT3wAX8Md-OP&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8acwJYGIj4AXbPrzjSCQfxEjmQaeuz9mWK-PuqVWbTLQ&oe=62CBB066 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Sun, 08 May 2022 03:11:38 GMT
x-haystack-needlechecksum: 3976056420
x-needle-checksum: 3509295565
x-content-cdn-origin-ts: 1657098161779
content-type: image/jpeg
content-digest: adler32=1180900908
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 64141
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 696x870, components 3\012- data
Size:   64141
Md5:    64314c16792506282d548e164e7723a6
Sha1:   30692a5bb8ae7266a7c28d03bf2657f3246d7ea6
Sha256: 1a694ae255a8c251525ffa99fa5277470c93ef28ba8a8cec7291d8d24b5abf59
                                        
                                            GET /v/t51.29350-15/278853672_380226003986558_2902118402150450259_n.webp?stp=dst-jpg&_nc_cat=107&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=sXrAOfvAqO8AX_tTw6B&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_hPuEJVCq9iLUpXzDZ0gMwnc0os3ZkP2N8KuqsyZoVEA&oe=62CB01BE HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Thu, 21 Apr 2022 09:50:31 GMT
x-haystack-needlechecksum: 2033006132
x-needle-checksum: 3157969881
x-content-cdn-origin-ts: 1657002083176
content-type: image/jpeg
content-digest: adler32=942912085
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 195427
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   195427
Md5:    8aa7e9363ab7a6f3dbd317399f29d59c
Sha1:   f79cb1b62b57be36d993beb4a87adfa5652727ec
Sha256: f0d1b9b21370daeb53ae2c9ad5e77a77877082e66ff1478bca6a978eb8f55a4c
                                        
                                            GET /v/t51.29350-15/286412291_152644647329727_8091110261468911622_n.webp?stp=dst-jpg&_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=FMQptpoF-WYAX_IdM2X&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT88XUzs-AMflgmR-d1k-JwPxGKQi7_eFQo8wuj2GQVrIQ&oe=62CA193E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Wed, 08 Jun 2022 04:59:12 GMT
x-haystack-needlechecksum: 1586828437
x-needle-checksum: 3403400308
x-content-cdn-origin-ts: 1657029456459
content-type: image/jpeg
content-digest: adler32=637254533
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 136947
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   136947
Md5:    7d7c2e1ea4328854a862d531356309ec
Sha1:   d8aec582410ad268ad1b24e69fd3ab030edcf888
Sha256: cb5a18ea03ae120806e1ed1bf459fb55f70eece13dfc9a0a0b8750ffe2c163b4
                                        
                                            GET /v/t51.29350-15/285876782_1069482720338470_4185602195639647536_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=CzQHFucf_y8AX9JQc-9&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-TcsRNTz_rQZrVnt99akGbDWru36jWvi4PCwzxz0bCQw&oe=62CB4C0C HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Mon, 06 Jun 2022 00:12:03 GMT
x-haystack-needlechecksum: 2550814245
x-needle-checksum: 1536395497
content-type: image/jpeg
content-digest: adler32=1457500344
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 220328
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1004x1256, components 3\012- data
Size:   220328
Md5:    bdce43dc09de1a9ab9965817da393ace
Sha1:   ce7b29aedb662eff7f853797edee37be15d1902a
Sha256: 327ee04c3cdd6e65977018979685e84e710c60e680370f99f10b14d9886e28ce
                                        
                                            GET /v/t51.29350-15/279961423_369086411851005_4811844416311322927_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=xXIBA08i9pQAX-BvJ4_&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8hr6p--uRSWP0U1Gayy5gUwljvN9LhUrRVpDEtL-VFXQ&oe=62CA616D HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Fri, 06 May 2022 09:39:00 GMT
x-haystack-needlechecksum: 3073358330
x-needle-checksum: 3420874169
x-content-cdn-origin-ts: 1657098161780
content-type: image/jpeg
content-digest: adler32=409500873
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 205676
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1802, components 3\012- data
Size:   205676
Md5:    b928c87dd1cb00eb6aa5853fac38cc90
Sha1:   cbba55a8df4f7f49f5be284149cc7530ac827d6c
Sha256: ed225dcad34d3743775b87df0cd5701640e7beba8e2c863a213a9efa49269fe7
                                        
                                            GET /v/t51.29350-15/278210508_555669385766718_7685159737034062884_n.webp?stp=dst-jpg&_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=ZxKn-cvqU5gAX8uc-cu&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_qzhCQkyJwqwlpV2i0tQjOWRbF9NqTb9IW8ddTp1sivw&oe=62CA5EBE HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Tue, 12 Apr 2022 10:03:56 GMT
x-haystack-needlechecksum: 3878808173
x-needle-checksum: 3284125582
content-type: image/jpeg
content-digest: adler32=663077874
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 215196
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   215196
Md5:    cc441e37f3025da6f866d0cfcda0092c
Sha1:   e34ba7111326713e6fb0ad0f8f88c29942b3c368
Sha256: e13595f291dad0309be765a0dce957ab4f9e97b953b3687750ba704a6dc3d37e
                                        
                                            GET /v/t51.29350-15/286960917_1144058099492919_2690375849574230424_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=W0Jba2X0RIUAX-2AQkD&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8P1KArPCQavPvA6q-CYf1Yg5-fEpiKOuWY27Dqr8-Pdg&oe=62CA1988 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Sat, 11 Jun 2022 23:52:34 GMT
x-haystack-needlechecksum: 1197980126
x-needle-checksum: 1577350853
x-content-cdn-origin-ts: 1657090321734
content-type: image/jpeg
content-digest: adler32=352044999
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 269142
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   269142
Md5:    768e16515e63096068bf4c0d4f1fac80
Sha1:   edb462ee10919cabe321ae21488e46b160b02279
Sha256: 9e55d742e0e557b313463af5f5172db171551692b18c44ac23f393a146131442
                                        
                                            GET /v/t51.29350-15/280332235_3089070181407229_7577133435762763679_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=WmKmOsKh7CwAX_rFgOL&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8SP-PyisVEDU57-WFHNwcMiyH2y4N8jM1MCV4us7iRCA&oe=62CB39DC HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Tue, 10 May 2022 04:11:50 GMT
x-haystack-needlechecksum: 2738759859
x-needle-checksum: 1284722791
x-content-cdn-origin-ts: 1657087427680
content-type: image/jpeg
content-digest: adler32=536507802
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 269770
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   269770
Md5:    899a93f98e0e81caf83ecc650445e866
Sha1:   85562c6727c24d3e7a3510f0eb7060db3e5eac26
Sha256: 068a23faca66979910a790b9bd8d490f662966084be3ffe928585c04f770d141
                                        
                                            GET /v/t51.29350-15/280569283_560893435398655_7776663101021330165_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GGwljXmf6W8AX8Ftp4g&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_WrXBbItRviGQpw0WGQxCFUM_7dMW2I7TNaUg-kjPVYw&oe=62CAFF6E HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         157.240.200.63
HTTP/2 200 OK
                                        
last-modified: Sat, 14 May 2022 00:20:58 GMT
x-haystack-needlechecksum: 2624670122
x-needle-checksum: 856935395
content-type: image/jpeg
content-digest: adler32=2669243309
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 358909
x-fb-trip-id: 1679558926
date: Wed, 06 Jul 2022 17:21:26 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1052x1316, components 3\012- data
Size:   358909
Md5:    908ce9d131333c575f59a473af46afd4
Sha1:   05ac455f966bd2be3cd0c649939541b25a66cb4e
Sha256: b8208379e9e4c1fce50f0470ada42922a124d89d3ef47691ca96fa9989e395c6