Overview

URL thequeensescape.com/quiaut/charts-459145349.zip
IP108.167.140.136
ASNUNIFIEDLAYER-AS-1
Location United States
Report completed2022-09-09 13:25:59 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-09-09 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-09-09 2 thequeensescape.com/quiaut/charts-459145349.zip Malware
2022-09-09 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gute (...) Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7 Malware
2022-09-09 2 thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style. (...) Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2 Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css (...) Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2 Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2 Malware
2022-09-09 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js Malware
2022-09-09 2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads (...) Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 Malware
2022-09-09 2 thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont (...) Malware
2022-09-09 2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2 Malware
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (21)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-09 05:37:59 UTC 143.204.55.27
mnemonic passive DNS ocsp.digicert.com (9) 86 2012-05-21 07:02:23 UTC 2022-09-09 12:02:18 UTC 93.184.220.29
mnemonic passive DNS scontent.cdninstagram.com (8) 1107 2015-03-24 22:31:41 UTC 2022-09-09 10:45:37 UTC 31.13.72.53
mnemonic passive DNS www.facebook.com (1) 99 2017-01-30 05:00:00 UTC 2022-09-09 04:28:11 UTC 31.13.72.36
mnemonic passive DNS thequeensescape.com (19) 0 2019-11-03 19:43:31 UTC 2022-09-09 13:00:16 UTC 108.167.140.136 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-09 04:48:21 UTC 34.117.237.239
mnemonic passive DNS fonts.googleapis.com (2) 8877 2014-07-21 13:19:55 UTC 2022-09-09 09:00:59 UTC 142.250.74.10
mnemonic passive DNS c0.wp.com (5) 6988 2018-09-24 15:59:05 UTC 2022-09-09 07:13:32 UTC 192.0.77.37
mnemonic passive DNS js-agent.newrelic.com (9) 378 2017-01-30 05:00:15 UTC 2022-09-09 04:40:57 UTC 151.101.86.137
mnemonic passive DNS bam.nr-data.net (1) 630 2015-02-10 00:06:27 UTC 2022-09-09 04:40:58 UTC 162.247.241.14
mnemonic passive DNS stats.wp.com (1) 2711 2017-01-30 05:06:59 UTC 2022-09-09 05:20:01 UTC 192.0.76.3
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-09 04:47:11 UTC 143.204.55.25
mnemonic passive DNS ocsp.pki.goog (6) 175 2017-06-14 07:23:31 UTC 2022-09-09 04:41:59 UTC 142.250.74.3
mnemonic passive DNS pixel.wp.com (1) 2545 2017-01-30 05:31:40 UTC 2022-09-09 05:56:15 UTC 192.0.76.3
mnemonic passive DNS static.xx.fbcdn.net (1) 661 2012-12-01 13:12:13 UTC 2022-09-09 04:41:04 UTC 31.13.72.12
mnemonic passive DNS snapwidget.com (10) 52354 2012-07-20 15:48:14 UTC 2022-09-09 07:18:32 UTC 104.26.8.123
mnemonic passive DNS static.cloudflareinsights.com (1) 1294 2019-09-24 14:34:56 UTC 2022-09-09 06:52:00 UTC 104.18.47.230
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-09 07:18:24 UTC 34.120.237.76
mnemonic passive DNS r3.o.lencr.org (7) 344 2020-12-02 08:52:13 UTC 2022-09-09 04:40:05 UTC 23.36.77.32
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-09 04:43:53 UTC 54.149.101.24
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-09 04:41:01 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 108.167.140.136

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-09 13:25:59 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136

Last 5 reports on ASN: UNIFIEDLAYER-AS-1

Date UQ / IDS / BL URL IP
2022-12-09 12:37:07 +0000
13 - 0 - 3 abdezrt1.tk/docusign20/docusign/ 142.4.19.50
2022-12-09 12:36:13 +0000
0 - 0 - 1 decimalinventory.kosmoscentral.com/wp-admin/i (...) 192.163.210.221
2022-12-09 12:35:03 +0000
0 - 0 - 1 terramarbrands.com/online/4685ede1d9fe3fe9666 (...) 162.241.103.53
2022-12-09 12:34:32 +0000
0 - 0 - 1 terramarbrands.com/online/aeb9cef34a46399fbac (...) 162.241.103.53
2022-12-09 12:34:21 +0000
0 - 0 - 1 terramarbrands.com/online/721a7085fa1bf08c6ac (...) 162.241.103.53

Last 5 reports on domain: thequeensescape.com

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-09 13:25:59 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-09-12 17:24:03 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-12 17:21:35 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-10 12:51:04 +0000
0 - 0 - 14 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136
2022-09-10 12:49:23 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-459145349.zip 108.167.140.136
2022-09-08 11:17:02 +0000
0 - 0 - 15 thequeensescape.com/quiaut/charts-4197372583.zip 108.167.140.136


JavaScript

Executed Scripts (42)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (94)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 13:05:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wGq9UuBjZhYpyR7sg-ie_onyBmY9lFdzcYorx_xPZHLKOryfZXhmkw==
Age: 1201


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    99b7d23c1748d0526782b9ff9ea45f09
Sha1:   eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
Sha256: 48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9666
Expires: Fri, 09 Sep 2022 16:06:54 GMT
Date: Fri, 09 Sep 2022 13:25:48 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.25
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nm9UtNeHKd6Vko-MXzRJknZw6ULPR4Lb3Oh3AgorftUIq4avbXqMLg==
age: 34754
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    742edb4038f38bc533514982f3d2e861
Sha1:   cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
Sha256: b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         108.167.140.136
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 09 Sep 2022 13:25:48 GMT
Server: Apache
Expires: Fri, 09 Sep 2022 14:25:48 GMT
Cache-Control: max-age=3600
X-Redirect-By: redirection
Upgrade: h2,h2c
Connection: Upgrade
Location: https://thequeensescape.com/quiaut/charts-459145349.zip
Content-Length: 0


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:48 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 12:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 13:40:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 39vRTuTM_zEPNPMcgF7dTq6ocqnbW5lT3EY5cZUPX4hGXaO8VEnk1g==
Age: 1782


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "08DB70931C2579DFB779F8E1CE4B37861DD2D9AB4F51D120C029CE4A177279C4"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13434
Expires: Fri, 09 Sep 2022 17:09:43 GMT
Date: Fri, 09 Sep 2022 13:25:49 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6556
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:49 GMT
Last-Modified: Fri, 09 Sep 2022 11:36:33 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /quiaut/charts-459145349.zip HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         108.167.140.136
HTTP/2 404 Not Found
content-type: text/html; charset=UTF-8
                                        
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thequeensescape.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 14795
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18721), with CRLF, LF line terminators
Size:   14795
Md5:    3330db71a32c3f33bea057e839341e76
Sha1:   1529508230bdd5d4eb58af8c64a454c6be8d2a41
Sha256: d00cee3a7e3af1c988055ba0a30da1a8867d44843a213c80128ff3d6abf2941c

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qpD4UHeqsAGYI8hMOF2Rrg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.101.24
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: G8WJyRT0KAT4CjA2vVXnUuzSxfo=

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.59 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 155
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   155
Md5:    3940cb443469d5cc737f18bcb99ba882
Sha1:   7787f5b35bce9bd1abf13949bb0a0b4c611eec8f
Sha256: 0c181007406a290193553dc3177b342b85140bc92c9cb8a3026d5f0fd9b22e21

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/style.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15480
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1145), with CRLF line terminators
Size:   15480
Md5:    03ab0bbdbc9cfde2ca00b2024a19f6f0
Sha1:   037f754bac6aaad7b44e62c0605e8ac6f8e2e88c
Sha256: 5515d8de0d37d1a9cbe4d1181a8c08a415411aa91aaa3b7cc99adac3bc7835f8

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Thu, 01 Sep 2022 14:10:25 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16887
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   16887
Md5:    a195eb15b604d4705bd7a976cebcdb86
Sha1:   5665ff38c79c355f9cb38c7121527f608aca24dd
Sha256: 749920650adafc47ca4797ddf504c7d3312891ebdc0cdc61a950ca7ac195bc00

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 801
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   801
Md5:    3fcce85c25147b034d9b34ef0bb102c7
Sha1:   537ac2b5708750fd6694a4ab63ba03efca2a112f
Sha256: b25b8dc638fa4582ffa4617a3e77fab6ea2a69452162514f5c973b827976659a

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 399
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   399
Md5:    626de1992de89bc6a753723ac232ec2f
Sha1:   d72ab26603b7bc512e424e4a6791098d0f1cf451
Sha256: fb52056de07749e6bcddb97b622780deabfe852a4058216724600b01190b6eff

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 464
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   464
Md5:    fec0675d238ab63f20af3798679ee257
Sha1:   fecccd03ed91c3755f6c4ce1564682ad6065958b
Sha256: 6a3384ea7d5c54d405f6f63fe7ff8ccc550f2644670dd31a077653dbd0a18750

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2774
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   2774
Md5:    a9a04336d6412016b1c3398521d3de2c
Sha1:   071d301c2966d68abbf364e94b8acbecdbf350a3
Sha256: 5a5ea7abafc8c05557d4c717463a4995529b5c22d61d03d57af226898e4bc2ef
                                        
                                            GET /wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: text/css
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7524
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  troff or preprocessor input, ASCII text, with very long lines (372)
Size:   7524
Md5:    425b9c5bb524774d7f30160c36771785
Sha1:   af60c1059fb990e6e86ff744f9c286e78f9966e8
Sha256: a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   66
Md5:    35f69e2dd0d86627f53cb0eacfa6f4a5
Sha1:   c2d482462450addcd50d03b0704ef023150c8c80
Sha256: 932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.59 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   66
Md5:    35f69e2dd0d86627f53cb0eacfa6f4a5
Sha1:   c2d482462450addcd50d03b0704ef023150c8c80
Sha256: 932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5150
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (10620), with CRLF line terminators
Size:   5150
Md5:    1d8c9a1d5e603072bc8944c95fae6bd4
Sha1:   a679a7559e82184333423161a9487b7a10d8a787
Sha256: 613da5ea52bc16ed442cc77ec65f1987f1f51fed15489025bd08d710fadc9dbe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Thu, 01 Sep 2022 14:09:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   5321
Md5:    710f8b142ea44c0682dc2c30f318f065
Sha1:   49144e9b3a76d3d383b1d4359cf7a25e947f4233
Sha256: 708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6433
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:38:37 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /g.gif?v=ext&j=1%3A11.3&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=0&rand=0.8659109005416025 HTTP/1.1 
Host: pixel.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         192.0.76.3
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:50 GMT
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 6 x 5\012- data
Size:   50
Md5:    e4d673a55c5656f19ef81563fb10884c
Sha1:   1f2d8ed221d39329251ad3a6ff1edb20b7219443
Sha256: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
                                        
                                            GET /css?family=Playfair+Display%3A400%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 13:25:49 GMT
date: Fri, 09 Sep 2022 13:25:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /c/6.0.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30781
Md5:    52a4c7b482494d7dac191c10956ff6ee
Sha1:   897f732e32a6c1030836a0bfd3d8e2ca727cdc68
Sha256: 9f17b85680bc8b1c1adefc9e42f885149c4cf1a81ed7476c58b20e2fecb16fe1
                                        
                                            GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
age: 276889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size:   44856
Md5:    565ce506190ad3af920b40baf1794cec
Sha1:   ad3cba5d06100e09449a864d3b5e58403b478b3d
Sha256: 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
                                        
                                            GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:14:36 GMT
expires: Tue, 05 Sep 2023 21:14:36 GMT
cache-control: public, max-age=31536000
age: 317474
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Size:   35764
Md5:    60f23230f1a8d5c3b7d25b73f5b5ce23
Sha1:   ed08ada85d017893b9bcb8224e99154c6708f5d2
Sha256: 22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6433
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:38:37 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /rsrc.php/v3/yq/l/0,cross/pcbHOU-8oL4.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1 
Host: static.xx.fbcdn.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.12
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
content-encoding: br
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Sep 2023 17:07:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: pHCmfzwMnsr6MOQqAk27vg==
x-fb-debug: 1ysmLXEMynPlfLdn7fQdr3sue2ZUz/x25WWZR2JVCNn1gazqc3S6zwJVfiTCoJBtD+3ZC7fm42ndibfXUYheog==
priority: u=3,i
content-length: 4980
x-fb-trip-id: 1904183273
date: Fri, 09 Sep 2022 13:25:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (4093)
Size:   4980
Md5:    a470a67f3c0c9ecafa30e42a024dbbbe
Sha1:   09ea822a7c825d9e60deee47a1bc98106cdb1711
Sha256: b1f7562cfd97296a7ab425c8610c0691425ca260963adc3d48e25dfb9a0cf006
                                        
                                            GET /images/post_type_icons.png HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/stylesheets/embed.style.min.307799cd3bc5b2ee.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
content-length: 2288
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2778
content-disposition: inline; filename="post_type_icons.webp"
vary: Accept
etag: "63034179-ada"
last-modified: Mon, 22 Aug 2022 08:42:33 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 921808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgjBK5mIYb1oz8D2nEw1%2FMiujdy5uqbT%2FFlNVSLAP1CenIj%2BuKHdKGGaxaWpNOLZleLPUA2KvRdNP0NUoPl7BP%2BXhGE%2F78t5lCrIuR7IfBABAs5uDwN5uot4%2BgXSbG5l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408ddfdc0b65-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   2288
Md5:    b1be0c2f033b57b3163449e354d56c58
Sha1:   c85bc26ee45b104a8426e86d735ba37e1f2b233c
Sha256: 367635abeaa40ce11827271d48fd0ae5fa723bd00c398af5d1b8c8f6aa56d479
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1 
Host: static.cloudflareinsights.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.47.230
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7480408d7c88fabc-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (13984)
Size:   25152
Md5:    9201d083d0df059945ac53b056ba3a54
Sha1:   84282a1852477bb802b414b51c4cf0153605e5a6
Sha256: 169b5448929d22e7b958cbac1e713bf64d82eaba9af51d837878c832322b32c9
                                        
                                            GET /js/embed.vendor.min.2f17f0b14ee46c5a.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
etag: W/"62f0b6d6-9e1"
last-modified: Mon, 08 Aug 2022 07:10:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 918976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3IAKbKozVtZ8uypAiNicqjA%2BUFJHsthdRPrfZkZoWa80ZFCIXML%2FIpSMqwuLu5gDVHBYcAckBwLrdrPjgmPQZ191lIf4XFPzR4eZIqW4VB2AmGuUEajTMoeb%2F88Q72yC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f3c0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2529), with no line terminators
Size:   1611
Md5:    63314c35400a93628d2240a511382987
Sha1:   fc5795bdeb059bfb44d75ed9b3bce5bd41550de1
Sha256: 4ed5a99cd656b8969c6d46b6b1b4c35de6d0b3ff4c9835f8e2752865f8f24167
                                        
                                            GET /552.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: Q/t5BGhKVMIykrAdR5FFe/dPM06qKL0rUbjkI+eZ2oDVTqmVaqRkUOniPUs9n0JkeEkNXmUc8jQ=
x-amz-request-id: 4J3M8A3KRF96MPMA
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "1e4dac4a08afb19f2f81a269e723f296"
x-amz-version-id: ViSo1WN.IFY8SZVXZ5w0n2d38KPGl0Eg
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 306
x-timer: S1662729951.503152,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5891
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (21423)
Size:   5891
Md5:    49ed8deb776fffe2ae9f806c9e606a2a
Sha1:   1e45759eeb3238676279cac7e16387090fb4ed4e
Sha256: 748fa0914cca548f5432e2fca163db37a4c873efaf7bda32aaebf4ea216fdccd
                                        
                                            GET /820.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: 4Pseszwic0OFj2v1UoNnqCJt85Bq3DvEyW91wRTUhYRwboEoAWXWtqvxeHzYJ18vEHX/1WZYobQ=
x-amz-request-id: W9ZDC6HXQFGHMAHZ
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "9f13834674bf0537e1da7b82ac24bd0a"
x-amz-version-id: uHGvnCpNCW.uTOZntZeC2bN06SMRV1Mw
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 182
x-timer: S1662729951.548051,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2974
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7440)
Size:   2974
Md5:    57ba37e54af9f9a5916282e183a01efc
Sha1:   848d3af2625b44d92fd14c5a483c76a8927f4cee
Sha256: 7cb7689303a77af668bb7036e3c5f7c43d0ccadd577d8b03fbbccd7f79056c4f
                                        
                                            GET /290.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: kXn8K4f0jrhrl+BScuqPCzipEhgVeYMOZZhYLmWXaSZjQlFIE4bwVcAyXk30Wloj/0a7HTaZxJk=
x-amz-request-id: ZHDECS9EYYXFBJV7
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "063fd06cbb5f975859db95cd65371581"
x-amz-version-id: HNoCxfWwXDQj0wgK0ssoFWTh6TgKnY_s
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 278
x-timer: S1662729951.548248,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3425
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (8544)
Size:   3425
Md5:    bd93677e0105abb3eb94b6e08bb5e925
Sha1:   edf4e2b11e2b1207df8325b4994df1894590ffb0
Sha256: bd514247c35af6715a4d3fd2dfc81690d81aeeddc1eb9af836ab836e95c1fd21
                                        
                                            GET /368.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: A7Z5nzh/sw2pUYpkoF68/Oxu7Hv9H/rqwWzcpC5gFn/8BpG7iq3ve5UxhTOhVUpEJqpL9Od7+u4=
x-amz-request-id: 221TG2H8H8NF2V19
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "045eac1d76b3cf835907cc4ac0cd0eae"
x-amz-version-id: v3VvssGmRtY09WTyd251ZRTe5X4W1xM4
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 300
x-timer: S1662729951.548490,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1442
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3382)
Size:   1442
Md5:    5a523e39e573bf9da94045d78af5b265
Sha1:   1269d0e7deae4a4da6d6e3e08df4b6d5c30325db
Sha256: 49f418e138dead09a0a670716aeaa374309b3628f7033537183c7249f2f574a6
                                        
                                            GET /775.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: uWTLl/8NpRUofh+UNXcJ283hN8gOO+ZN/gWRj+qA1b9CHRzq/x9fNURd1QuJs0JkH1tViz7wq1M=
x-amz-request-id: ZHDCVBMKJJTF5SRZ
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "f70fe097a0428c78b846ad14654a41f6"
x-amz-version-id: bgTwiovhgj.C9JVTlsxkaJYhbNmVZNtX
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 303
x-timer: S1662729951.548656,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1169)
Size:   632
Md5:    9e0f3182e4c2b47a6d040a347dfb31d7
Sha1:   3d683a38fccb91c6c8ccbdec0bcc8e5ee3d32668
Sha256: 092feb150d2c140e479ae4bb4054974d0f072aa50803e2aaf7a6395d6660f406
                                        
                                            GET /768.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: l4tLkSO/8p8shjNY6wqv/yv5SHGLhQj9zwrXwV/EmIyB0fKGawsEARVl4NXUS4iHXdymbNildA8=
x-amz-request-id: ZHDDFHEQEY5KY5HD
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "340d0c0ca3de4fdf9c06712ea365787e"
x-amz-version-id: RkzKbC6Tl6QwGfW0I1r.hKN_9L8qfUns
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 300
x-timer: S1662729951.548673,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2224
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5523)
Size:   2224
Md5:    33767c7d2c464b99c35d74a4ff6a14fc
Sha1:   f23007cd19b85e1077bec23e6688a234dffd5a87
Sha256: 7e140f1c1a73b742718d94465e4cea8b67614d5ff7cc598993113effd54e1883
                                        
                                            GET /39.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: gUftV9MXOMWCXwZU5SQYIM4umglghR+4GcUe7MqPwOU7yMAEX+UIQbu/3S9x3XHSJEd15lZAeAo=
x-amz-request-id: W9Z8YZP3SAXVY560
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "605060c62653cbc898e5ac5c7fe4a944"
x-amz-version-id: _5iFIJXLG85we1l69T8A5Oa_7CqB6lsc
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 183
x-timer: S1662729951.548812,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2754
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (7169)
Size:   2754
Md5:    bba751b72b4a89a317af4ddfc11e7965
Sha1:   1ceccf6a9d86ea4802dda2325c8312091c2d9b6e
Sha256: 6c3250bbb60dab084703e07c7f0b61b23409ac93b0691819c2f30291666829a6
                                        
                                            GET /0.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: APv+A5qWGh6MKeaR6PaGGj/tN8Nux9V+hKcZiHahSXstOoBQxd9IRpFZyxxiX1k16nc+1bt4mho=
x-amz-request-id: W9Z8XGNGRK0FFPE1
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "bc776e4271644f03f2b7e674a9de0fa7"
x-amz-version-id: xoXpuC1.bmhEf3I5gc9txQ0axkVoh7_p
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 146
x-timer: S1662729951.549175,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2348
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (5198)
Size:   2348
Md5:    40d4def83c0db5943251c30fe9c718b8
Sha1:   3942d8b3fde526e8747a11cc518c2b2ad72a0b0c
Sha256: e7a6ae9c9444fcaf18d6f9f037216573a848cf05388571d335688c5e880be999
                                        
                                            GET /571.c68ed4cb-1219.js HTTP/1.1 
Host: js-agent.newrelic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         151.101.86.137
HTTP/2 200 OK
content-type: application/javascript
                                        
x-amz-id-2: 6orDPp83EvPZPQG/EahxO7Wi+rpSt0J15ao4RRp7/ZJHRZEmzozC9UsBHx8DvjCYgh0W/REu8CU=
x-amz-request-id: W9ZEJTTH6EHB6VER
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "af37eb3be92f31531d0ef2e723a76327"
x-amz-version-id: GNCRQfpq8Dk1QNhd4VKeNxy274j0pGYI
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 182
x-timer: S1662729951.549277,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2412)
Size:   1108
Md5:    c4f346f64a2881ab14990e34fa480e3a
Sha1:   f52008e6d88ff218ae9f6a0bde0fe092e76f3648
Sha256: 380ac2ff73ede104caf7340e4b364302cd13fcd031700334ba6b2005be076e31
                                        
                                            GET /wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Tue, 08 Sep 2020 17:45:37 GMT
accept-ranges: bytes
content-length: 385740
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 884 x 281, 8-bit/color RGBA, non-interlaced\012- data
Size:   385740
Md5:    f5f4dadc12f2095457c222d305a98385
Sha1:   054b4a891d2a2c3fd2d378aaf6e9e1d1447599ec
Sha256: 74ecdf4c6a34157fc496e23e91d1c1e5b8a6505e7014d85b6580ac24f122a2e6
                                        
                                            GET /wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: font/woff2
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
content-length: 77160
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Size:   77160
Md5:    af7ae505a9eed503f8b8e6982036873e
Sha1:   d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
Sha256: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-32x32.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 2260
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size:   2260
Md5:    bfa3f0092d461e80f51b30ab5fa21dfd
Sha1:   6c580b1c67bb413f89883f11265066484a3c64ea
Sha256: 2fe38259678102b0e58fc32af42f3a5ef84ceec402322736c194c189cf228e65
                                        
                                            GET /wp-content/uploads/2020/04/cropped-QLogo-192x192.png HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: image/png
                                        
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 40468
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   40468
Md5:    42ab481e6e5dce69fbd17d4b88760752
Sha1:   ca8ec06e87eb136bf1d3532130767af3a4884506
Sha256: 220fa076ad5a128fd0701c3f29fc21b8b2d6c9e8724459ac085cd359e0d10a62
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3039
Cache-Control: max-age=88277
Date: Fri, 09 Sep 2022 13:25:50 GMT
Etag: "6319e8d4-1d7"
Expires: Sat, 10 Sep 2022 13:57:07 GMT
Last-Modified: Thu, 08 Sep 2022 13:06:28 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6495
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:37:35 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6008
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:45:42 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /1/a53393d12f?a=453137&v=1219.PROD&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=451&ck=0&s=3108d6bf1aba66b8&ref=https://snapwidget.com/embed/705883&ap=44&be=185&fe=141&dc=55&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1662729941389,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:4,%22rp%22:124,%22rpe%22:131,%22dl%22:145,%22di%22:226,%22ds%22:240,%22de%22:241,%22dc%22:325,%22l%22:325,%22le%22:328%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken HTTP/1.1 
Host: bam.nr-data.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         162.247.241.14
HTTP/1.1 200 OK
Content-Type: text/javascript
                                        
Date: Fri, 09 Sep 2022 13:25:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7480408f2dc0b529-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   68
Md5:    a63df29d6e0417cc1d00d8743d0ae34c
Sha1:   4fe2dc626d476e9a32c8982587e33fbc8aaf7b0b
Sha256: 025635a81f1246880710db88c48cd051393836cfd7016eb9f4aac7ac7b739a4e
                                        
                                            GET /v/t51.29350-15/302386060_3162702923993058_8021699530736520297_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=SeulVrrSJYQAX9MCoXQ&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-FW8MTOcF2OtUgXXicPGJ9UXiSWxNRpNif0usPNwlZOg&oe=6320328C HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 01 Sep 2022 10:04:46 GMT
x-haystack-needlechecksum: 1392867941
x-needle-checksum: 2254941254
content-digest: adler32=2254941254
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 54993
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   54993
Md5:    d1c5884b3cc9285bc5e014fe3fd85963
Sha1:   c4d502809f40ad594f3281a0d1284871ec4ff031
Sha256: 5d86749531c52125e7b787ce78af9dc1fbfa86e702dea22452f19bb3b2aa1abb
                                        
                                            GET /v/t51.29350-15/305223409_659601691856460_7090002961202109916_n.jpg?_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=l4DP5rk3pGUAX-cPcZt&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8-6FQuhPKPdJfh0vWM0sVJ8SurcU6yu5oJI2F-TESHrg&oe=63206AC2 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Mon, 05 Sep 2022 00:12:30 GMT
x-haystack-needlechecksum: 105019413
x-needle-checksum: 1657581890
content-digest: adler32=1657581890
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 71175
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   71175
Md5:    343d9cfc3b71a7bfd8d2d57d434ccb98
Sha1:   4a4361757d4a00d582207eaa076cd598bbe7d35a
Sha256: 929190f1cfcaaa8739236191f486e411ca10f0b75f49e2a1b630d18110817b62
                                        
                                            GET /v/t51.29350-15/300238276_449251240470525_3840489065997612201_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=84xs5bcklGkAX8Pn1EO&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8KYnxQhFknzi5lqMxbL_hvT4Sax2HhFgj0rLDIIrzEnA&oe=63202CDC HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 21 Aug 2022 10:01:18 GMT
x-haystack-needlechecksum: 481931230
x-needle-checksum: 949444859
content-digest: adler32=4060807364
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 123290
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   123290
Md5:    3b61eca76ae66c12b9b1cadc3d42b201
Sha1:   bf0a61e5c7ca52317fde0bf2fb00a28151a14f5a
Sha256: d737320da5ef18ed354af84a942a24294e55bd38947c2953a34a2f3a3e7679a5
                                        
                                            GET /v/t51.29350-15/299507298_1140336400199609_6221579676075730298_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=IJV-kw0OhwEAX_McDLY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8a3rikX6lz-l_5eTAFIlJ75DXZHR0THi4CCLtOJZV-Gw&oe=631FFFDE HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 16 Aug 2022 04:25:45 GMT
x-haystack-needlechecksum: 3307334474
x-needle-checksum: 811688120
content-digest: adler32=2898683015
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 257047
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1350, components 3\012- data
Size:   257047
Md5:    988a672ab4440e72e3b60e07fd148e56
Sha1:   887f92a076a28b5806c021e687f7af3cb1952c57
Sha256: 45ca6955a9f09eee5bf473314cc452f0a4d314c834da1218a0dc10b485915555
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v/t51.29350-15/300785005_772491627323947_1904365575442050555_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=B_GuFyM6P-0AX-704N5&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_EsEqupQfM9KYRBB7RaFbhb3CTwuZVMOdyXNHWG-ffZw&oe=63204647 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 23 Aug 2022 04:05:09 GMT
x-haystack-needlechecksum: 3283498827
x-needle-checksum: 718294705
content-digest: adler32=2646180015
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 176561
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   176561
Md5:    8d1bf229e9d3ba1b68d65326cc810e77
Sha1:   43230b82111962a858aa17e6dad5cc346aa08020
Sha256: 8a9a689799b67be1bdb62c059afe0740922d77354c6ae4698602827079982b8b
                                        
                                            GET /v/t51.29350-15/301224609_522376032982261_8860578228373543903_n.jpg?_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=wI4wQRQxNUwAX-wm8IY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9-kGfO1jKkO63P5PzNZgVy0VIMR-CrrpOoVgQrEwTS4Q&oe=631F6DB6 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 26 Aug 2022 10:22:32 GMT
x-haystack-needlechecksum: 1999119380
x-needle-checksum: 2384835369
content-digest: adler32=2384835369
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 191869
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size:   191869
Md5:    ab302a285aadf2dcf9b63f044796bd6a
Sha1:   7200f76332353160379c204283f2815a0da95019
Sha256: 587d087e0681fadfbe45f7de728fcc97dcf754b791e83b863009f370be8549d8
                                        
                                            GET /v/t51.29350-15/302090844_3117023888607633_4173839149446585899_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=-ykkL4KjXAkAX_pURcx&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-mqd39ixv9eYuudiyO_W_RbLuo3xXjbxBWV3i2FhcvEQ&oe=6320FE18 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 30 Aug 2022 10:42:09 GMT
x-haystack-needlechecksum: 1864183193
x-needle-checksum: 4074026190
content-digest: adler32=606457263
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 238292
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1079x1349, components 3\012- data
Size:   238292
Md5:    1b8ce2fa82ddb72bbfccdc4a33ea5a72
Sha1:   cfec8c2a8ec036014864135392319070a0ed3f9a
Sha256: 207836f11e661c7e13d14efcac9a21351fbb551e3b5a5b83fe4c49b3fcaff5af
                                        
                                            GET /v/t51.29350-15/300644717_1028811554431355_1629857985078990935_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GMd4ALd7H2kAX85tCS3&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT83tYh4AaB9yAG33NnLdztFRBhl8rtaaXhyEfnu536asg&oe=631FBD39 HTTP/1.1 
Host: scontent.cdninstagram.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.53
HTTP/2 200 OK
content-type: image/jpeg
                                        
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 20 Aug 2022 00:51:56 GMT
x-haystack-needlechecksum: 1625528505
x-needle-checksum: 975954516
content-digest: adler32=3283876425
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 437830
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size:   437830
Md5:    1f67ac11b2f574ebae9b7c6344122480
Sha1:   a57b77eddfbd6044fb1f6795bea20eb68e32b296
Sha256: a08c0bd4b9e0cf8f3564a0311baa4878a18908da8ab9bb457f27f863199349ae
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: smtzoqnzJiET63xsW_r_-eVNsTK01mGqRbvuwekbqjnzS6Sb1fw9HQ==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:54:58 GMT
etag: "70ede5692526afd351d134a391383461dafdc64f"
age: 52252
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4532
Md5:    a5fdeb374d4e3669ce5d9ff2cd22cd19
Sha1:   70ede5692526afd351d134a391383461dafdc64f
Sha256: 10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8354
x-amzn-requestid: e7ec7e84-0924-4f5f-b289-4c750ea99567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQgHHnNIAMFlrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6133-49565105361ec7f76cb818e0;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:40:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: DvCs6zEt1p58iwZaXfuF9YFA-fieE5Y974E07YMNYPiaGbR5iuXK-A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:51 GMT
age: 56399
etag: "f5348ba99fb8966dded580409108316f4e4e1237"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8354
Md5:    7afe346e3b24ea4388913b449d1ffc42
Sha1:   f5348ba99fb8966dded580409108316f4e4e1237
Sha256: 1d1cafc3e99c20b23212679838567d4d5fc98c45cf902188e44b25ff2982c8ad
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4002
x-amzn-requestid: ea2f5309-e220-4b7e-b718-9339b9444cc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQ6hHM8IAMFeJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a61dc-7d45fd9253b7b7fa732b6f8d;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:42:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: VD7SlrM2RwFk5cfQvul2bTJA__GPYd5_UPY0D0_5NGLHoBj3yur7PA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:05:15 GMT
age: 55235
etag: "cec8428d159a5bde29e89c64cfb04146f759d52b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4002
Md5:    c9590b525c8b07a297c8784f02b161a1
Sha1:   cec8428d159a5bde29e89c64cfb04146f759d52b
Sha256: d309772ce79d36f7b1df0a3ea85a01f8278db2909c860721d105b772efed82ed
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7515
x-amzn-requestid: bb6a7928-9bdc-44e7-8478-b415bc504343
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YJu0bGYdoAMF5jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a2b4f-208339fd72e62dff4a2ba339;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 17:50:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: UaU9GK4lcCuAN2WghBDa7f-21dRTA4Fh1tlAmGFMKh4wQOGZlKdmOw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:46:49 GMT
etag: "09dcbdc6043f01dd56920cca3ce3920d0d07b795"
age: 56341
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7515
Md5:    60fa03262bb3728f24a4c7a8177ec788
Sha1:   09dcbdc6043f01dd56920cca3ce3920d0d07b795
Sha256: e7448f186933f9848f1d55f0e8dba593918846d02fb9cc3a7cd86d69b96a7fde
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6365
x-amzn-requestid: dc414175-8174-4fa8-812b-1f72de48d5f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRBYEt8oAMFmyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6208-1c2417b120725a9a0642620a;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: lvOUBfECM7qlwpj9suDt1A4TRrvdYTsqOQGCNkf3pYYrIHHqZczRcg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 33d72803ad26b392c1b578a2b1276580.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:12:19 GMT
age: 54811
etag: "ff2c27cf141c68259e6e85020b01efc5d41730a6"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6365
Md5:    cf8614d876156699bdf11897c45e9ae8
Sha1:   ff2c27cf141c68259e6e85020b01efc5d41730a6
Sha256: c89d6a2fdc789fc725e8bac99774f9f9f0b22000f57d32f5611525bca30002d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:54 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
age: 31976
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3125
Md5:    0078c7a407144a1ede33aef6f734eecf
Sha1:   113393e0dbabb3aff949d19ab6517ba1082b622d
Sha256: 42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
                                        
                                            POST /cdn-cgi/rum? HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: VQICUlZUGwcFV1BRAA==
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE0NTMwNyIsImFwIjoiNDUzMTUwIiwiaWQiOiI0ZjM5ZjI4MWU1OTYwZjg1IiwidHIiOiI3OWY1OWI1YmU1MTA2Y2NlMzhkODllY2Q2NWViY2E2MCIsInRpIjoxNjYyNzI5OTQxNzIxfX0=
traceparent: 00-79f59b5be5106cce38d89ecd65ebca60-4f39f281e5960f85-01
tracestate: 145307@nr=0-1-145307-453150-4f39f281e5960f85----1662729941721
content-type: application/json
Content-Length: 3237
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: text/plain
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
access-control-allow-origin: https://snapwidget.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7480408e58470b65-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   136295
Md5:    b499d40a27d6a90f6aed1998b9928f45
Sha1:   e333d26ce6913fd75aebf19ac20a94f93b07eec2
Sha256: a8ad71979cd2e48c85a6d47f6f147773f1a6d2a97390412c7e54d4281de05bb2
                                        
                                            GET /e-202236.js HTTP/1.1 
Host: stats.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.76.3
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 28 Aug 2023 02:01:00 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/snapwidget.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Sep 2022 13:25:49 GMT
cf-bgj: minify
etag: W/"630341e7-560f"
last-modified: Mon, 22 Aug 2022 08:44:23 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 916488
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=in8S7lLhCO1qHQugSWzZkT2TdV2nG9aopp%2ByyNhDM5yVIo5I6oUielBhS%2B4ABfIfDWVSiLCHkkUB%2FgfBj%2FKvF8PyTY%2FFFDclkqTtvNQKGnA8dHQ9hVoOsIgLLsr0mHA8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408a1bf00b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FTheQueensEscapePH%2F&tabs=timeline&width=330&height=400&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         31.13.72.36
HTTP/2 200 OK
content-type: text/html; charset="utf-8"
                                        
vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
x-fb-debug: oQat7jFvvQljiRWggPyLg6OxoZ5zv+639MbiJA5MiyguwXBJhqicACNUY7rK8BygBxMh1Yf42EK1ijroReiAtA==
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /js/embed.main.min.b61fafc5de1ae792.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
etag: W/"63034249-b2e"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 935584
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYvsQigF76FueuYWwxX5wIngfnDGv%2FD6wxWQxkKLPKNkOs0KBcac1kkBdVVOGzO5rH6%2Fro%2BbFDkBEfFr3q0XCB4r2ih%2BLKLYx%2FFhYDr3npLRmOAxzTiUmNm%2FnQjOnqns"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f3f0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /embed/705883 HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
vary: Accept-Encoding
cache-control: public, max-age=300
expires: Fri, 09 Sep 2022 13:27:09 GMT
x-robots-tag: all
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Fri, 09 Sep 2022 13:25:09 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDUMAdenWg2rj4TQLnR0mdcL3AYF7MYWxCghAiKp61jy9ovUy38mEQS5WzyromMDvxQmrNWyibXz%2B8XeMyHfSSYQvqKKPkm4WahTy%2FMJO0kJZljerw4vOOmM5VinjkgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408c4e330b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stylesheets/embed.vendor.min.760717b3f565c387.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
etag: W/"62f0b6de-937"
last-modified: Mon, 08 Aug 2022 07:10:22 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttltRI6MH%2FgT8P421MsYrycHRQ3BvM6yJRsYrwn0K5gMoeY93MakYAA61SeDTjVqVhEHbrcpR7HNmKZxAiXdS1Eu05Uxg9f4b9CU8mysN7s%2Bbamo3QVCNcCDU1soc7Hg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f360b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 13:25:49 GMT
date: Fri, 09 Sep 2022 13:25:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stylesheets/embed.style.min.307799cd3bc5b2ee.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
cf-polished: origSize=15975
etag: W/"62f0b6a9-3e67"
last-modified: Mon, 08 Aug 2022 07:09:29 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cs%2Bzdh%2FWCH55Tbezo6ioknio7dK1uZQ0b%2BvhBy6yzTpFHkXGIxQXyZplVrJUwfWa9Y9d0Rbpj8bcEef5sy4X%2BdhTU6j5pojqs%2BWKQx12ikVuIplrXjb4PjV6UCUquupZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f380b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /stylesheets/embed.grid.min.4069f6f840f9102b.css HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
etag: W/"63034249-899"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402451
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bF6ZvLuVbuc43gTFwK4vDZ2vVVyNeamVmmYoaWc%2FO5HKRUWSTPDqN6gNWymkfAMX%2B8Z3W1F%2F%2FIyaMw3qM1fKiu5LcITDY%2BK7OBHejlIBbds1FeNujeJAyG8yQFOR7hTo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f390b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /p/jetpack/11.3/css/jetpack.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
last-modified: Tue, 19 Jul 2022 17:25:16 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1 
Host: c0.wp.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         192.0.77.37
HTTP/2 200 OK
content-type: text/css
                                        
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2 HTTP/1.1 
Host: thequeensescape.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.167.140.136
HTTP/2 200 OK
content-type: application/javascript
                                        
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js HTTP/1.1 
Host: snapwidget.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         104.26.8.123
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 09 Sep 2022 13:25:50 GMT
cf-bgj: minify
etag: W/"62f0b6c4-5452"
last-modified: Mon, 08 Aug 2022 07:09:56 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402450
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbmOxNZYRHB0%2BTpL1wE5e7BRqTHKKfBVcagpDhZIXWSHYoQtat5XVOyGIK2kxiO7%2F1yof21IkmjDpRXyaeq4ejsLSa6Yv%2BvYv6%2BPs5FwY%2BSZJBCpYyo2sTdT5AWUacyZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f400b65-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---