firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 09 Sep 2022 13:05:47 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: wGq9UuBjZhYpyR7sg-ie_onyBmY9lFdzcYorx_xPZHLKOryfZXhmkw==
Age: 1201
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9666
Expires: Fri, 09 Sep 2022 16:06:54 GMT
Date: Fri, 09 Sep 2022 13:25:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Sep 2022 03:46:35 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nm9UtNeHKd6Vko-MXzRJknZw6ULPR4Lb3Oh3AgorftUIq4avbXqMLg==
age: 34754
X-Firefox-Spdy: h2
thequeensescape.com/quiaut/charts-459145349.zip
108.167.140.136301 Moved Permanently 0 B URL HTTP/1.1 thequeensescape.com/quiaut/charts-459145349.zip
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /quiaut/charts-459145349.zip HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Sep 2022 13:25:48 GMT
Server: Apache
Expires: Fri, 09 Sep 2022 14:25:48 GMT
Cache-Control: max-age=3600
X-Redirect-By: redirection
Upgrade: h2,h2c
Connection: Upgrade
Location: https://thequeensescape.com/quiaut/charts-459145349.zip
Content-Length: 0
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 09 Sep 2022 12:56:07 GMT
Cache-Control: max-age=3600
Expires: Fri, 09 Sep 2022 13:40:05 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 39vRTuTM_zEPNPMcgF7dTq6ocqnbW5lT3EY5cZUPX4hGXaO8VEnk1g==
Age: 1782
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2ae2ee031e5f950c5317b463c7c6a48
762b9b729040cd091e9572658decb8f64acfc216
08db70931c2579dfb779f8e1ce4b37861dd2d9ab4f51d120c029ce4a177279c4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08DB70931C2579DFB779F8E1CE4B37861DD2D9AB4F51D120C029CE4A177279C4"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13434
Expires: Fri, 09 Sep 2022 17:09:43 GMT
Date: Fri, 09 Sep 2022 13:25:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c56e0b2955a5dd7f37ba4bbf5727b4
f435bd1f6fb8ec931f1817fe4b91e6b86a7cb14b
99f7da9dca677db8e9cec5491c0d6d8a86b9c5e907907c2fdd30973c747f4282
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6556
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:49 GMT
Last-Modified: Fri, 09 Sep 2022 11:36:33 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
thequeensescape.com/quiaut/charts-459145349.zip
108.167.140.136404 Not Found 15 kB URL HTTP/2 thequeensescape.com/quiaut/charts-459145349.zip
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (18721), with CRLF, LF line terminators
Hash 3330db71a32c3f33bea057e839341e76
1529508230bdd5d4eb58af8c64a454c6be8d2a41
d00cee3a7e3af1c988055ba0a30da1a8867d44843a213c80128ff3d6abf2941c
Analyzer Verdict Alert fortinet Malware
GET /quiaut/charts-459145349.zip HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://thequeensescape.com/wp-json/>; rel="https://api.w.org/"
vary: Accept-Encoding
content-encoding: gzip
content-length: 14795
content-type: text/html; charset=UTF-8
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: qpD4UHeqsAGYI8hMOF2Rrg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: G8WJyRT0KAT4CjA2vVXnUuzSxfo=
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.59
108.167.140.136200 OK 155 B URL HTTP/2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.59
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 3940cb443469d5cc737f18bcb99ba882
7787f5b35bce9bd1abf13949bb0a0b4c611eec8f
0c181007406a290193553dc3177b342b85140bc92c9cb8a3026d5f0fd9b22e21
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/quick-adsense-reloaded/includes/gutenberg/dist/blocks.style.build.css?ver=2.0.59 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 155
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7
108.167.140.136200 OK 16 kB URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/style.css?ver=1.9.7
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (1145), with CRLF line terminators
Hash 03ab0bbdbc9cfde2ca00b2024a19f6f0
037f754bac6aaad7b44e62c0605e8ac6f8e2e88c
5515d8de0d37d1a9cbe4d1181a8c08a415411aa91aaa3b7cc99adac3bc7835f8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/style.css?ver=1.9.7 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 15480
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 55362bc853c99806e54641de1e0fdb0c
1c84425554ce994c84fd4d3b95833fed9bf16023
936a1c711aea3c55e6e270aec23f72818b7bbfed28b1c9859697050ebe9aaf4e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.0.2
108.167.140.136200 OK 17 kB URL HTTP/2 thequeensescape.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (65536), with no line terminators
Hash a195eb15b604d4705bd7a976cebcdb86
5665ff38c79c355f9cb38c7121527f608aca24dd
749920650adafc47ca4797ddf504c7d3312891ebdc0cdc61a950ca7ac195bc00
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gutenberg/build/block-library/style.css?ver=14.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Sep 2022 14:10:25 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 16887
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2
108.167.140.136200 OK 801 B URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 3fcce85c25147b034d9b34ef0bb102c7
537ac2b5708750fd6694a4ab63ba03efca2a112f
b25b8dc638fa4582ffa4617a3e77fab6ea2a69452162514f5c973b827976659a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/css/fontello.css?ver=6.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 801
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=6.0.2
108.167.140.136200 OK 399 B URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=6.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 626de1992de89bc6a753723ac232ec2f
d72ab26603b7bc512e424e4a6791098d0f1cf451
fb52056de07749e6bcddb97b622780deabfe852a4058216724600b01190b6eff
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/css/perfect-scrollbar.css?ver=6.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 399
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2
108.167.140.136200 OK 464 B URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash fec0675d238ab63f20af3798679ee257
fecccd03ed91c3755f6c4ce1564682ad6065958b
6a3384ea7d5c54d405f6f63fe7ff8ccc550f2644670dd31a077653dbd0a18750
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/css/slick.css?ver=6.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 464
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7
108.167.140.136200 OK 2.8 kB URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash a9a04336d6412016b1c3398521d3de2c
071d301c2966d68abbf364e94b8acbecdbf350a3
5a5ea7abafc8c05557d4c717463a4995529b5c22d61d03d57af226898e4bc2ef
GET /wp-content/themes/ashe/assets/css/responsive.css?ver=1.9.7 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2774
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2
108.167.140.136200 OK 7.5 kB URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type troff or preprocessor input, ASCII text, with very long lines (372)
Hash 425b9c5bb524774d7f30160c36771785
af60c1059fb990e6e86ff744f9c286e78f9966e8
a1dfafaf50ffe1e3996576f74f6e0e9dccee46d19aaf562fbe6e5575171b8062
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7524
content-type: text/css
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js
108.167.140.136200 OK 66 B URL HTTP/2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 35f69e2dd0d86627f53cb0eacfa6f4a5
c2d482462450addcd50d03b0704ef023150c8c80
932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
content-type: application/javascript
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.59
108.167.140.136200 OK 66 B URL HTTP/2 thequeensescape.com/wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.59
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with CRLF line terminators
Hash 35f69e2dd0d86627f53cb0eacfa6f4a5
c2d482462450addcd50d03b0704ef023150c8c80
932166fef0c0f8f97bcbcd81acb89b22278a014beec5ece1d5430654e4a9598f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/quick-adsense-reloaded/assets/js/ads.js?ver=2.0.59 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Sep 2022 14:09:08 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 66
content-type: application/javascript
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7
108.167.140.136200 OK 5.2 kB URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with very long lines (10620), with CRLF line terminators
Hash 1d8c9a1d5e603072bc8944c95fae6bd4
a679a7559e82184333423161a9487b7a10d8a787
613da5ea52bc16ed442cc77ec65f1987f1f51fed15489025bd08d710fadc9dbe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/js/custom-scripts.js?ver=1.9.7 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5150
content-type: application/javascript
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
108.167.140.136200 OK 5.3 kB URL HTTP/2 thequeensescape.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type ASCII text, with very long lines (15660)
Hash 710f8b142ea44c0682dc2c30f318f065
49144e9b3a76d3d383b1d4359cf7a25e947f4233
708bb5819879a2a2c7670abc20a58cca68a415ffd621011cbc4c3c9d82dddc50
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Thu, 01 Sep 2022 14:09:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 5321
content-type: application/javascript
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0adcdf311c307962c09ff6e0b3a4d0a6
2f358cc3b121ec7340c2c38721c292cd7fb0ebb4
2bbda38cb2eb20dbe9286311420c33cd52e7582fd336fcbbcaa922464507635a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6433
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:38:37 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
pixel.wp.com/g.gif?v=ext&j=1%3A11.3&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=0&rand=0.8659109005416025
192.0.76.3200 OK 50 B URL HTTP/2 pixel.wp.com/g.gif?v=ext&j=1%3A11.3&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=0&rand=0.8659109005416025
IP 192.0.76.3:0
File type GIF image data, version 89a, 6 x 5\012- data
Hash e4d673a55c5656f19ef81563fb10884c
1f2d8ed221d39329251ad3a6ff1edb20b7219443
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
GET /g.gif?v=ext&j=1%3A11.3&blog=183769864&post=0&tz=0&srv=thequeensescape.com&host=thequeensescape.com&ref=&fcp=0&rand=0.8659109005416025 HTTP/1.1
Host: pixel.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700&ver=1.0.0
142.250.74.10200 OK 952 B URL HTTP/2 fonts.googleapis.com/css?family=Playfair+Display%3A400%2C700&ver=1.0.0
IP 142.250.74.10:0
Hash cae8469995361ab9f8f5324f44101ce6
4a7faa21b6b90b73650a78339e66ec0a51e28c21
c64a6e602d8f987b565ce908383a1de098e1b52b24010e23a7a1090ad3a9d3a3
GET /css?family=Playfair+Display%3A400%2C700&ver=1.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 13:25:49 GMT
date: Fri, 09 Sep 2022 13:25:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js
192.0.77.37200 OK 31 kB URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery.min.js
IP 192.0.77.37:0
File type ASCII text, with very long lines (65447)
Hash 52a4c7b482494d7dac191c10956ff6ee
897f732e32a6c1030836a0bfd3d8e2ca727cdc68
9f17b85680bc8b1c1adefc9e42f885149c4cf1a81ed7476c58b20e2fecb16fe1
GET /c/6.0.2/wp-includes/js/jquery/jquery.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 10 Mar 2021 15:07:24 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 276889
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
142.250.74.163200 OK 36 kB URL HTTP/2 fonts.gstatic.com/s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 35764, version 1.0\012- data
Hash 60f23230f1a8d5c3b7d25b73f5b5ce23
ed08ada85d017893b9bcb8224e99154c6708f5d2
22b6cdc450204c1cb32b31e679d812fea1c17ac506a7b78daeb12bd0ab25fde8
GET /s/playfairdisplay/v30/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thequeensescape.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35764
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:14:36 GMT
expires: Tue, 05 Sep 2023 21:14:36 GMT
cache-control: public, max-age=31536000
age: 317474
last-modified: Mon, 18 Jul 2022 19:06:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 61961ee76ab6c28f6e17eb7a1df4a3ea
ab4e8c9c284a0eed6b2fab77c9df432839158b3a
9e3bec23cc8ea49ab4e3a3a244a428c59e6c48c80359c473155584807ba0de41
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0adcdf311c307962c09ff6e0b3a4d0a6
2f358cc3b121ec7340c2c38721c292cd7fb0ebb4
2bbda38cb2eb20dbe9286311420c33cd52e7582fd336fcbbcaa922464507635a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6433
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:38:37 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/pcbHOU-8oL4.css?_nc_x=Ij3Wp8lg5Kz
31.13.72.12200 OK 5.0 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yq/l/0,cross/pcbHOU-8oL4.css?_nc_x=Ij3Wp8lg5Kz
IP 31.13.72.12:0
File type ASCII text, with very long lines (4093)
Hash a470a67f3c0c9ecafa30e42a024dbbbe
09ea822a7c825d9e60deee47a1bc98106cdb1711
b1f7562cfd97296a7ab425c8610c0691425ca260963adc3d48e25dfb9a0cf006
GET /rsrc.php/v3/yq/l/0,cross/pcbHOU-8oL4.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.facebook.com
Connection: keep-alive
Referer: https://www.facebook.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
content-type: text/css; charset=utf-8
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
expires: Fri, 08 Sep 2023 17:07:42 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
content-md5: pHCmfzwMnsr6MOQqAk27vg==
x-fb-debug: 1ysmLXEMynPlfLdn7fQdr3sue2ZUz/x25WWZR2JVCNn1gazqc3S6zwJVfiTCoJBtD+3ZC7fm42ndibfXUYheog==
priority: u=3,i
content-length: 4980
x-fb-trip-id: 1904183273
date: Fri, 09 Sep 2022 13:25:50 GMT
access-control-allow-origin: https://www.facebook.com
vary: Origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
snapwidget.com/images/post_type_icons.png
104.26.8.123200 OK 2.3 kB URL HTTP/2 snapwidget.com/images/post_type_icons.png
IP 104.26.8.123:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash b1be0c2f033b57b3163449e354d56c58
c85bc26ee45b104a8426e86d735ba37e1f2b233c
367635abeaa40ce11827271d48fd0ae5fa723bd00c398af5d1b8c8f6aa56d479
GET /images/post_type_icons.png HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/stylesheets/embed.style.min.307799cd3bc5b2ee.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: image/webp
content-length: 2288
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2778
content-disposition: inline; filename="post_type_icons.webp"
vary: Accept
etag: "63034179-ada"
last-modified: Mon, 22 Aug 2022 08:42:33 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 921808
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgjBK5mIYb1oz8D2nEw1%2FMiujdy5uqbT%2FFlNVSLAP1CenIj%2BuKHdKGGaxaWpNOLZleLPUA2KvRdNP0NUoPl7BP%2BXhGE%2F78t5lCrIuR7IfBABAs5uDwN5uot4%2BgXSbG5l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408ddfdc0b65-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 54f9e2ed11c19f565afc5d45d2f1e499
5c933cf89e4be594a152d7b1aa7bed6ab42169df
1deae88857366dba09c5e498d9067529377741b3c51b711b4adb88d861f58718
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
104.18.47.230200 OK 25 kB URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP 104.18.47.230:0
File type ASCII text, with very long lines (13984)
Hash 9201d083d0df059945ac53b056ba3a54
84282a1852477bb802b414b51c4cf0153605e5a6
169b5448929d22e7b958cbac1e713bf64d82eaba9af51d837878c832322b32c9
GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7480408d7c88fabc-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
snapwidget.com/js/embed.vendor.min.2f17f0b14ee46c5a.js
104.26.8.123200 OK 1.6 kB URL HTTP/2 snapwidget.com/js/embed.vendor.min.2f17f0b14ee46c5a.js
IP 104.26.8.123:0
File type ASCII text, with very long lines (2529), with no line terminators
Hash 63314c35400a93628d2240a511382987
fc5795bdeb059bfb44d75ed9b3bce5bd41550de1
4ed5a99cd656b8969c6d46b6b1b4c35de6d0b3ff4c9835f8e2752865f8f24167
GET /js/embed.vendor.min.2f17f0b14ee46c5a.js HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"62f0b6d6-9e1"
last-modified: Mon, 08 Aug 2022 07:10:14 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 918976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3IAKbKozVtZ8uypAiNicqjA%2BUFJHsthdRPrfZkZoWa80ZFCIXML%2FIpSMqwuLu5gDVHBYcAckBwLrdrPjgmPQZ191lIf4XFPzR4eZIqW4VB2AmGuUEajTMoeb%2F88Q72yC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f3c0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
js-agent.newrelic.com/552.c68ed4cb-1219.js
151.101.86.137200 OK 5.9 kB URL HTTP/2 js-agent.newrelic.com/552.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (21423)
Hash 49ed8deb776fffe2ae9f806c9e606a2a
1e45759eeb3238676279cac7e16387090fb4ed4e
748fa0914cca548f5432e2fca163db37a4c873efaf7bda32aaebf4ea216fdccd
GET /552.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Q/t5BGhKVMIykrAdR5FFe/dPM06qKL0rUbjkI+eZ2oDVTqmVaqRkUOniPUs9n0JkeEkNXmUc8jQ=
x-amz-request-id: 4J3M8A3KRF96MPMA
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "1e4dac4a08afb19f2f81a269e723f296"
x-amz-version-id: ViSo1WN.IFY8SZVXZ5w0n2d38KPGl0Eg
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 306
x-timer: S1662729951.503152,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 5891
X-Firefox-Spdy: h2
js-agent.newrelic.com/820.c68ed4cb-1219.js
151.101.86.137200 OK 3.0 kB URL HTTP/2 js-agent.newrelic.com/820.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (7440)
Hash 57ba37e54af9f9a5916282e183a01efc
848d3af2625b44d92fd14c5a483c76a8927f4cee
7cb7689303a77af668bb7036e3c5f7c43d0ccadd577d8b03fbbccd7f79056c4f
GET /820.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 4Pseszwic0OFj2v1UoNnqCJt85Bq3DvEyW91wRTUhYRwboEoAWXWtqvxeHzYJ18vEHX/1WZYobQ=
x-amz-request-id: W9ZDC6HXQFGHMAHZ
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "9f13834674bf0537e1da7b82ac24bd0a"
x-amz-version-id: uHGvnCpNCW.uTOZntZeC2bN06SMRV1Mw
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 182
x-timer: S1662729951.548051,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2974
X-Firefox-Spdy: h2
js-agent.newrelic.com/290.c68ed4cb-1219.js
151.101.86.137200 OK 3.4 kB URL HTTP/2 js-agent.newrelic.com/290.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (8544)
Hash bd93677e0105abb3eb94b6e08bb5e925
edf4e2b11e2b1207df8325b4994df1894590ffb0
bd514247c35af6715a4d3fd2dfc81690d81aeeddc1eb9af836ab836e95c1fd21
GET /290.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: kXn8K4f0jrhrl+BScuqPCzipEhgVeYMOZZhYLmWXaSZjQlFIE4bwVcAyXk30Wloj/0a7HTaZxJk=
x-amz-request-id: ZHDECS9EYYXFBJV7
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "063fd06cbb5f975859db95cd65371581"
x-amz-version-id: HNoCxfWwXDQj0wgK0ssoFWTh6TgKnY_s
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 278
x-timer: S1662729951.548248,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 3425
X-Firefox-Spdy: h2
js-agent.newrelic.com/368.c68ed4cb-1219.js
151.101.86.137200 OK 1.4 kB URL HTTP/2 js-agent.newrelic.com/368.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (3382)
Hash 5a523e39e573bf9da94045d78af5b265
1269d0e7deae4a4da6d6e3e08df4b6d5c30325db
49f418e138dead09a0a670716aeaa374309b3628f7033537183c7249f2f574a6
GET /368.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: A7Z5nzh/sw2pUYpkoF68/Oxu7Hv9H/rqwWzcpC5gFn/8BpG7iq3ve5UxhTOhVUpEJqpL9Od7+u4=
x-amz-request-id: 221TG2H8H8NF2V19
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "045eac1d76b3cf835907cc4ac0cd0eae"
x-amz-version-id: v3VvssGmRtY09WTyd251ZRTe5X4W1xM4
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 300
x-timer: S1662729951.548490,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1442
X-Firefox-Spdy: h2
js-agent.newrelic.com/775.c68ed4cb-1219.js
151.101.86.137200 OK 632 B URL HTTP/2 js-agent.newrelic.com/775.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (1169)
Hash 9e0f3182e4c2b47a6d040a347dfb31d7
3d683a38fccb91c6c8ccbdec0bcc8e5ee3d32668
092feb150d2c140e479ae4bb4054974d0f072aa50803e2aaf7a6395d6660f406
GET /775.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: uWTLl/8NpRUofh+UNXcJ283hN8gOO+ZN/gWRj+qA1b9CHRzq/x9fNURd1QuJs0JkH1tViz7wq1M=
x-amz-request-id: ZHDCVBMKJJTF5SRZ
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "f70fe097a0428c78b846ad14654a41f6"
x-amz-version-id: bgTwiovhgj.C9JVTlsxkaJYhbNmVZNtX
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 303
x-timer: S1662729951.548656,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 632
X-Firefox-Spdy: h2
js-agent.newrelic.com/768.c68ed4cb-1219.js
151.101.86.137200 OK 2.2 kB URL HTTP/2 js-agent.newrelic.com/768.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (5523)
Hash 33767c7d2c464b99c35d74a4ff6a14fc
f23007cd19b85e1077bec23e6688a234dffd5a87
7e140f1c1a73b742718d94465e4cea8b67614d5ff7cc598993113effd54e1883
GET /768.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: l4tLkSO/8p8shjNY6wqv/yv5SHGLhQj9zwrXwV/EmIyB0fKGawsEARVl4NXUS4iHXdymbNildA8=
x-amz-request-id: ZHDDFHEQEY5KY5HD
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "340d0c0ca3de4fdf9c06712ea365787e"
x-amz-version-id: RkzKbC6Tl6QwGfW0I1r.hKN_9L8qfUns
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 300
x-timer: S1662729951.548673,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2224
X-Firefox-Spdy: h2
js-agent.newrelic.com/39.c68ed4cb-1219.js
151.101.86.137200 OK 2.8 kB URL HTTP/2 js-agent.newrelic.com/39.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (7169)
Hash bba751b72b4a89a317af4ddfc11e7965
1ceccf6a9d86ea4802dda2325c8312091c2d9b6e
6c3250bbb60dab084703e07c7f0b61b23409ac93b0691819c2f30291666829a6
GET /39.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: gUftV9MXOMWCXwZU5SQYIM4umglghR+4GcUe7MqPwOU7yMAEX+UIQbu/3S9x3XHSJEd15lZAeAo=
x-amz-request-id: W9Z8YZP3SAXVY560
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "605060c62653cbc898e5ac5c7fe4a944"
x-amz-version-id: _5iFIJXLG85we1l69T8A5Oa_7CqB6lsc
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 183
x-timer: S1662729951.548812,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2754
X-Firefox-Spdy: h2
js-agent.newrelic.com/0.c68ed4cb-1219.js
151.101.86.137200 OK 2.3 kB URL HTTP/2 js-agent.newrelic.com/0.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (5198)
Hash 40d4def83c0db5943251c30fe9c718b8
3942d8b3fde526e8747a11cc518c2b2ad72a0b0c
e7a6ae9c9444fcaf18d6f9f037216573a848cf05388571d335688c5e880be999
GET /0.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: APv+A5qWGh6MKeaR6PaGGj/tN8Nux9V+hKcZiHahSXstOoBQxd9IRpFZyxxiX1k16nc+1bt4mho=
x-amz-request-id: W9Z8XGNGRK0FFPE1
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "bc776e4271644f03f2b7e674a9de0fa7"
x-amz-version-id: xoXpuC1.bmhEf3I5gc9txQ0axkVoh7_p
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 146
x-timer: S1662729951.549175,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 2348
X-Firefox-Spdy: h2
js-agent.newrelic.com/571.c68ed4cb-1219.js
151.101.86.137200 OK 1.1 kB URL HTTP/2 js-agent.newrelic.com/571.c68ed4cb-1219.js
IP 151.101.86.137:0
File type ASCII text, with very long lines (2412)
Hash c4f346f64a2881ab14990e34fa480e3a
f52008e6d88ff218ae9f6a0bde0fe092e76f3648
380ac2ff73ede104caf7340e4b364302cd13fcd031700334ba6b2005be076e31
GET /571.c68ed4cb-1219.js HTTP/1.1
Host: js-agent.newrelic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: 6orDPp83EvPZPQG/EahxO7Wi+rpSt0J15ao4RRp7/ZJHRZEmzozC9UsBHx8DvjCYgh0W/REu8CU=
x-amz-request-id: W9ZEJTTH6EHB6VER
last-modified: Sat, 03 Sep 2022 02:45:50 GMT
etag: "af37eb3be92f31531d0ef2e723a76327"
x-amz-version-id: GNCRQfpq8Dk1QNhd4VKeNxy274j0pGYI
content-type: application/javascript
server: AmazonS3
cache-control: public, max-age=7200, stale-if-error=604800
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Sep 2022 13:25:50 GMT
via: 1.1 varnish
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 182
x-timer: S1662729951.549277,VS0,VE0
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
content-length: 1108
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png
108.167.140.136200 OK 386 kB URL HTTP/2 thequeensescape.com/wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 884 x 281, 8-bit/color RGBA, non-interlaced\012- data
Size 386 kB (385740 bytes)
Hash f5f4dadc12f2095457c222d305a98385
054b4a891d2a2c3fd2d378aaf6e9e1d1447599ec
74ecdf4c6a34157fc496e23e91d1c1e5b8a6505e7014d85b6580ac24f122a2e6
GET /wp-content/uploads/2020/09/cropped-TQE-newest-banner-1.png HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 08 Sep 2020 17:45:37 GMT
accept-ranges: bytes
content-length: 385740
content-type: image/png
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
108.167.140.136200 OK 77 kB URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://thequeensescape.com/wp-content/themes/ashe/assets/css/font-awesome.css?ver=6.0.2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
content-length: 77160
content-type: font/woff2
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/uploads/2020/04/cropped-QLogo-32x32.png
108.167.140.136200 OK 2.3 kB URL HTTP/2 thequeensescape.com/wp-content/uploads/2020/04/cropped-QLogo-32x32.png
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash bfa3f0092d461e80f51b30ab5fa21dfd
6c580b1c67bb413f89883f11265066484a3c64ea
2fe38259678102b0e58fc32af42f3a5ef84ceec402322736c194c189cf228e65
GET /wp-content/uploads/2020/04/cropped-QLogo-32x32.png HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 2260
content-type: image/png
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/uploads/2020/04/cropped-QLogo-192x192.png
108.167.140.136200 OK 40 kB URL HTTP/2 thequeensescape.com/wp-content/uploads/2020/04/cropped-QLogo-192x192.png
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 42ab481e6e5dce69fbd17d4b88760752
ca8ec06e87eb136bf1d3532130767af3a4884506
220fa076ad5a128fd0701c3f29fc21b8b2d6c9e8724459ac085cd359e0d10a62
GET /wp-content/uploads/2020/04/cropped-QLogo-192x192.png HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 18 Apr 2020 08:42:24 GMT
accept-ranges: bytes
content-length: 40468
content-type: image/png
date: Fri, 09 Sep 2022 13:25:50 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3039
Cache-Control: max-age=88277
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Etag: "6319e8d4-1d7"
Expires: Sat, 10 Sep 2022 13:57:07 GMT
Last-Modified: Thu, 08 Sep 2022 13:06:28 GMT
Server: ECS (ska/F719)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6495
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:37:35 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6008
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 11:45:42 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
bam.nr-data.net/1/a53393d12f?a=453137&v=1219.PROD&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=451&ck=0&s=3108d6bf1aba66b8&ref=https://snapwidget.com/embed/705883&ap=44&be=185&fe=141&dc=55&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1662729941389,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:4,%22rp%22:124,%22rpe%22:131,%22dl%22:145,%22di%22:226,%22ds%22:240,%22de%22:241,%22dc%22:325,%22l%22:325,%22le%22:328%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken
162.247.241.14200 OK 68 B URL HTTP/1.1 bam.nr-data.net/1/a53393d12f?a=453137&v=1219.PROD&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=451&ck=0&s=3108d6bf1aba66b8&ref=https://snapwidget.com/embed/705883&ap=44&be=185&fe=141&dc=55&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1662729941389,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:4,%22rp%22:124,%22rpe%22:131,%22dl%22:145,%22di%22:226,%22ds%22:240,%22de%22:241,%22dc%22:325,%22l%22:325,%22le%22:328%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken
IP 162.247.241.14:0
File type ASCII text, with no line terminators
Hash a63df29d6e0417cc1d00d8743d0ae34c
4fe2dc626d476e9a32c8982587e33fbc8aaf7b0b
025635a81f1246880710db88c48cd051393836cfd7016eb9f4aac7ac7b739a4e
GET /1/a53393d12f?a=453137&v=1219.PROD&to=ZlNSMUNXWBcFW0FRCV8ZcQZFX1kKS3lFSDp5QkQVbXVZChBKWlQKVERDOXRbVAEAe1pWEkNZXAlURHYXDFdCbRVURHUIU1NS&rst=451&ck=0&s=3108d6bf1aba66b8&ref=https://snapwidget.com/embed/705883&ap=44&be=185&fe=141&dc=55&af=err,xhr,stn,ins&perf=%7B%22timing%22:%7B%22of%22:1662729941389,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:0,%22c%22:0,%22s%22:0,%22ce%22:0,%22rq%22:4,%22rp%22:124,%22rpe%22:131,%22dl%22:145,%22di%22:226,%22ds%22:240,%22de%22:241,%22dc%22:325,%22l%22:325,%22le%22:328%7D,%22navigation%22:%7B%7D%7D&at=ShRRRwtNSxk%3D&jsonp=NREUM.setToken HTTP/1.1
Host: bam.nr-data.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2022 13:25:50 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 7480408f2dc0b529-OSL
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Server: cloudflare
Content-Encoding: gzip
scontent.cdninstagram.com/v/t51.29350-15/302386060_3162702923993058_8021699530736520297_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=SeulVrrSJYQAX9MCoXQ&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-FW8MTOcF2OtUgXXicPGJ9UXiSWxNRpNif0usPNwlZOg&oe=6320328C
31.13.72.53200 OK 55 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/302386060_3162702923993058_8021699530736520297_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=SeulVrrSJYQAX9MCoXQ&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-FW8MTOcF2OtUgXXicPGJ9UXiSWxNRpNif0usPNwlZOg&oe=6320328C
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Hash d1c5884b3cc9285bc5e014fe3fd85963
c4d502809f40ad594f3281a0d1284871ec4ff031
5d86749531c52125e7b787ce78af9dc1fbfa86e702dea22452f19bb3b2aa1abb
GET /v/t51.29350-15/302386060_3162702923993058_8021699530736520297_n.jpg?_nc_cat=109&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=SeulVrrSJYQAX9MCoXQ&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-FW8MTOcF2OtUgXXicPGJ9UXiSWxNRpNif0usPNwlZOg&oe=6320328C HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Thu, 01 Sep 2022 10:04:46 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 1392867941
x-needle-checksum: 2254941254
content-digest: adler32=2254941254
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 54993
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/305223409_659601691856460_7090002961202109916_n.jpg?_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=l4DP5rk3pGUAX-cPcZt&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8-6FQuhPKPdJfh0vWM0sVJ8SurcU6yu5oJI2F-TESHrg&oe=63206AC2
31.13.72.53200 OK 71 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/305223409_659601691856460_7090002961202109916_n.jpg?_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=l4DP5rk3pGUAX-cPcZt&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8-6FQuhPKPdJfh0vWM0sVJ8SurcU6yu5oJI2F-TESHrg&oe=63206AC2
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Hash 343d9cfc3b71a7bfd8d2d57d434ccb98
4a4361757d4a00d582207eaa076cd598bbe7d35a
929190f1cfcaaa8739236191f486e411ca10f0b75f49e2a1b630d18110817b62
GET /v/t51.29350-15/305223409_659601691856460_7090002961202109916_n.jpg?_nc_cat=101&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=l4DP5rk3pGUAX-cPcZt&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8-6FQuhPKPdJfh0vWM0sVJ8SurcU6yu5oJI2F-TESHrg&oe=63206AC2 HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Mon, 05 Sep 2022 00:12:30 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 105019413
x-needle-checksum: 1657581890
content-digest: adler32=1657581890
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 71175
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/300238276_449251240470525_3840489065997612201_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=84xs5bcklGkAX8Pn1EO&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8KYnxQhFknzi5lqMxbL_hvT4Sax2HhFgj0rLDIIrzEnA&oe=63202CDC
31.13.72.53200 OK 123 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/300238276_449251240470525_3840489065997612201_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=84xs5bcklGkAX8Pn1EO&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8KYnxQhFknzi5lqMxbL_hvT4Sax2HhFgj0rLDIIrzEnA&oe=63202CDC
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size 123 kB (123290 bytes)
Hash 3b61eca76ae66c12b9b1cadc3d42b201
bf0a61e5c7ca52317fde0bf2fb00a28151a14f5a
d737320da5ef18ed354af84a942a24294e55bd38947c2953a34a2f3a3e7679a5
GET /v/t51.29350-15/300238276_449251240470525_3840489065997612201_n.webp?stp=dst-jpg&_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=84xs5bcklGkAX8Pn1EO&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8KYnxQhFknzi5lqMxbL_hvT4Sax2HhFgj0rLDIIrzEnA&oe=63202CDC HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sun, 21 Aug 2022 10:01:18 GMT
x-haystack-needlechecksum: 481931230
x-needle-checksum: 949444859
content-type: image/jpeg
content-digest: adler32=4060807364
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 123290
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/299507298_1140336400199609_6221579676075730298_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=IJV-kw0OhwEAX_McDLY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8a3rikX6lz-l_5eTAFIlJ75DXZHR0THi4CCLtOJZV-Gw&oe=631FFFDE
31.13.72.53200 OK 257 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/299507298_1140336400199609_6221579676075730298_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=IJV-kw0OhwEAX_McDLY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8a3rikX6lz-l_5eTAFIlJ75DXZHR0THi4CCLtOJZV-Gw&oe=631FFFDE
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1350, components 3\012- data
Size 257 kB (257047 bytes)
Hash 988a672ab4440e72e3b60e07fd148e56
887f92a076a28b5806c021e687f7af3cb1952c57
45ca6955a9f09eee5bf473314cc452f0a4d314c834da1218a0dc10b485915555
GET /v/t51.29350-15/299507298_1140336400199609_6221579676075730298_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=IJV-kw0OhwEAX_McDLY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT8a3rikX6lz-l_5eTAFIlJ75DXZHR0THi4CCLtOJZV-Gw&oe=631FFFDE HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 16 Aug 2022 04:25:45 GMT
x-haystack-needlechecksum: 3307334474
x-needle-checksum: 811688120
content-type: image/jpeg
content-digest: adler32=2898683015
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 257047
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2bbc4c1bfe98582e4429ed525d93aa48
146bf05611c99b525c30f788a112456a9fee425d
ed739fa52f4bffc4c183081955519c69b30dca543b096fd9e06f235e1d53ecc7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5023
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Sep 2022 13:25:50 GMT
Last-Modified: Fri, 09 Sep 2022 12:02:08 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471
scontent.cdninstagram.com/v/t51.29350-15/300785005_772491627323947_1904365575442050555_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=B_GuFyM6P-0AX-704N5&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_EsEqupQfM9KYRBB7RaFbhb3CTwuZVMOdyXNHWG-ffZw&oe=63204647
31.13.72.53200 OK 177 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/300785005_772491627323947_1904365575442050555_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=B_GuFyM6P-0AX-704N5&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_EsEqupQfM9KYRBB7RaFbhb3CTwuZVMOdyXNHWG-ffZw&oe=63204647
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size 177 kB (176561 bytes)
Hash 8d1bf229e9d3ba1b68d65326cc810e77
43230b82111962a858aa17e6dad5cc346aa08020
8a9a689799b67be1bdb62c059afe0740922d77354c6ae4698602827079982b8b
GET /v/t51.29350-15/300785005_772491627323947_1904365575442050555_n.webp?stp=dst-jpg&_nc_cat=100&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=B_GuFyM6P-0AX-704N5&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT_EsEqupQfM9KYRBB7RaFbhb3CTwuZVMOdyXNHWG-ffZw&oe=63204647 HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 23 Aug 2022 04:05:09 GMT
x-haystack-needlechecksum: 3283498827
x-needle-checksum: 718294705
content-type: image/jpeg
content-digest: adler32=2646180015
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 176561
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/301224609_522376032982261_8860578228373543903_n.jpg?_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=wI4wQRQxNUwAX-wm8IY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9-kGfO1jKkO63P5PzNZgVy0VIMR-CrrpOoVgQrEwTS4Q&oe=631F6DB6
31.13.72.53200 OK 192 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/301224609_522376032982261_8860578228373543903_n.jpg?_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=wI4wQRQxNUwAX-wm8IY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9-kGfO1jKkO63P5PzNZgVy0VIMR-CrrpOoVgQrEwTS4Q&oe=631F6DB6
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 540x960, components 3\012- data
Size 192 kB (191869 bytes)
Hash ab302a285aadf2dcf9b63f044796bd6a
7200f76332353160379c204283f2815a0da95019
587d087e0681fadfbe45f7de728fcc97dcf754b791e83b863009f370be8549d8
GET /v/t51.29350-15/301224609_522376032982261_8860578228373543903_n.jpg?_nc_cat=105&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=wI4wQRQxNUwAX-wm8IY&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT9-kGfO1jKkO63P5PzNZgVy0VIMR-CrrpOoVgQrEwTS4Q&oe=631F6DB6 HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Fri, 26 Aug 2022 10:22:32 GMT
content-type: image/jpeg
x-haystack-needlechecksum: 1999119380
x-needle-checksum: 2384835369
content-digest: adler32=2384835369
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 191869
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/302090844_3117023888607633_4173839149446585899_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=-ykkL4KjXAkAX_pURcx&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-mqd39ixv9eYuudiyO_W_RbLuo3xXjbxBWV3i2FhcvEQ&oe=6320FE18
31.13.72.53200 OK 238 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/302090844_3117023888607633_4173839149446585899_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=-ykkL4KjXAkAX_pURcx&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-mqd39ixv9eYuudiyO_W_RbLuo3xXjbxBWV3i2FhcvEQ&oe=6320FE18
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1079x1349, components 3\012- data
Size 238 kB (238292 bytes)
Hash 1b8ce2fa82ddb72bbfccdc4a33ea5a72
cfec8c2a8ec036014864135392319070a0ed3f9a
207836f11e661c7e13d14efcac9a21351fbb551e3b5a5b83fe4c49b3fcaff5af
GET /v/t51.29350-15/302090844_3117023888607633_4173839149446585899_n.webp?stp=dst-jpg&_nc_cat=104&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=-ykkL4KjXAkAX_pURcx&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT-mqd39ixv9eYuudiyO_W_RbLuo3xXjbxBWV3i2FhcvEQ&oe=6320FE18 HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Tue, 30 Aug 2022 10:42:09 GMT
x-haystack-needlechecksum: 1864183193
x-needle-checksum: 4074026190
content-type: image/jpeg
content-digest: adler32=606457263
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 238292
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
scontent.cdninstagram.com/v/t51.29350-15/300644717_1028811554431355_1629857985078990935_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GMd4ALd7H2kAX85tCS3&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT83tYh4AaB9yAG33NnLdztFRBhl8rtaaXhyEfnu536asg&oe=631FBD39
31.13.72.53200 OK 438 kB URL HTTP/2 scontent.cdninstagram.com/v/t51.29350-15/300644717_1028811554431355_1629857985078990935_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GMd4ALd7H2kAX85tCS3&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT83tYh4AaB9yAG33NnLdztFRBhl8rtaaXhyEfnu536asg&oe=631FBD39
IP 31.13.72.53:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1800, components 3\012- data
Size 438 kB (437830 bytes)
Hash 1f67ac11b2f574ebae9b7c6344122480
a57b77eddfbd6044fb1f6795bea20eb68e32b296
a08c0bd4b9e0cf8f3564a0311baa4878a18908da8ab9bb457f27f863199349ae
GET /v/t51.29350-15/300644717_1028811554431355_1629857985078990935_n.webp?stp=dst-jpg&_nc_cat=102&ccb=1-7&_nc_sid=8ae9d6&_nc_ohc=GMd4ALd7H2kAX85tCS3&_nc_ht=scontent.cdninstagram.com&edm=ANo9K5cEAAAA&oh=00_AT83tYh4AaB9yAG33NnLdztFRBhl8rtaaXhyEfnu536asg&oe=631FBD39 HTTP/1.1
Host: scontent.cdninstagram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Sat, 20 Aug 2022 00:51:56 GMT
x-haystack-needlechecksum: 1625528505
x-needle-checksum: 975954516
content-type: image/jpeg
content-digest: adler32=3283876425
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
content-length: 437830
x-fb-trip-id: 1512268381
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13252
Expires: Fri, 09 Sep 2022 17:06:42 GMT
Date: Fri, 09 Sep 2022 13:25:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5fdeb374d4e3669ce5d9ff2cd22cd19
70ede5692526afd351d134a391383461dafdc64f
10c5d8e41aae1a36525a45375966b5067333f0c7edc176a540fd6527ebe1ad8c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc632269f-fb89-42dc-acc4-f733f3d7beb7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4532
x-amzn-requestid: e5694699-7f38-4542-8808-54bda7ee7d86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIMmGGUmIAMF2cw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63198e26-1aa6788e24fcfdf0008bee21;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 06:39:34 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: smtzoqnzJiET63xsW_r_-eVNsTK01mGqRbvuwekbqjnzS6Sb1fw9HQ==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:54:58 GMT
etag: "70ede5692526afd351d134a391383461dafdc64f"
content-type: image/jpeg
age: 52252
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7afe346e3b24ea4388913b449d1ffc42
f5348ba99fb8966dded580409108316f4e4e1237
1d1cafc3e99c20b23212679838567d4d5fc98c45cf902188e44b25ff2982c8ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9258cc3-ebbf-4d4c-85d1-6bc185623583.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8354
x-amzn-requestid: e7ec7e84-0924-4f5f-b289-4c750ea99567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQgHHnNIAMFlrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6133-49565105361ec7f76cb818e0;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:40:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: DvCs6zEt1p58iwZaXfuF9YFA-fieE5Y974E07YMNYPiaGbR5iuXK-A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:45:51 GMT
age: 56399
etag: "f5348ba99fb8966dded580409108316f4e4e1237"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9590b525c8b07a297c8784f02b161a1
cec8428d159a5bde29e89c64cfb04146f759d52b
d309772ce79d36f7b1df0a3ea85a01f8278db2909c860721d105b772efed82ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F793f20c6-757e-47e5-8ab6-4d73ceae75af.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4002
x-amzn-requestid: ea2f5309-e220-4b7e-b718-9339b9444cc2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKQ6hHM8IAMFeJQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a61dc-7d45fd9253b7b7fa732b6f8d;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:42:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: VD7SlrM2RwFk5cfQvul2bTJA__GPYd5_UPY0D0_5NGLHoBj3yur7PA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 5abfab33f248090bb0f31ca137ce9464.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:05:15 GMT
age: 55235
etag: "cec8428d159a5bde29e89c64cfb04146f759d52b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60fa03262bb3728f24a4c7a8177ec788
09dcbdc6043f01dd56920cca3ce3920d0d07b795
e7448f186933f9848f1d55f0e8dba593918846d02fb9cc3a7cd86d69b96a7fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7515
x-amzn-requestid: bb6a7928-9bdc-44e7-8478-b415bc504343
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YJu0bGYdoAMF5jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a2b4f-208339fd72e62dff4a2ba339;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 17:50:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: UaU9GK4lcCuAN2WghBDa7f-21dRTA4Fh1tlAmGFMKh4wQOGZlKdmOw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 21:46:49 GMT
etag: "09dcbdc6043f01dd56920cca3ce3920d0d07b795"
content-type: image/jpeg
age: 56341
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf8614d876156699bdf11897c45e9ae8
ff2c27cf141c68259e6e85020b01efc5d41730a6
c89d6a2fdc789fc725e8bac99774f9f9f0b22000f57d32f5611525bca30002d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F734c0779-c033-4fb9-aef7-ec81416744c3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6365
x-amzn-requestid: dc414175-8174-4fa8-812b-1f72de48d5f7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YKRBYEt8oAMFmyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a6208-1c2417b120725a9a0642620a;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: lvOUBfECM7qlwpj9suDt1A4TRrvdYTsqOQGCNkf3pYYrIHHqZczRcg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 33d72803ad26b392c1b578a2b1276580.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Sep 2022 22:12:19 GMT
age: 54811
etag: "ff2c27cf141c68259e6e85020b01efc5d41730a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0078c7a407144a1ede33aef6f734eecf
113393e0dbabb3aff949d19ab6517ba1082b622d
42afcaf15e45dfa9aff14f59f69d60a3de127005e35783d2d35a4cfa652b57b3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F498f96cc-d02c-4ca3-a7e2-0be324253465.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3125
x-amzn-requestid: 5820e798-6469-40f9-8d70-ee71f1a163b9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YLM5GGQAoAMF8eQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631ac1d3-3a0e9db848ea7ab145f1cffa;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 04:32:19 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: eZaKpjBYe3Qn7vs3zF52Cxob-xu3LMFs8esQAu6Lp6bzM0aOEHoXVg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1352c0a623ff0601dd16439f3f225f70.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 04:32:54 GMT
etag: "113393e0dbabb3aff949d19ab6517ba1082b622d"
content-type: image/jpeg
age: 31976
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
snapwidget.com/cdn-cgi/rum?
104.26.8.123200 OK 136 kB URL HTTP/2 snapwidget.com/cdn-cgi/rum?
IP 104.26.8.123:0
Size 136 kB (136295 bytes)
Hash b499d40a27d6a90f6aed1998b9928f45
e333d26ce6913fd75aebf19ac20a94f93b07eec2
a8ad71979cd2e48c85a6d47f6f147773f1a6d2a97390412c7e54d4281de05bb2
POST /cdn-cgi/rum? HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: VQICUlZUGwcFV1BRAA==
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE0NTMwNyIsImFwIjoiNDUzMTUwIiwiaWQiOiI0ZjM5ZjI4MWU1OTYwZjg1IiwidHIiOiI3OWY1OWI1YmU1MTA2Y2NlMzhkODllY2Q2NWViY2E2MCIsInRpIjoxNjYyNzI5OTQxNzIxfX0=
traceparent: 00-79f59b5be5106cce38d89ecd65ebca60-4f39f281e5960f85-01
tracestate: 145307@nr=0-1-145307-453150-4f39f281e5960f85----1662729941721
content-type: application/json
Content-Length: 3237
Origin: https://snapwidget.com
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/plain
access-control-allow-origin: https://snapwidget.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7480408e58470b65-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
stats.wp.com/e-202236.js
192.0.76.3200 OK 0 B IP 192.0.76.3:0
GET /e-202236.js HTTP/1.1
Host: stats.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6197c5cf-3508"
content-encoding: br
expires: Mon, 28 Aug 2023 02:01:00 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT arn
X-Firefox-Spdy: h2
snapwidget.com/js/snapwidget.js
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/js/snapwidget.js
IP 104.26.8.123:0
GET /js/snapwidget.js HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"630341e7-560f"
last-modified: Mon, 22 Aug 2022 08:44:23 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 916488
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=in8S7lLhCO1qHQugSWzZkT2TdV2nG9aopp%2ByyNhDM5yVIo5I6oUielBhS%2B4ABfIfDWVSiLCHkkUB%2FgfBj%2FKvF8PyTY%2FFFDclkqTtvNQKGnA8dHQ9hVoOsIgLLsr0mHA8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408a1bf00b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FTheQueensEscapePH%2F&tabs=timeline&width=330&height=400&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FTheQueensEscapePH%2F&tabs=timeline&width=330&height=400&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
IP 31.13.72.36:0
GET /plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2FTheQueensEscapePH%2F&tabs=timeline&width=330&height=400&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: oQat7jFvvQljiRWggPyLg6OxoZ5zv+639MbiJA5MiyguwXBJhqicACNUY7rK8BygBxMh1Yf42EK1ijroReiAtA==
date: Fri, 09 Sep 2022 13:25:50 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
snapwidget.com/js/embed.main.min.b61fafc5de1ae792.js
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/js/embed.main.min.b61fafc5de1ae792.js
IP 104.26.8.123:0
GET /js/embed.main.min.b61fafc5de1ae792.js HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"63034249-b2e"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 935584
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYvsQigF76FueuYWwxX5wIngfnDGv%2FD6wxWQxkKLPKNkOs0KBcac1kkBdVVOGzO5rH6%2Fro%2BbFDkBEfFr3q0XCB4r2ih%2BLKLYx%2FFhYDr3npLRmOAxzTiUmNm%2FnQjOnqns"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f3f0b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
snapwidget.com/embed/705883
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/embed/705883
IP 104.26.8.123:0
GET /embed/705883 HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=300
expires: Fri, 09 Sep 2022 13:27:09 GMT
x-robots-tag: all
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
last-modified: Fri, 09 Sep 2022 13:25:09 GMT
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dDUMAdenWg2rj4TQLnR0mdcL3AYF7MYWxCghAiKp61jy9ovUy38mEQS5WzyromMDvxQmrNWyibXz%2B8XeMyHfSSYQvqKKPkm4WahTy%2FMJO0kJZljerw4vOOmM5VinjkgD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408c4e330b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
snapwidget.com/stylesheets/embed.vendor.min.760717b3f565c387.css
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/stylesheets/embed.vendor.min.760717b3f565c387.css
IP 104.26.8.123:0
GET /stylesheets/embed.vendor.min.760717b3f565c387.css HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/css
cf-bgj: minify
etag: W/"62f0b6de-937"
last-modified: Mon, 08 Aug 2022 07:10:22 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttltRI6MH%2FgT8P421MsYrycHRQ3BvM6yJRsYrwn0K5gMoeY93MakYAA61SeDTjVqVhEHbrcpR7HNmKZxAiXdS1Eu05Uxg9f4b9CU8mysN7s%2Bbamo3QVCNcCDU1soc7Hg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f360b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0
IP 142.250.74.10:0
GET /css?family=Open+Sans%3A400italic%2C400%2C600italic%2C600%2C700italic%2C700&ver=1.0.0 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Sep 2022 13:25:49 GMT
date: Fri, 09 Sep 2022 13:25:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
snapwidget.com/stylesheets/embed.style.min.307799cd3bc5b2ee.css
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/stylesheets/embed.style.min.307799cd3bc5b2ee.css
IP 104.26.8.123:0
GET /stylesheets/embed.style.min.307799cd3bc5b2ee.css HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=15975
etag: W/"62f0b6a9-3e67"
last-modified: Mon, 08 Aug 2022 07:09:29 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402472
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cs%2Bzdh%2FWCH55Tbezo6ioknio7dK1uZQ0b%2BvhBy6yzTpFHkXGIxQXyZplVrJUwfWa9Y9d0Rbpj8bcEef5sy4X%2BdhTU6j5pojqs%2BWKQx12ikVuIplrXjb4PjV6UCUquupZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f380b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
snapwidget.com/stylesheets/embed.grid.min.4069f6f840f9102b.css
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/stylesheets/embed.grid.min.4069f6f840f9102b.css
IP 104.26.8.123:0
GET /stylesheets/embed.grid.min.4069f6f840f9102b.css HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: text/css
cf-bgj: minify
etag: W/"63034249-899"
last-modified: Mon, 22 Aug 2022 08:46:01 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402451
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bF6ZvLuVbuc43gTFwK4vDZ2vVVyNeamVmmYoaWc%2FO5HKRUWSTPDqN6gNWymkfAMX%2B8Z3W1F%2F%2FIyaMw3qM1fKiu5LcITDY%2BK7OBHejlIBbds1FeNujeJAyG8yQFOR7hTo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f390b65-OSL
content-encoding: br
X-Firefox-Spdy: h2
c0.wp.com/p/jetpack/11.3/css/jetpack.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/p/jetpack/11.3/css/jetpack.css
IP 192.0.77.37:0
GET /p/jetpack/11.3/css/jetpack.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Tue, 19 Jul 2022 17:25:16 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/jquery/jquery-migrate.min.js HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
192.0.77.37200 OK 0 B URL HTTP/2 c0.wp.com/c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
IP 192.0.77.37:0
GET /c/6.0.2/wp-includes/js/mediaelement/wp-mediaelement.min.css HTTP/1.1
Host: c0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Sep 2022 13:25:49 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
content-encoding: br
expires: Sat, 09 Sep 2023 13:25:49 GMT
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
x-nc: HIT arn 1
timing-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
X-Firefox-Spdy: h2
thequeensescape.com/wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2
108.167.140.136200 OK 0 B URL HTTP/2 thequeensescape.com/wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2
IP 108.167.140.136:0
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/ashe/assets/js/custom-plugins.js?ver=1.8.2 HTTP/1.1
Host: thequeensescape.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thequeensescape.com/quiaut/charts-459145349.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 Aug 2022 06:43:49 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 09 Sep 2022 13:25:49 GMT
server: Apache
X-Firefox-Spdy: h2
snapwidget.com/js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js
104.26.8.123200 OK 0 B URL HTTP/2 snapwidget.com/js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js
IP 104.26.8.123:0
GET /js/vendor/iframeResizer.contentWindow.min.0da4d54c7d115e53.js HTTP/1.1
Host: snapwidget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://snapwidget.com/embed/705883
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Sep 2022 13:25:50 GMT
content-type: application/javascript; charset=utf-8
cf-bgj: minify
etag: W/"62f0b6c4-5452"
last-modified: Mon, 08 Aug 2022 07:09:56 GMT
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1402450
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbmOxNZYRHB0%2BTpL1wE5e7BRqTHKKfBVcagpDhZIXWSHYoQtat5XVOyGIK2kxiO7%2F1yof21IkmjDpRXyaeq4ejsLSa6Yv%2BvYv6%2BPs5FwY%2BSZJBCpYyo2sTdT5AWUacyZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=2592000
server: cloudflare
cf-ray: 7480408d4f400b65-OSL
content-encoding: br
X-Firefox-Spdy: h2