r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6517
Expires: Tue, 06 Sep 2022 11:47:12 GMT
Date: Tue, 06 Sep 2022 09:58:35 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 09:12:29 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YnigwOIA9bN2xGb7mxPamPf2xecVjEyGOclLKrqTlczF4xaxZGziMg==
Age: 2766
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ryAH8cO1KW5hekpNKwRXE4qeDR0LBSzxN1jQAKsEF_RTUeSrZ12gWg==
age: 31398
X-Firefox-Spdy: h2
balletmagazine.ro/
104.21.96.107200 OK 48 kB IP 104.21.96.107:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30466), with CRLF, LF line terminators
Hash fdf5cd47033cd82e4bbdb13e99056078
d747d562195a78b9dea169129fdc96db0200d270
606d5e241b95cec16721ea8ccddaf7893fa2e0d40c59c09279b12aa982cbe378
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
link: <https://balletmagazine.ro/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6SuqDWIpVuMuEJhQdGPFFiEyercXNfrLnlj0GFtmmgl70WbuPYMk2BPqB6EcNpk%2BmLvGdW2p1bNvRTodnbqvo7itqW7%2FQpuSfUSNdZyEIdbRuQPo0pAzfF2%2BBui6igosy0OBg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d56b98b4f7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4
104.21.96.107200 OK 300 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4
IP 104.21.96.107:0
Hash d3e1f7fdc7d2165e7a3887d1466aa596
f8bc27d211ea6a9fff9a54bd56b6fe483816e1b5
d9e0137d0777fc5547580c831df1ad774ed8218b9f90955a6d57b1a7aa975d02
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 300
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 10 May 2022 06:47:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHx2YnD9tMgppQUpf%2FLHhObaA3t2jRDOrGPbEDTKuCtooHwJPFW0GkdK%2BO%2FPenqy47J4nVcCqeFYV289pg9HjgQPdFChyRww8jE6t5qwtZ4wH5LTzxlUmmm4SgKNgIo7A0hBVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d73e64b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
104.21.96.107200 OK 11 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (39791)
Hash fb05e752eec030b6f476138087d4d8a3
ebd274bb1c09e706c24cb638492d952eb798e2dd
50577406a44544dc7629fe3f6b78421cde604b620966387d0d0a37a25bf20baa
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 11182
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Wed, 06 Apr 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tGrWp9lZW5Ip%2F%2BEIyH49FGzMwa2wVp%2FoHiWTG8J7kTat1QFPT5fZ4thw%2BNexYtH7hwB%2FoCYg6JMicAEvF4daUNKvEbo%2FZCDGxeOtU%2B0NLRTKCG4823E%2FLq4U5Fe45%2Bsei24imQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d7391fb509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
104.21.96.107200 OK 972 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 104.21.96.107:0
Hash e355e7e30d2cbeebefa6977790886c3a
eccf1c43237a1de702ae36722813fa10d580dd4e
49d452b612934ceb8ce12bfadb85dac2f573d458337a9ae0da76705a8ae8b018
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 972
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSGv7IsBMIGcEak8uNTu2FfOxSWJIlQyJH6tiL%2FSOO44oUce%2FoYoBUSWMXHZg%2B4L%2FsMPq0u6WGcKTWtRemLI%2FwpBzQvxj1HW6RwKiQ3e8g4jkcaUCsSJEB7qE%2BYMu0HMCqMySQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d738afb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6
104.21.96.107200 OK 1.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (9099)
Hash d18c1fbce6db4fc0f693e2ef765aaeaf
80d427646aec01bcf7c144e92d4896ccffd50feb
f2860886b876336e7884986cce751727112ef4d07dbc43f7c71421ea87c6beee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1811
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ifznQSyZ7txGQjFEwRIoA5qEkbRm%2FPEMxu3j7pSdJVsA2MiYmgNxLes3ApV8WmruLmbwIzFGeV10Df%2BvtUS49noK4cTNXNdB0DIzu34EgJjvUyPxGcvrqgs2qoCq5gphPAVvAA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d73944b50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css
104.21.96.107200 OK 1.5 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css
IP 104.21.96.107:0
File type ASCII text, with very long lines (1730)
Hash 4c030ed3e806b7a96fb0d827bfbcca52
3a5b62d40dd2dfba58c5ddb0415aba83d1bf90c2
c7947780729a1b223d5c74c45ebab61f77d3d8703068550ba6ce67fdbc92cf77
GET /wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1503
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 19 Nov 2020 02:44:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3FUqn7WQFqFi0UywlQFW6IvT9vWqB2aVlN1kSSD0kls%2BZ7eZMP2C5EzzcdxHXrKiFFtNCSSvHr5fAJH4cqHrfb6Egza2Ul8MZF0NCr12SpNxUfTiH0zm30qeVDQlrfoxcbSYA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d74e86b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8
104.21.96.107200 OK 58 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (65134), with CRLF line terminators
Hash 01780d81bd36ab43ceaeda0f584cd23c
143deb8b9c3ba0be173c242ee3b26284dea54715
12f227968d867db8ba12bfd5d80858bac0a4051d6b920bcb83934ee05d1f6651
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 58453
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cg3ZurtqpG%2FRonfpIJvosPnLNQj1XliM%2F6o54G69cRyJ9E2DPds7INe3Hv4SHvgZUNtpeqc%2F%2FCShfd%2FK7Y9%2BGycdNRGke3S9xyU44CZYDz%2BVklNIDhmkKQzwkBl7qCcTNiDCeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d74938b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6
104.21.96.107200 OK 589 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (1390)
Hash 5647c86ebf12ca66aad900441ea2976c
f41202f5660ecaad5367d768661f0059fb4df2f7
97f527a40c3959fde9a8e862de87b8652e8c90cf4128c2084d45fc0b39f868ee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 589
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f26xmtl4uCisyvD2cCYq5XeL7HsWwf3X4UC0QoZJYX1eg50atZMmASwQTdcFLNWNVNiE%2BIyMEdCYYIOp%2BAfErHowQPgE8V7%2BywHJlE2jrzo7YL55JHqCFNbPtJGmCnyrKEqIMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d73e83b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8
104.21.96.107200 OK 1.4 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (10694), with no line terminators
Hash dcb503fee23af5ce7e781140eb69ce73
58a471d79ffb0b2a335aa98d49f9f30152f9f1c8
32fc1e62971f781eb47fe45152ae13c3f63748ee4de3c3745a33ccbec0d2e383
GET /wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1411
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TnWWgW%2Bs3y2Fc9CNUx9DCYds%2F950ERzS%2Fe4tqGOJKnsc2cwwDrn%2F8ir1GDJ4dDQ7N50zU2pePViFkXHXQg12k0o18IOX08gsViJ9e5q98dSbNQ6qPe%2Fa1XZk2rMO50KIWqdsXw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d7494eb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8
104.21.96.107200 OK 11 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (49734)
Hash d6b10700152077b25c68cfc6e5f5ecd9
892a9a9ceae8499df71a9176f40e3b98061fc8a1
7728cabdf6fb34a51722f0ab82851b14739de4c29b3edaed0026e8517547610f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 10891
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSyicigJgsH9rNVwFaigBeKOBYHct2k%2B6xvOzFC7I%2Ft2jFgz5ziGE59jrEs2K5f9E%2Fp1ad0V8NRrfIUHMwlUt7De4a8UK5WLJknFzVk8Lkk2rbRDDvpgO462QSatP8et%2BwJrSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d75e95b4f7-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 09:58:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0
104.21.96.107200 OK 13 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash a4a3a68df21cbce1269d7bfdfb0d3651
2fca9808c87293f011e65080cd8c90a540aaba42
d35c820d832f898ba185fbcf247a258849817eb05e782d04e128d226756a91b7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 12842
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cywmzwdBBqxHUVato2pit82IbN%2FJKRtEPWZ7qNm1vzQLcBpGVIz%2BK02umUq3yxRfxlMUrCJPaoiJcUNpRN6QF2zciBAjvOR5zdNN7tEVtcS13xRFjnKYv4O7ZBNFV5FwB1EQng%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d748c6b521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6
104.21.96.107200 OK 4.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (13426)
Hash f4be1e5bb243627ae5e7f2240b2b5015
ff05484a833d08561841ed91187f79be18ae97ad
158a3aea299f672a324fa5e1ff18a36e07fd4c56b5e127cadaadd290240c1178
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 4137
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3llVG3IJzJb2XNBHZ0cv4WnNAd%2F1UhIf%2BOtRxvl1mBeB8lbfEW0%2B9nRvc9XACaWEoLRW4rt8PnwVtrcjpqTPTw7nA3%2Fq3A%2FEnC%2BUBF1FAvQYI4zpG4YKcCzdL9wC9USU7%2FOzAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d73cb50b69-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?family=Oswald%3A400&display=swap&ver=5.9.4
142.250.74.10200 OK 508 B URL HTTP/1.1 fonts.googleapis.com/css?family=Oswald%3A400&display=swap&ver=5.9.4
IP 142.250.74.10:0
Hash 0fad5706604122b2d564f96aa8737e34
e5b3356ff94569474daef87acc92e71fe26daa88
4b8b0ecf50c67a23d4b1e60b2c9c2e94599fa254cd9fe87269ed12c5eada451b
GET /css?family=Oswald%3A400&display=swap&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 06 Sep 2022 09:58:35 GMT
Date: Tue, 06 Sep 2022 09:58:35 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1
104.21.96.107200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash 5ce4357fd0365f2abbf242a64f8acee5
10f60b6beb9b564223999c4a61e9de3664e670e5
25266b0ffc17c7499cd894caa04714b2ca530cb6cd535ceedb9a8943e34a885b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 14578
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=beFiYS7pwB%2FziYHUQsnc3ZG9EFXBVRSvWoJmi3bEGD9v95HQ07o67XfzdzuanTlm9ShLdbmfptv3sSK9EXApU9G3ciJIYhdH6BLShH8%2FOLflivXq%2BItAmEV3gAld4TvgDNAD9g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d77982b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2
104.21.96.107200 OK 2.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2
IP 104.21.96.107:0
File type ASCII text, with very long lines (13825), with no line terminators
Hash b618c7163214d65c3f44a35df821c905
1df6f9cdd8952c293be36355332dc3a3acc95067
248b9d33d6fe3387053ab83f68b1226291055e7a88545a393df8db010b1b48ae
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 2793
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U%2FjAH%2FntFOSRRoIbZppbxmSkwB2%2FTmtcn4nkUhVTqp%2BoO1Hm%2FQ4qM%2FoAnJ1%2BDuUe3TDCbwOyFrx1LFAy3eqdKPlS4LPvohPPyknQlNmJT9oZPLCLFg4maSpndOdwEuvkF%2FOtQw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d78edcb4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0
104.21.96.107200 OK 729 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0
IP 104.21.96.107:0
Hash 9bda17729d21dce80fa2ae03edd2eb91
2d5f11891f28e68d85fa1009df925159d3e186c4
361bbbef454ca794cf52ab6e09616f4486b741d667d566b9a207d1f008fafdc0
GET /wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 729
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Wed, 25 May 2022 06:47:08 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xOO3sAZlFz4ffO4gmJvnrG98M6U8Hc%2B3%2BdE%2B8jK%2Flt7whGSEayn%2BjoYXZoJWC3JNq5qnkgz%2BJFssLz%2BRP7vOwH6oH39O5j%2FpWV4vWNFvlbSHl%2B0YVL6Axg1x%2BnqgNiUnjN48uw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d77eedb51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2
104.21.96.107200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2
IP 104.21.96.107:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6d20596f63c3608b853eabb2c6a05e2b
d4fd07ae1c1f39ce98e40e25654a3701945f4a82
420d140651b180e0f14dc1278645300facad4ba96f8197a81a51c86fedb8d88a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 14642
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ow0xTPFa2cFw%2BasQXn3IcdT1aP1l%2FIeC4ErmRncPouxX4jlX1K4zfXVIeoK9kRJPYgQ2ZoAORDdOYaRvsTaK1eOUfEAY1wegc4eisW4ZnJvHSYOTsfQHATtB1ijsfJbhQ2M4og%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d7799eb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8
104.21.96.107200 OK 560 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (1682), with no line terminators
Hash 088541d3f4072ba2a6c270ca758a1c3e
34a42dac71a1806a0dcb878053a46b6ebabc2109
141cbd57444b324bec15c0a9836968a23a0acc1fa3a3959a4f50857f801dc489
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 560
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Fri, 26 Aug 2022 06:47:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETLVJ4wtN1qTpeyM%2FQxWg%2FCYZihaZYNOMxbNcLWQdqyVqwgHpsTsOfj%2BcNyxsMU5Roz3BvZXZ5DHF7SvmCvIWsy2R14Iu7w7BE1EhXLjhdj6UzSRwhIWP8UZS76MjoylPBUAhw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d78d270b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
104.21.96.107200 OK 7.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (30855), with CRLF line terminators
Hash 34f4fe6d423142797546a5314db88012
0afa5a61ec28bc122c0954854a195837dfb15e68
d4a198eb295c32516a402ca73ea60fe72f807a33114b7fcbd533df6ba2899b92
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 7004
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDd0VrVSr1uUcrBMCFypMhWPytISGihTu5sXpLFL%2BjrDPvurrveR8neXrD2QRORh5K99de%2FnNLxUj4FFQYkpgh%2FVp%2BdsVm%2FqmTbOfqJBlqr5ytL8G0JgoYImyeuer%2BWFwFtTvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d79eeeb4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/main.css?ver=8.2.5
104.21.96.107200 OK 132 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/main.css?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Size 132 kB (131520 bytes)
Hash 9e56253fa96fb2f7bd3ff5128b861cb9
beca3d8718d6982fa68e7e6dbd3f118d0ec87d64
21909f19794f721c0a82a8085f9a3d8319403117c52c183477772253f86bbd35
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/main.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 131520
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TP%2F375n9Z%2BVhXLzzBsj2S99nPGuxN8%2Bxq4Rh0PfhNaLpWjINWevqpYyEioBi8QjupOaEFfY1j%2FuVozOunhKE%2FJVAfZVxxwDHcHFjZ%2B9kl6TCC9C6t8Aw9QMfhqHP%2Bq0AgAcBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d799a1b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/social-counter.css?ver=8.2.5
104.21.96.107200 OK 803 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/social-counter.css?ver=8.2.5
IP 104.21.96.107:0
Hash b43c78a31755b036425f584fcfc43333
a6a8493ac85bb8bf14fd6371b074443439f99528
dc0d3656a4c4344b1ae680b1103bd0893a6fbf4923df26c319838aa3fdd0bea6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/css/social-counter.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 803
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsNONfA%2F5BwsWjzIM22%2B7nJ%2FjVpYePiEjuEvCIRt3nFoKBxPW%2Fg83RILZDquyOGr2i28QtQGZ4PsPs%2Bps2QJdYs5qjIBkAoDGyIF9DSlbLqelSOG77JvrGnJq5e67L%2FiofElDA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d79d370b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
104.21.96.107200 OK 1.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with very long lines (6212)
Hash 1343449bf9423afa7bdf8ae241c08c33
b7e57332ed9e59451bdc57f283c2b1b62f7422cb
807800333ad17083dca69aa176b12a7e16830f43b76639c82a42143dc0b2dfa4
GET /wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1310
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lEGVmHwdcBL%2BtitAYh2yZZojkOUacCpR5W3yC3jFwbW%2FwlHqL5PtbYDWMvpgFPqsmUiihuCwmVUm8zmJVaQgus69jnFa%2F5J0o2B%2B0TdoAq6WMMPD9iwv01zLGNRE5J%2FMOAyIgw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d79f12b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/style.css?ver=8.2.5
104.21.96.107200 OK 440 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/style.css?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash 9c5307dde06b0dd96a7c3443b730866f
4080bd98383e08a64ef47829301d811f06487f13
a23769d84246b72fbb632215bf619405b7be8fc6f51defa8fc27fa017845c3b2
GET /wp-content/themes/soledad/style.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c137NNiqiGKqPfM21yIw2ULT6bv5kPP2ba9myJ4OtcWiAaV8ffcVdXXTT77STt0BJM4vfOxbe1UYSbPZUjMEOIE0nfX189x42GDWyS3uVgHpXqXaSnOFAJbnSIoFXP%2F3Qk82vg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d799c1b50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4
104.21.96.107200 OK 2.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (14965), with no line terminators
Hash bcbe99815e015557abc8c8ead023bd32
f1185c735e71b6c0a1ba68a3e221b9f6cad41264
ec15b77130c0563696b337675f8d5f811facda780ba1621469e24d848ee8db53
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1990
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xdLFyKQgWgbH4xlaJScLUVdTwLXx8pKs6ClpmHZPwgntu8%2BJ9gy4U2N9chPB3VsGGSdHqygPf2lvVtwJuhgZ%2FidRlwc9tY7nIkuF6govHyLijDPzNgilw71GPLZSYdWskIamLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d7890fb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/uploads/elementor/css/post-3970.css?ver=1662015150
104.21.96.107200 OK 414 B URL HTTP/1.1 balletmagazine.ro/wp-content/uploads/elementor/css/post-3970.css?ver=1662015150
IP 104.21.96.107:0
File type ASCII text, with very long lines (1250), with no line terminators
Hash 30edd65e46a0ae9b4583c0c973f1ec74
d82015f7124f00e03c7cc12ab2865c8ec6550364
d57a64fba511ae729b7cc2b8393518f2047d1f7b9bbd441ae2a61dcf126c3fac
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-3970.css?ver=1662015150 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 414
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:52:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i%2FYW%2FLOcAkk6VIXM70J%2B0InGTfAtx3VO9zRA9PsqmQPSDj6nwSEkzoHs4pnOAyk0w%2FdYjK9Z6Ydqj5zQyG6XO6FSS3AiP2fkJcIaj3zEfU3%2BdVRrF0LB5fqsjiP0fbogD2iKig%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d84fd0b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
104.21.96.107200 OK 3.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (19233)
Hash 72a65647874a407bf12f2b50f1aef2ae
3727b7b8b63c40299ce4f85186a04b9aebeb5032
019798e29fe8b572ae1363921494484bead80c515999fc5b7fb35fa8f37a7667
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 3915
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5XnkORUN%2FQ%2BE8RXjAo99ECHDT%2FHzJZDcszIEXuV0qoyoX%2BciE3NALpTSnoyx1o5gSbQd0oPSQZvtMBjSTfiT4cwgjqMtzQe%2FvKyY9WMk0R3OiqHPGNsP1SQ24x316pEhCZqbw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d84fc7b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4
104.21.96.107200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (65497)
Hash dced786015fe6ca9e795fa0512b0e9c5
870eb49074839c89b450efd7e03d726f8069f735
8cffae67449c6afac463166982e78e7c12225e1809078ea61e42899cad7b2e15
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 20222
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADdPQ7UeB%2FrEEjeOG1246f9NG6YJG7ipNYvV8Ar2aGroRRUJGClHz2JV1quOxU85e9hA3BGhzEpOvscQhp%2FlSwhumOaQT4ua7uUhJB2IFM6cPTnlz9iGCjlvagdIzTVcSgNpcA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d84df80b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/uploads/elementor/css/global.css?ver=1662015151
104.21.96.107200 OK 1.7 kB URL HTTP/1.1 balletmagazine.ro/wp-content/uploads/elementor/css/global.css?ver=1662015151
IP 104.21.96.107:0
File type ASCII text, with very long lines (14216)
Hash f4527a04a37f924bd6843aef68cc915c
9dae6b767f768898a38dc1c61475a911d17957c1
a4961062629fe9f50d94d8c4b999a00d034a459e9faec3ea2e0afe3da13af450
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/global.css?ver=1662015151 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1652
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:52:31 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bfuqVFwxqqBbXQjT%2BDLunzIzGWC3%2B2XPuD7GJxhNmHazP5cZfm0tAi0qHbH9wx63Op%2FazP2xjwcMHZxqJbYxZc7M3SObOaGLPWOCCcgW6B9NmWpEoWYyNOXT2EXpRaU9%2Fgzo3g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d84a92b50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43
104.21.96.107200 OK 2.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43
IP 104.21.96.107:0
File type ASCII text, with very long lines (9700), with no line terminators
Hash e0a86a233fdc68f018034b39e6acc8dd
b35870a5ba4653c46f794dfe1d450b088f3b1bc5
850f3d88c295549ba4c5b15b901ae48eff396156028dfcf7467b6dbeca111a9f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 2341
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bwpn43eJpxBAeCFk%2Br22op2p1u9DN6ep5FJf9dO3MKa2e36VNwNYeWX5fM%2Brj1gkmqQKgQna7Zoizne8ootskLRgKW%2BLaM0KRlQPztNIe0pNFrJC1bfhNsaan285CiDJdgTl8g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d85a3fb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
104.21.96.107200 OK 824 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (3432)
Hash 37b0886047bd869e153fd52867989cc7
583982bd616e700f82579a80a032d832d91c4735
46fbb61abcc2c019348932157a9fa3fda895a983b5fe0b950701cf85da7dd954
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 824
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:42:55 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bd4LK3nCx5Ehq8nAimzn5SahKM2NMmY1syDC4B9xsuo50ncYNYi1LbVnG4v2kkHFs9QLxqlc9%2F9yLqS1KBhl6NTEtbWtcQViETH7vD5Vd6RKyDDR0AfLQU54%2B2KtcvJVQijYwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d85fdfb4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4
104.21.96.107200 OK 854 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (13766)
Hash 551529258b1a693f5625017921ca3759
7e0491a9836e2e1830ef2c0068379af880450420
b325fecd3133b15e7332687ee07f6c94481257f09c66a34bbff1d5598f5401e9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 854
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rRkFpXg%2FErETnAuaMib%2BscHEuSs8ahJzAC5xH4FU57hqRtZJaECK5N25Ctbf0iwLdnstRdo3a4kyHqYAfLFk16FhZX3E7516iL1UtFmBP6M4CIJmxBz%2FxAvMjYNi%2FdH8WTgwEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d84aa0b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
104.21.96.107200 OK 31 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (65447)
Hash 554969c8ed0e4b5eece1261c4e1e9cd0
3b514b21c2e26b2caa15054e43ed00184a8ebc38
4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 30969
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 13 Aug 2021 12:21:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOozn8iYH%2Bl0iaiXs%2FYInmjiBawR%2F5WZGf7GALxjoYAnYImmUbID%2Bsw1kfLBSgWsWPC5rCJFZGrKvc7YmIaOfFgVsXlspJMv%2FSr5kvOdXHClRDPGOEyOHHPJHeZeqBg%2Bk73Jlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d85e060b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3
104.21.96.107200 OK 4.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash 2d69632c5fb2f8f28978cad757381619
62eecdf2295339490d0135780ff4ddf10b220a12
a4f5552d0a4b43edc285be23f53a0a9203f1d689dff9321e4346626289f773e8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 3966
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5zz7Dk607stZadHeU0jE1SiVf6frXdp71PfO4x%2B%2BeoItcC7U2IWedxj4UxfGaqlaVKmRPV2ASPfy5lfbyrpe8DXEhTmphKyJB25FHBmqweRLdiDgWznc5OkX1qT7xyfvlhHNBw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d85fdcb51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
104.21.96.107200 OK 4.2 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 104.21.96.107:0
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 4168
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R7lEGsZ53F9jV%2Fy8MnBslnRIkkQ30ad4PVnFtmrZwKvcHBl0COOymJwElwNVsr4xGKL1HYGM1og5b7XB5q9hWCzWL1ilDsuMwVFPH1Lt28u%2FJU%2FAqCQ%2FFm%2F%2FweCtuj%2FAmrwzLg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d85aadb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4
104.21.96.107200 OK 14 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (31759)
Hash d2d09e0251e0526c8fee881557a41656
94e413871c8c99ff801a541a14347be0347531db
627467b330a9b6997107c85f4bf56c9683303dda0a176cf5ad088d32a9f0b5f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 14461
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3%2FOVvgWiFk2c6QJ5UKDV4%2BuifvbyKOnHhorPUDJVGGg837rd4SjUbGJfqfiGozjwcnGRKqH1X8MRC5Ghltt%2FVYjG%2BJRBz5pmHMkhQ2QNYObxOqOcbpsekUjY4HKlqfJc1Jwq4g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d86a7db521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4
104.21.96.107200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4
IP 104.21.96.107:0
File type Unicode text, UTF-8 text, with very long lines (64131)
Hash 5c3702574ebc00121ae862afb15a5280
a3c03ed6be6215b0b313a27f8334847b1f25eb51
4c10f6972e96ef0ef49f0c0dddfa79d5a893867c2ae6a825a0f4f8d8ed8e6a79
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 19922
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IhU0E2%2Br3vEPNms803yYGiUEzAeyYG1%2FopLu0HEtQXw8IfBd30A3N7IxJawJLDWJ%2BODgyISsVM1N%2FxaFcxqDCZ0RyILIoH4xcyICWpgXs34mLvIDOEWr7Ad5dLzZyi%2BXKi5a%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d908b9b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
104.21.96.107200 OK 4.9 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (15224)
Hash c5861eec8c65717219134960db9e361e
7a9a5ed5ca3de9e30fa3c14d1ada2ecb6eb4505f
b96639b87d4a408e9cddadc6f2a1228cbb20678f3f069785fe0614c0db78430d
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 4937
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 13 Aug 2021 12:21:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlYI1G%2F3E8iB%2FZoyqxToBIKKm6kLKB3dmAbjeHn5Ecw3POI%2FXqJS%2FtKM%2B5%2FhTq3yKxHpleVgcLDUwGDpxNlWeHe40hXJYOdT01aZ5Fd9rT1pvVJEzdi8rgkIOnxpAWnTF48R5A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d90bcdb509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
104.21.96.107200 OK 2.6 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 104.21.96.107:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash c2fc17077428d552284c691d25aa3ded
b5a0a0fc41e5e19db63b6db787c706c6124cedb6
b239bfb18444bac17be1d684d9a670d5de358c883237aad27e194f71e3c65d17
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 2582
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aM0MZVofsc2UkIWsCVgzQWPYUcdr7oVbIxWGP1ZUYS41B7I3UTvsryugrDvIzqnmOJvjoofg%2B1mI95OGnLR%2FRt0%2FDuXayWzxo7jU0JSjrbsiJxy4GUA%2F35rqecASL6ELDVc18g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d91ec10b69-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f41565238dc856269109dcc30c34c535
28517f51eb3b6cd08981afbf878446d635430741
9e314961a8fca836481ea022db365cc463bcef3b5003c63ccece611b8ff77fe6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6
104.21.96.107200 OK 1.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (5477)
Hash 91ae572eda7d4a577e52ccbffa8c7dc8
a0e0d8acf4d52aed480bbef4ef5d4b1dc595144e
17b5043c047e8a251e06b6d642f5c7fd847b420faae08c21359de0439bcd4b9c
GET /wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 1808
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AL2KG6wxprKdfrEztywhzfwA0eLm%2BHeR14VZ3CUoqhRakSsHsUJZTG8EXqHaY%2BjTQTYTXgdjspQ0DE3zHUftzKh5iHC1ypdcmv9q%2FqprzBz8gX4KJjvSgH24SzGmW5eosNkKQA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d95919b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6
104.21.96.107200 OK 36 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 79166f8c0e16ad5dfee8fef85d6b568c
e7192c4f09f10b536d96061d55b0b019a26fa8ce
7fc2f696a3056a243c6dc61d111bc9f6bd1ce51311f0755f53e732eaa0adb4b6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 35676
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2BtSljo4rI8AMwJXqBh6VQIp0e1yagAB%2B32HBMDCDKzXI70R4P2fWqwoB9s39643unqJfTKgXQiMuU2Mssa5d6gz2WytmQvoWflAis8otqrM5hzbqjkLr3VTiXZzNvVEzvWRdA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d95c4cb509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
104.21.96.107200 OK 2.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 104.21.96.107:0
File type ASCII text, with very long lines (9680), with no line terminators
Hash be8270d30953f83f3137e2c7121e3656
1bbc1d1a19f27b4dd66c838214bf196862307078
9506efdf97a3132894069273b42fff14928e25579be11b57b3ab03aa426e1e23
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 2929
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ptjxshq%2FrcLLZBJ%2B63SehOxiiPeSvNSWgIAMzJTI4Dnf4UPvOw03CJoC6G7Pb4I0wrIf%2F7vvqW1aCU21D4VpNmYgxHo%2FjIl0O1beuZhL0BGiDk9X%2BNIGsQatN4JTeqYlC8oJ7A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d94c16b521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
104.21.96.107200 OK 3.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 104.21.96.107:0
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash a71f31ad8ab59495c235f70e11af94d5
dd92f0033787042cdc33b4f7a738cc1a8f1aaea2
02de035caef83e16f5631660c82c3c61e69e4a919f32552131136b5762dbe846
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 3925
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XTAE8D70k5o3N%2BJzuQcjVAUwTS7aq%2FHW4T781bHK%2BTyGThYUvElO1fDuLClXYzFU2v%2FMnY0yiDmvcLtgWNhzdD9rxAWXG82%2B6%2F%2F9JZ5vjQrramKyLelZ%2FD6StbdKIRH288XI6g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9490db51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4
104.21.96.107200 OK 1.1 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash cc467bb5d18a9c3c4808b267748b4318
36cbf86408ccb35e204172bca28bf0c6b726c385
feacb74068853206ff6d9040bce92f3d95a386c3803b0147f08c23235cc333dd
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: text/css
Content-Length: 1148
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Wed, 13 Nov 2019 09:45:09 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SBXKd4vZStspiNzQTbSdcgZ2pBo9RYvXsHhcdeLH1eAv9pBbrYIXee3OP0NHdm%2FNTlYMVYyFHvuOcQRV9TgYST36y8qbgK9zik1bK%2FjQmIFhCKnqzDOrOGNUuxhfWoT0Znjn7A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d94c27b50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6
104.21.96.107200 OK 14 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (23493)
Hash 75b798e6eec96f668c10ec1af0bdff27
b1013012e57bc4db0454b81a0a26185b68664d2f
6b84ca377dc75321d032aac6726c552caf581e6860ea391fd1844ae2a2206392
GET /wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 13756
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lr8xH%2FpLz%2BntYqxF2x%2BZhem4wSaAdozMItzAa1W5FR%2BcyFQUfxMdqdxqpmJU7JTJRKtmUnx5K%2BVk7sPhhODgNYO0pFmdjwTDEMnJq8OEf%2BzcRDGlClMr2xzn6tKYgkZa4LzzCg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d98f150b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6
104.21.96.107200 OK 2.4 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6
IP 104.21.96.107:0
File type ASCII text, with very long lines (7209)
Hash c24f217542eb02720fac0fd55bd8921e
74f084733e57ba209e7ded40220132fd20840f3b
cb6cababb9250d8fb131a48e5d129ce7d008230f2e07f2cd6895bc2ba70a12c8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 2437
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1rJlJvDOxMty69YXVkcr8%2BXOTWwvUki5erbK3YEgtAqzC2G7vzsdf924bX4zsJlGNP1dIblT%2F%2FIpIa9dW88s7revKyHDioptwHrZhDAX32EBeIGvv8giVdypfOMt633wdBvhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9b9b3b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0
104.21.96.107200 OK 1.7 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (3765)
Hash 1d87105c6857a225bf858e33ef57063b
9a31780a00952c16e8606369c3916d0fd2cb2f03
41ad0f2d38eda665205997eb28ea40804f280fbde8de3f94c7688a3e144edf77
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 1693
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbEAdw%2BPc2MZtVppqRb5GJvJov5iDAqKueRZv0H1rPaYS7UAPBZNURXahTn6sxFgzsJEbjNohz%2BTETad6VsdZTqEv9o1kdXSltBmscg1zTA3TbavQUWpe3mwGy7217TPBHf%2Bmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9bce5b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-review/js/review.js?ver=1.0
104.21.96.107200 OK 365 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-review/js/review.js?ver=1.0
IP 104.21.96.107:0
Hash 793b0c5e5f1bb569673e980a1cbc1ab0
c16a1633bc494ea6d56ac315863070d56fabdca3
c03e96d0b1eb30368976e63359ec908f4473bfbe48e83d218588d42eff918a9a
GET /wp-content/plugins/penci-review/js/review.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 365
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q6338o1N62W%2BS0e7Y%2F5x7mGJILW%2B6RVMu2Psbyz9BtaPGWURsEvub1niVNgBXNgW3VTeXqkeDXVHciO3b2Er%2B0lobWpe4ayoh5YALCrXUwrOP13Nh6dpm8wSan6LwuTJAUWBBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9bc9eb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0
104.21.96.107200 OK 1.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0
IP 104.21.96.107:0
Hash e706af7caeff1e349e05638e0587fbef
2db93df8c91ba32d5a5aad668134e57b4e788ca1
ba7d6ee3dc20ab1dd7557fe621c62e8f51c545e2327377ca8c384bb2c92dc3da
GET /wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 1094
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 01 Mar 2022 17:00:09 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MfXrV1FaASkEFn7xar6uRjMqamk2Mj5D15C4%2FVglyVOHpXZ43nd60B0KWwJU%2FVEnOsxqRtbg7a%2BBKcAHCwnLRe3DBzTX2CgW84vnAi1OvVjhvhvZPhnKFlTCVfN7GpOenrkfA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9b98eb51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js
104.21.96.107200 OK 377 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js
IP 104.21.96.107:0
File type ASCII text, with very long lines (520)
Hash b8fce8ade2c934911eebcda529224322
533706bef2c32af2d2437b79e881b918ff5dd472
6031f2ad0e2526b4b7181b9ddfa75c0ad45fb3319ee5da7a04a695e45f103438
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 377
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 19 Nov 2020 02:44:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFw%2B2wDowziTLqHY6p%2FWkDOHterVglndVBj9bqyyIIFkp8fsS%2FDCYHPEadRxVP2ykeH0UXrz4VmCK3E5q63%2Fk8vtyVLJokCRgtgKRB4gGvNXjpAHJqXcLolBmGtiaMMfsH520A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658d9bcbcb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8
104.21.96.107200 OK 40 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (65306), with CRLF line terminators
Hash d23ff243d2bd4572fc71b5e66bccc95f
662e91d8dadf8338b8d90d48507bbf03c7bc98f3
5da60a0a05c0b59d94da2b9d51eef93bb2df66704883a5a16074e101a5a8582d
GET /wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 40470
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=61MQqq5URqV9wvuJIFBa9HvkG3xfBSh%2BTeNcn5qu2Wv3QpuyUYGtiFKejngPM%2FgC%2B4kbh4Xd2ZM8u2r38hCLMwl52IqyxdNsVHwlg96m%2BakAHhu6o3RGIWfnFEg%2FJfEPq4kF%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da3fb50b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8
104.21.96.107200 OK 52 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8
IP 104.21.96.107:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bf3d601906d9f332b0dd9057fd835a9d
f62a7a395f11f90ad8aa2995e341b0b24e22372b
38c449102d4eccca193cb6ed658813b0fd37ed9591fb975568a6b57932290c2e
GET /wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 51760
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzXS8eujdr%2FIdyKUA0t0Xrsk6lV0XCD1HZmtI3zcvrJzZVex7NYPzUo2rlzb0FsOjyJky4WlxDprnVbTaJHr1SjcT2InyIC7yR3GBx6cQU%2BB2HCsN5d4hvJciuQXeToyR9ji6w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da5aa1b4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
104.21.96.107200 OK 6.9 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 104.21.96.107:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash c1f2ed1d7320c7920bf0ea8b73657822
0d80247d3482ff92b5f8c3ee6c1eea3ba808877c
6b2069162ccec1dc23e84bb6387f6433c98c4e4c31f68e28c23c37b3b032548f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 6875
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 22 Feb 2022 18:53:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpGDIf6%2BIupptTW3VxNteXun2qm2Pho7VgfMJa7xUJ7np0ijMdIu%2BsnFgYOX%2BwHhBRBm1efynYzz51HS6rYH6d3vqTWFHWn0P8mW7cJ39%2B1KCmlJ1Cg0L%2BKmzGV3QmPpfLOhnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da5dd3b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4
104.21.96.107200 OK 1.5 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4
IP 104.21.96.107:0
File type HTML document, ASCII text, with very long lines (2861), with CRLF line terminators
Hash 4312bc5146570cdf364bc5bda00ac43b
9e6da60b963c179d195892d28cb0076cc2408175
5a68aa581b5145f6fefe3d7513453ad7774fecb29824d5e19cb96a3550f69c84
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 1499
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D9HfCg5ozht2y9GlLKdmYvrerUbhal%2FyZBZQXX7ZfI6bN2EOL6y97survmJ9tVk2LlW04FWdWAdnp%2BLHAO0zl4WHQz5cjC190S5L7vZBa2ZnwmB9Adim9MXZ5ytVPdKefFfAdg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da5d54b521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1
104.21.96.107200 OK 7.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1
IP 104.21.96.107:0
File type Unicode text, UTF-8 text, with very long lines (993), with CRLF line terminators
Hash 6bd15ea6197c8a63c797bfd997cefd8f
c90f69623a9fb0022255e7f3c0e5f03f88a207cf
0734d7822d77068802d4d4311cfc5b3ac2754715ab02d9c26d0d7108e81c1234
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 7080
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAfFMkjgyg1dly6ir13476vmi5bIa3QxrAA498dcp3sMXzbk1EFCSoBx8ZtiBREm4byJWlMj74eu195U1FVsiSVYAyOkqSQNxssDXod2lkxk89VFJBv2v5HnNPvfnbORWbLPBg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da88240b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4
104.21.96.107200 OK 4.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (12128), with no line terminators
Hash c62259d1e69ce9293c375ee58939707e
04de6eff4619781bd398113b551c5b2e233c0c1d
9901023777d6437c406e54b58b2ce1f6f5880ed2e063f2e5d61af4fb43864bc1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 4327
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxATAr079XjK%2Fc1zFXePWg9jIgsxhL78n3VQ%2F6DpfOzRYEPnCRwUk%2BtTmkHxjGWdsHZKypp%2FKB0QXw675pgVXT0H4SB%2FgJ0Zs342s4Pvucj70CsF09%2BlGdyvoILz3u7hABgKkA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da5a83b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4
104.21.96.107200 OK 695 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (1477), with no line terminators
Hash aeaa1eb85c0c2d2b78dc0e4cc3b0f095
72b8a1ee30e9fd03f57ca8749388a569978e889c
076bb1b76d8c984c533ea83978ad13f86e882e5360695c62d95e1d622d23b158
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 695
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yN1BMPDsAG5HWnYQ9g%2FFE8l2RRv54uizIGmlfGnWYhz7sssFcQOU7Ff8%2BE83FUJk4Iga1ufntIx9oSFAE63M879RMu676ePtmT%2B%2FrwXlN3ARdUb6jGNal5wGknQdTH2wpQNYPw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658da5d8eb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0
104.21.96.107200 OK 648 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0
IP 104.21.96.107:0
File type ASCII text, with very long lines (3242), with no line terminators
Hash d96ce374bc0c7d48b1867f4f5147f137
436a19ec96884f3bb3a1875f5d49a74c282957f8
dce82df98c8329089475f855383486e86bf565d6a9c94ab6e8ac4da38133cfc6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 648
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Wed, 25 May 2022 06:47:08 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rn%2FPWHJtb%2F0wUqXvJkxgAerej6CfdMdVHzhb%2FPLVDMqFRhuRbc55blpQwssC3XbIoI5vOBPYa%2FN1HJJVxltiRN%2FMWFO70%2BqvLvqxFN4LME3MxW3TtwOJFeBjV10LGf%2FS3tGLw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658daaafab4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2
104.21.96.107200 OK 4.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2
IP 104.21.96.107:0
File type ASCII text, with very long lines (18766), with no line terminators
Hash 3b2c2cc098446462c673c17bb8eb047e
b4759bc956d5228156661c0a070a924f37d603c6
139d243d917060ecef7c62c009f0c5b25108b1a0c44500191def878c6e16a8e3
GET /wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 4102
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oeWnPIcK6XLTQ1YRloill9XEPIbITFONJlNw2zQabPLRHxEtgp461QHD7g2HdCxydwH59O3Z592m4bp9w2qirPfc62ghZUuv7jpGcan72wR5YiqOfcuFeUegq6qBHJmCLefH4w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dabe5fb509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5
104.21.96.107200 OK 3.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with very long lines (8290)
Hash 7368e7edbf5688252c7b5fdfe6d9326a
371bb5b75c17bab71df34bf7f762da77f64a5dc8
8f3ca098da70fa299df307d7de699efdfbfca1b6ed203d28c0b00723e021549a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 3063
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Oy4RDs%2FmrDBwvE4b9EXRUF4IQdSPtVwxQ2HzUC35FdQOEC8XO%2FHUa5vZ%2B6oByV7p3HeKqU5AYcmde7xOhnBYAVmOsf842BKeGLDgs%2BUpsaFYTbeHj7KSrnKbb3QT57R%2FIMJKA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dabdfcb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5
104.21.96.107200 OK 46 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with very long lines (30308), with CRLF line terminators
Hash 87c158d89670e5e875d53707c300b1f5
844f2d64b9d9994d0e053aca50c43d7297611092
62aae3783f709a99bdd69f2e7b2168cf5d6fbc05794fd6bad46ad19234da0d23
GET /wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 45880
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1165Z6KaJiL1iphxLueAE9aqHJ7irlQBpG37ARDEIQRiUq3y5Mx1K4MDiXXO007Sk6gJOCRtRWmQylDrY%2FgW23NzZU8Q2bIyAQVYvupAkR6LiiVeqjc4BvAHwgLuY97sXq7JA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dab84f0b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/main.js?ver=8.2.5
104.21.96.107200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/main.js?ver=8.2.5
IP 104.21.96.107:0
Hash 13e66021bd3a785cb23639f508290ee4
2bd2b40710410385fba3bf362eb66c5c7d211f83
edf90b6dacb1a071fd2f71a3b30732e8c47e2ff92e90d4705cceee9ea4ecdb59
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/main.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 14586
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jnIMFUhlxSXjdxNPBkw5Xdb0mFINk6N2%2FYalnLM5wK4JfiKH1%2BhKc2simsMmiUrVh0Kqmc6%2FgHs6ikt3qkn0xd2JjEMSuOrQSBJWbF7G8DvsBCy0pPRuwhauABHkZx1uW626vA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dabad9b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/post-like.js?ver=8.2.5
104.21.96.107200 OK 466 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/post-like.js?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash fde8cb09844b8f739348bc1c6bad19e9
f8f2ff103d041a70a202027b0f41920a045e0aef
493ba874e134c918d825b016004a522fa8536693e425d8a5d28bc478ef58d669
GET /wp-content/themes/soledad/js/post-like.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:35 GMT
Content-Type: application/javascript
Content-Length: 466
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2FaHih7BTj2BRNu%2FLnz766419thSkrr6kak5iVoNbfzTRAgxfbTafdWQmzxf3A5B3odKXaElqx029H9mD1lWqWujooa1HaGxYsJrNY8ypQxzJrn2QiBAQzjMluhmMxnvCKMwhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dabe0cb50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3
104.21.96.107200 OK 523 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash d9e49a32cf1958b0643a7aa3190afe77
d364fe41df098023d6bc42c89b56d1fb1559783a
88afe18d49409b27abca58b06d0633786a115d64d03af297edd87a08a54d1f1e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 523
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wk4o6aCmdD5mwYt%2FccE05dOW1rDOeaWmlZlUhv%2BZdSWhQx7g9znOBfWFG5oxmwCHyf7mwZHanQwAvcRz%2Fi8TboiHpvViTjiFg7XKIKRtreHz6zs%2BEyyHvKNDcS%2Bu91HNKQR1qw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db18ce0b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5
104.21.96.107200 OK 2.2 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with CRLF line terminators
Hash 9796e76032102ee198e011ee824c221f
6ee4d1427f2103fc9bff9dd8e5fd828a31099616
e8c7fd3ff1e1cf4621f0dc63815734a326906fad682a02d56570aca2cc3ab8ef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 2185
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t9tyYNxvxe0vz0pN7ma8BdiVYnywZHQZ8IOWqbyryB2nIoIz9cdCYuj4BYKsJYp6atA20%2FcIyuoLfl%2B2HwtLoeYQit8yA4oIP9nCmItSEYKxSWNXCoiAU20mPSnEFuN6vPK%2BQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db1b5cb4f7-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43
104.21.96.107200 OK 40 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43
IP 104.21.96.107:0
File type ASCII text, with very long lines (2747), with CRLF line terminators
Hash a380c5711bb3c60c018356bdb7e9a10d
6722b86e697f6f4dc75426c588576cd630a514a6
b214b408823b809ae94d54c60bbe7d8a6768ba7324770c760adc029b6417d686
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 39896
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1E5VeCxOl5bMjxoec3pAyKifbMqATHFhod9Vas17IhYavPzEzGmLgMd4QKXbY%2BgoRtW%2BrHnfecav8xf9HbwXzxE9hU9xTg1QN4XBKgDW5EMjp5%2BQAmVh1wO8tqxLGwYpySKxUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db1ef6b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3
104.21.96.107200 OK 4.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3
IP 104.21.96.107:0
File type ASCII text, with very long lines (9050)
Hash d899fcbd438841752ccc3026e24e8785
fa71fba995d80a4d4d0d6c98332e3262d0d24f1f
e2f6e8f0c88caf9f4338fb5e81d009657f2055dbe60d2d60774583d441ceeada
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 4321
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4F4HvsFfRkDJDm2s2Jxi9f5zsqBhIOhcFNSdNL6kbZ3PieclozqmNS9mxgQ5ATRDPpKcLRIS7q3hMasS0Q37FMVtS1BvvIVGDtqYMUCRodxXykEPx3Tz85d2L1scdczQJwuQxw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db1e89b521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0
104.21.96.107200 OK 435 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0
IP 104.21.96.107:0
Hash d7151ece3c262e3a3b940b9daab8a517
5df757e96bc8178f811367b90aa762c85419d7fc
e72fd34148d8f9221205fef9db435bbe576678c69edddf474a63bc2d5b93afbf
GET /wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 435
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:13 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhgf2Ui%2F1TEzb6qB6zTdErcGib3qbHtKCtNiKc7JEQ6GtSPejr%2FykxkVrRdex78Xzc00g%2FAZVu3eE4p5hthPAHNwzsawKMF8tG1%2BUljNqcxOLgKjocCmW4tKXYN7498EpcihSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db1b3cb51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
104.21.96.107200 OK 2.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (8016), with no line terminators
Hash 023a09c7dea64bf4a30ccc3773a36381
60319e56baaac5c848de3dd13b1902433345c427
ff36c1dc57bb0b449ab07c62a5efbda1201af0039c4e0c0f696a105283e99f25
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 2817
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:42:56 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hs4nM7Bxf9Q4%2FhUDsdD9KRCYAwHmC11yoVWDxFAI7e0f3NYNwXYYm1xPVkcTcJJk4xC3nhb2rCFhM8OxlnjN7ewkiOXya5QeMl5xfKFxFg77DzQxKquOFZFEPtgK8SoNqdw5vg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db1e8ab50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/jquery.autocomplete.min.js?ver=8.2.5
104.21.96.107200 OK 4.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/jquery.autocomplete.min.js?ver=8.2.5
IP 104.21.96.107:0
File type ASCII text, with very long lines (13072)
Hash 9949e03922484a8e8414eb0af291e49d
c447429e2c96d986a7f98568821415465ae913f1
c20a4f8891670d9c6a81d37410c76f447a7ff4c054e9e8ada5d011f51b95c599
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/jquery.autocomplete.min.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 4273
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hPZJd3zOwSAER%2BRGbJJkN%2BZtFRcLVpcG7NDpiaV9PUm%2Bh1wlP%2Bk2q%2F01TZUIC99F5AX8ArQ7FHCVZzAuRKdhjsZ6boMxMqlDqmnLIBMghrQ0rshGVb0f4ucRWhlbDrPAz2rWfg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db18dc0b69-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4
104.21.96.107200 OK 473 B URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4
IP 104.21.96.107:0
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash a518daf269ea7166199f72596d3bcced
ea873832ee6b07d1970e1c55b22084a6118b618b
7b8abe07d078f2598c1002b2c3b08d2742f809a8eb37ac4cf96303e9b3a39031
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 473
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 04 Feb 2021 02:43:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DZNvlYix6elwVNv%2B7feVIptsPJNqHtzMIeTX5qY9YTVXtWp9Keh6xSGBr3aUiq9t9tWqA5q43lMU%2BoQLIx%2BIDk4KukApIoyzXdPnbbMMNoMdvOyTiStN4NYlTay1KTecwva6w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db5bb3b51e-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
104.21.96.107200 OK 39 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
IP 104.21.96.107:0
File type ASCII text, with very long lines (65266)
Hash ecb6a2daff6006632f7ccdce1979ff99
5c491e7ccbcc2ffae12af18013491bb9e728ff7a
dd3f904f4f676b70f017cf6a54027b8f7bc3988f57e6ab9dbc1b9c2816e2d5a7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 38785
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LismVxGdYdz5r9ufZFaIB%2BQRqVxzD7r8nbPIFAPyEch6sQheZhKxBHfVqs%2FNZKeeI3qRnOZ8831dmobqQCTnlwOGNdLCUjvqRlk56pQ2%2FNORc%2B%2FEvVl2ydD0d2P7wOTPkoSTSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db5f4cb509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4
104.21.96.107200 OK 543 B URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4
IP 104.21.96.107:0
File type ASCII text, with very long lines (1193), with no line terminators
Hash 5a207b116c35490c40998f4e126e3ab3
ea6c61ff9abdaadd0089afbde4fa065e6a68e34d
075c90ccad0f38671b0dc839c6476fadafb5bcc3c707e4da67c4e68df8ba0bb7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 543
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 04 Feb 2021 02:43:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dny52WiEu5AD7P1noEYQZpm3TPBBogTpkjkxPtfeqM8IzdOU8W9Mxe%2BWfyctS4ipmFiac23fO4Nqeo6ZbEB1jdLiaHOXryyKJSoPEzsqtplMvhzZKeAO2xE%2FB4W9NgRigO3NTg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db5eecb521-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16
104.21.96.107200 OK 2.3 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16
IP 104.21.96.107:0
File type ASCII text, with very long lines (6194)
Hash 84d4a97c02f7548b70852509c9c941bb
a62f329fb620cbbedf78575ba8ba2a246cf036b2
e88c405e7c4f7a2bfcbef6197f5c3c76463bec5f6c4f5698729165699658455f
GET /wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 2275
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ft%2Fj5Zklv0Nj%2FVVlHo5pmMfXOPvpFMhVlEg2BzjtuExhFwcNvHCMN2podshoesdhDAy%2BLyijJ01CqGgZmHPECgLIve3txCjjASfqrw4UxjHSiufloPdzQSCQ2t%2FR%2FGtYc6ISJA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db5ef6b50f-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5
104.21.96.107200 OK 1.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5
IP 104.21.96.107:0
Hash ede329c6eddc6340e3f4ec290fea51fa
ca2f9739beb26b84c7a8c7a94997224bc1485b94
6b6d8696f80caebddf5bac0daab51bc35257b6102d67c6620660ca3688815c31
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: application/javascript
Content-Length: 1909
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dNi7KWaeKh9O6KfaF6QCcghU7tLuzwYSLd32h6BFRFK4OkEz%2BAwYqdjdFN1Uve8ODaxkxdyhFw50e35PqYKVj%2FIrZXZtjd4up0kVG8Tg2WyM30pnFBRro2FaugseQT9nfQ8yg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658db5c0eb4f7-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb9bf29f1e0acaa7ac6d6566381370
dec1bea642dffbc11ebd6d65c94f87d6db95703a
b2bf22379151923244cbb9bd62499ded7b6f313a7db77914383bc1e704dd65de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 06 Sep 2022 15:58:36 GMT
Date: Tue, 06 Sep 2022 09:58:36 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 06 Sep 2022 15:58:36 GMT
Date: Tue, 06 Sep 2022 09:58:36 GMT
Connection: keep-alive
balletmagazine.ro/wp-content/uploads/2022/05/banner_with_photo_bir_2022.png
104.21.96.107200 OK 32 kB URL HTTP/2 balletmagazine.ro/wp-content/uploads/2022/05/banner_with_photo_bir_2022.png
IP 104.21.96.107:0
File type PNG image data, 544 x 78, 8-bit/color RGB, non-interlaced\012- data
Hash 355802b0ec21e6bc355f15d5174c352f
7243e8fa49266eafbc95c00d19b3aaf7337bda08
65d5ccbc84aaa05cc2ac6a6493d0ec8dd6ca4e69f971c8fe57cd14fc4ad4cad9
GET /wp-content/uploads/2022/05/banner_with_photo_bir_2022.png HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:36 GMT
content-type: image/png
content-length: 32264
cache-control: public, max-age=604800
expires: Mon, 12 Sep 2022 10:39:08 GMT
last-modified: Fri, 06 May 2022 16:55:03 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 83967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anjkf3epKhQwqGBsgVK6Oj5Lb83a%2BRZEJ5u0QDcxCnk4K6iZBFknFKTzW4FdtYvnJyU5OmfMLjawx7hyQAYIgfQutvfjT0x7D552qR0%2BJiV9jTp%2FJuL5J%2B3%2FIuZ%2Be7r8rskxAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658dbbf6ab50f-OSL
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg
104.21.96.107200 OK 174 kB URL HTTP/2 balletmagazine.ro/wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg
IP 104.21.96.107:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 2180x565, components 3\012- data
Size 174 kB (174391 bytes)
Hash 943deda40d55b8dd9d920e11cf021c48
dd24590e0e37956fbed06ddcb7dc321bc9412021
1361b55b00129985e89611e17714e78cff10aad3c0aa2502eeb1480d0bd27fe3
GET /wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:36 GMT
content-type: image/jpeg
content-length: 174391
cache-control: public, max-age=604800
expires: Mon, 12 Sep 2022 10:39:08 GMT
last-modified: Fri, 15 Nov 2019 11:57:49 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 83968
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWW%2F689%2BFNv2CPBmvwlOimYE0dfOkuAJRWX%2FQSJtlq4lJPgZ61GKc5qA6uOxnEoPuYB8uhIL%2B6tgxE523Oo%2BGZAgH%2FoS5mBZN7P9F5vUsqoPQ4aRT%2FSPY7D9%2BqRgN8YW2poDjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658dbbf72b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 76c6ad39ad355f829170427e9076311a
26a82c7dd26986900a4964464e43d9837dfef1f8
40c6ca74d92e002befb684bce24ba4714c260ba30918cc4e9a4bb02ed4f809dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 80f29cbbe260408ee1418a6fbce5a537
96cfe52bcf90cfdba5cba7907d49a91f44adc032
de264b42b7c59bdadf606387adaca04af680705a947096d048f288c3e5be8517
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-151068238-1
142.250.74.72200 OK 43 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-151068238-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash f29ea413319ab3034b454c4409d0546e
f8a939db72a792ac3108fd1721e50468b83df29a
ed195e9df8ae66967fe652dbc97001df546492bbb97cfd30e914d46e204a498e
GET /gtag/js?id=UA-151068238-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Sep 2022 09:58:36 GMT
expires: Tue, 06 Sep 2022 09:58:36 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42877
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f41565238dc856269109dcc30c34c535
28517f51eb3b6cd08981afbf878446d635430741
9e314961a8fca836481ea022db365cc463bcef3b5003c63ccece611b8ff77fe6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1
142.250.74.130404 Not Found 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
date: Mon, 05 Sep 2022 22:33:28 GMT
expires: Tue, 06 Sep 2022 22:33:28 GMT
cache-control: public, max-age=86400
content-type: text/html; charset=UTF-8
age: 41108
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Tue, 06 Sep 2022 15:58:36 GMT
Date: Tue, 06 Sep 2022 09:58:36 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb9bf29f1e0acaa7ac6d6566381370
dec1bea642dffbc11ebd6d65c94f87d6db95703a
b2bf22379151923244cbb9bd62499ded7b6f313a7db77914383bc1e704dd65de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5631
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Last-Modified: Tue, 06 Sep 2022 08:24:46 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 76c6ad39ad355f829170427e9076311a
26a82c7dd26986900a4964464e43d9837dfef1f8
40c6ca74d92e002befb684bce24ba4714c260ba30918cc4e9a4bb02ed4f809dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 80f29cbbe260408ee1418a6fbce5a537
96cfe52bcf90cfdba5cba7907d49a91f44adc032
de264b42b7c59bdadf606387adaca04af680705a947096d048f288c3e5be8517
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
104.21.96.107200 OK 77 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 104.21.96.107:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: font/woff2
Content-Length: 77160
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 8
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MhmkaMo1%2Brl9CB6A%2Fu711t2yKaAYs6FFs5RSdsD93Nc8x%2FHdwH0XsHWHjCkrygrLiDPzGJdYAaHFgzS%2FGt9RpZngU1qeMzzcCbT%2BB964jG3msuDLPcJtSsxOMiMWXNgd8oYfxg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746658dcd983b509-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/fonts/penciicon.ttf
104.21.96.107200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/fonts/penciicon.ttf
IP 104.21.96.107:0
File type TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt\012- data
Hash b3efaa7714447dfac01c728764336f55
b12c3af60a6615bb8313cb9f8392a8068a2673b8
8135e9b20effd8a4160927a19f3d94e70eac5e89ecdb20fb9d93ad4e8361b9fa
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:36 GMT
Content-Type: font/ttf
Content-Length: 20358
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z4maxz9dJk8bZddgGs8os%2BMPJlxUBUU91jm1GzwlxdkjYLKyGkSmSm0Vrpp7UaNmIetq0defwCm%2FHDI9x1JLwXClhNkmq0aZd5uHkHTHA4squZw6d5QLsbwHWjRuMhG%2Bc%2B9gOw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658dcda7d0b69-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 09:38:18 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 10:33:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IQuiph5nyKonsWPZq6C9OiKAzGy-jckKrpK-8giRAduSjqsDthkPqQ==
Age: 1218
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.paypal.com/en_US/i/scr/pixel.gif
151.101.1.21301 Moved Permanently 0 B URL HTTP/2 www.paypal.com/en_US/i/scr/pixel.gif
IP 151.101.1.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/i/scr/pixel.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
cache-control: max-age=0, no-cache, no-store, must-revalidate
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
paypal-debug-id: f82457835420f
set-cookie: ts=vreXpYrS%3D1757152716%26vteXpYrS%3D1662460116%26vr%3D123cc6011830a78878f2218dfdfe9f4f%26vt%3D123cc6011830a78878f2218dfdfe9f4e%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 05 Sep 2025 09:58:36 GMT; HttpOnly; Secure
ts_c=vr%3D123cc6011830a78878f2218dfdfe9f4f%26vt%3D123cc6011830a78878f2218dfdfe9f4e; Path=/; Domain=paypal.com; Expires=Fri, 05 Sep 2025 09:58:36 GMT; Secure
traceparent: 00-0000000000000000000f82457835420f-5ed8c079a5f92dae-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Tue, 06 Sep 2022 09:58:36 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4065-HHN, cache-bma1629-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1662458316.207538,VS0,VE158
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23948, version 1.0\012- data
Hash aeb92e524ca62170347fa63974605767
1e10bfbd720481e42035a5469d7ce8fc51d34aab
25475d82cc976fb2c71b15b3e416c22bf636dd247bbb268d312e7c076ec5b6e4
GET /s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:05:04 GMT
expires: Tue, 05 Sep 2023 21:05:04 GMT
cache-control: public, max-age=31536000
age: 46412
last-modified: Mon, 09 May 2022 19:47:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Hash b4a68b1e743ee317eaaf0bbadd131571
f24f7823d4e3830c7cfa5bcb33733d2897c00f13
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 06:06:20 GMT
expires: Fri, 01 Sep 2023 06:06:20 GMT
cache-control: public, max-age=31536000
age: 445936
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 45388, version 1.0\012- data
Hash 61b1bfc9c7b5d64ebfaa374a169cb0ed
cd7321bae6b67d4dedf713e76670ad178343b12f
3d7aa71c13df7631a188f23135f47496d5b01a8183a555679981f2217a8883b0
GET /s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45388
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:32:55 GMT
expires: Tue, 05 Sep 2023 21:32:55 GMT
cache-control: public, max-age=31536000
age: 44741
last-modified: Mon, 09 May 2022 19:47:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3293
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Last-Modified: Tue, 06 Sep 2022 09:03:43 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.163200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:58 GMT
expires: Thu, 31 Aug 2023 19:30:58 GMT
cache-control: public, max-age=31536000
age: 484058
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21916, version 1.0\012- data
Hash 4b63cb477ab7d5e6977a788100ae58d5
c6e58ffe35827e911091dfbe4447b9902406c9d0
b5bc6e295567ab6723e8b71b9cebbaf12239f9a94c804af09e57412ce70c3177
GET /s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21916
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 03:36:26 GMT
expires: Wed, 06 Sep 2023 03:36:26 GMT
cache-control: public, max-age=31536000
age: 22930
last-modified: Mon, 09 May 2022 19:18:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.163200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 484057
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12848, version 1.0\012- data
Hash f0b3206d02a2f684530117ce1d7e8ce0
f3708b707b65e241b0f1c819d5f7bf7da8412653
f31b80562610135edd91a86ec7f243c5eeaec2ec08337e6a20c2d135d8e217da
GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCuM73w5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12848
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 16:43:29 GMT
expires: Fri, 01 Sep 2023 16:43:29 GMT
cache-control: public, max-age=31536000
age: 407707
last-modified: Mon, 11 Jul 2022 18:56:00 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
142.250.74.163200 OK 46 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:13:12 GMT
expires: Tue, 05 Sep 2023 21:13:12 GMT
cache-control: public, max-age=31536000
age: 45924
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2
142.250.74.163200 OK 5.5 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5452, version 1.0\012- data
Hash a6ff41d10fa89e7f8fec937c243d7428
334853f61ceb1fb096818740cc62d5840fbbae46
5f9d6298f5edc6d2b57a6f3a30f87f1c93c84b7aad7c5e9bf9d3a2c9384403fa
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5452
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:38:00 GMT
expires: Thu, 31 Aug 2023 19:38:00 GMT
cache-control: public, max-age=31536000
age: 483636
last-modified: Wed, 27 Apr 2022 16:10:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/iframe_api?ver=1.0
142.250.74.142200 OK 31 kB URL HTTP/2 www.youtube.com/iframe_api?ver=1.0
IP 142.250.74.142:0
File type ASCII text, with very long lines (509)
Hash 0fdd17ccd1a9d4191ba6ad2d0bf7bbdc
aea2543ccd1c6e0f4dc08242d41663f32ff1c96a
4e9a967de4345bc3d6b7e3da172f5ade400304a25defc6a3d6bd615fdc4b5972
GET /iframe_api?ver=1.0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 06 Sep 2022 09:58:36 GMT
date: Tue, 06 Sep 2022 09:58:36 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=BTJyZzOhSjQ; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=Fn4Wq2AxZuc; Domain=.youtube.com; Expires=Sun, 05-Mar-2023 09:58:36 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+899; expires=Thu, 05-Sep-2024 09:58:36 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.paypalobjects.com/en_US/i/scr/pixel.gif
151.101.86.133200 OK 42 B URL HTTP/2 www.paypalobjects.com/en_US/i/scr/pixel.gif
IP 151.101.86.133:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash edea81b5233a30f7357cb50884370e4a
51a5c1a9d7328dd1651e0b9c98771c16f8c9d833
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
GET /en_US/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://balletmagazine.ro/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=3600
content-type: image/gif
dc: ccg11-origin-www-1.paypal.com
etag: "dNSbNMYiK1Q98dwxkre+GOK5+qX2pefyT9A/BaBsoeM"
fastly-io-info: ifsz=43 idim=1x1 ifmt=gif ofsz=42 odim=1x1 ofmt=gif
fastly-stats: io=1
paypal-debug-id: 3b332fe3ea371
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 09:58:36 GMT
x-served-by: cache-sjc10082-SJC, cache-bma1628-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 360
x-timer: S1662458317.593229,VS0,VE0
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 42
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.162.217.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.217.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I/5e7rjoG5mgCujcxPJU/Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lQ/3wow+hviulgIlLakmhPO25uM=
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 6923168491aa54aaab101c4d637cca6a
cc65c31f869372d95df37164a6836420e7e3f7ac
83fea217933d4496b062d396c31464762be9661e29e04b8e0ec7c36763861053
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 5fd24b2310451d423abcce1b8a6febc4
ETag: "1afe33e4987f0a1e8acd748b33e6e7bf"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Tue, 06 Sep 2022 10:00:37 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: aSMWhJGqVKqrEBxNY3zKag==
X-FB-Debug: FXSDHN7YgznhkiXL9cFPjIkS5ITRF+2rsK6YR5xQsxepJ675DJGnx7SFx09yV1a+XJnjDm1WedQUZU4VSaGkHQ==
X-FB-TRIP-ID: 1904183273
Date: Tue, 06 Sep 2022 09:58:37 GMT
Alt-Svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
Connection: keep-alive
Content-Length: 1686
follow.it/static/img/colored-logo.svg
104.26.0.52200 OK 62 kB URL HTTP/2 follow.it/static/img/colored-logo.svg
IP 104.26.0.52:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3885), with no line terminators
Hash 55399c19aa45b3ed0eaacf29e2979b58
137b6eb163eb7ad1453e3c4e0a87b0b4da815d66
23032489583a078a27cfb82c68a84c3b510e7c0a0fa9059b7da233513c80cf59
GET /static/img/colored-logo.svg HTTP/1.1
Host: follow.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:36 GMT
content-type: image/svg+xml
last-modified: Wed, 31 Aug 2022 04:03:14 GMT
etag: W/"630edd82-f2d"
x-frame-options: DENY
content-security-policy: frame-ancestors 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=600; includeSubdomains;
cache-control: max-age=14400
cf-cache-status: HIT
age: 1932
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Md3u46USUh%2BfA2TAZxOCy6ktqCZrF0U8SPVxDt5gI0K%2By%2FZxjCJbHx4fFnPJjq6rIqUQU6qaxQln6HbbAplbo5%2FvpipkoQE3EU5DDtYjXJjFPQIb5zcpMXKKHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658db1e8fb50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6075
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Last-Modified: Tue, 06 Sep 2022 08:17:22 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d
IP 31.13.72.12:0
File type ASCII text, with very long lines (13115)
Hash bfcc2b92a989765be5aaff8b6bf08066
96a9e74bd9764eca99d90de5cf9d185df7fc2e1b
7ee07c3b2e726d711f2dec1deed73263bbb82e871b9705f52e3b5ab3cc3bbeb4
GET /en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 761eaf39bc56b556c8b36ca4e766c5a2
etag: "a04612dd1212376d8663d565713f1c1d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 06 Sep 2023 09:04:28 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: v8wrkqmJdlvlqv+La/CAZg==
x-fb-debug: q2z1ApEbHAzq9WeKZNCjJG89Oc1GDtPuuKSNGIaHRGEfbzgRQm/lVfHGgusZT2ogw+jz8QPA853Z8gmpDcuDNQ==
priority: u=3,i
content-length: 86676
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 09:58:37 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6075
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Last-Modified: Tue, 06 Sep 2022 08:17:22 GMT
Server: ECS (ska/F71A)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
142.250.74.98200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 09a8bd805dba1307ae0bd76a0c9ca73d
bdc16e7610abae944da47ff3a0e5fea818241fb0
e3978f36e9c5f0b909ed64015db629e2c64b46e75d165c6d1d146fcb792cdbde
GET /pagead/html/r20220831/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4412
x-xss-protection: 0
date: Mon, 05 Sep 2022 23:39:48 GMT
expires: Mon, 19 Sep 2022 23:39:48 GMT
cache-control: public, max-age=1209600
age: 37129
etag: 8616628553774171045
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2daf90ca7ff3170c8ff9c94a049c8428
e98f05039236ff1602325ce7f5fbbcdc847eb474
1fc019e794628a930a136b133e637cc0b2ddb560a969159e5029ea396535f297
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2ccc4fa4f7710c25311b3e8221a62560
d2159746ef08cd3ee3c35d4b4613a592f80ccfed
148688576cbf8b818e40e016478a6ee4d929358742304efbd8c6df09df9b5d7f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2daf90ca7ff3170c8ff9c94a049c8428
e98f05039236ff1602325ce7f5fbbcdc847eb474
1fc019e794628a930a136b133e637cc0b2ddb560a969159e5029ea396535f297
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=balletmagazine.ro
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=balletmagazine.ro
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=balletmagazine.ro HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=balletmagazine.ro
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=balletmagazine.ro
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=balletmagazine.ro HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:37 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2ccc4fa4f7710c25311b3e8221a62560
d2159746ef08cd3ee3c35d4b4613a592f80ccfed
148688576cbf8b818e40e016478a6ee4d929358742304efbd8c6df09df9b5d7f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-includes/js/mediaelement/mejs-controls.svg
104.21.96.107200 OK 1.4 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mejs-controls.svg
IP 104.21.96.107:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4597)
Hash 42745442e709209482aeddcf29b64f1d
72d8097f85bd2e1694b445794055016f6b289540
938a2e54741f1a1589272df3c26a31b8a0ba524476ba4eebc2e3dcfff5970be4
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mejs-controls.svg HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Cookie: _ga_27Y6BLKFZW=GS1.1.1662458312.1.0.1662458312.0.0.0; _ga=GA1.2.1071428255.1662458312; _gid=GA1.2.1831582339.1662458312; _gat_gtag_UA_151068238_1=1; __gads=ID=abe3b967c759924c-223ffb1614ce00c0:T=1662458317:RT=1662458317:S=ALNI_Mb6by9faiwjhWZZcTBu6uSAkpZewA
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:37 GMT
Content-Type: image/svg+xml
Content-Length: 1400
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:30 GMT
last-modified: Tue, 01 Aug 2017 07:13:52 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 7
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5QaBNep%2F7wWGBLAM6h24hZC08DBZ5DyHC4ZtTTNAvj2zUkL%2BnujaGqSMqoPzrFE7lvx3QfCBscv2%2FxmnKAi%2BVHJvJRPKIP9Hj0ddRc2d9m9F4FBiDtua9J6InCxk1nqsRy9xw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658e688ffb509-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 12:31:58 GMT
expires: Sun, 03 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 249999
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e1449d2fb461603b9e1870ec82338bd
122379473791a4dcc90376188cc004e989c0df84
8f7c9913234f4be5e6055b0efa34df462484b961d60e4fb3a5ec1eb8d1c6072d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7514
Expires: Tue, 06 Sep 2022 12:03:52 GMT
Date: Tue, 06 Sep 2022 09:58:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7514
Expires: Tue, 06 Sep 2022 12:03:52 GMT
Date: Tue, 06 Sep 2022 09:58:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5540d72831e7e7b9fc287f92c48d9f5e
ec19429fa76d9ad47a0578734b011b530b79ebbf
bc27a44853fd17cf51d6bba0db58a755c75a309d9b0cbcd454dfc9d62785f72f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8134
x-amzn-requestid: 5f6027e8-842f-476a-85e5-cc8b848e4567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEoVIAMFuiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7095c29a04d2f5310b1b84c4;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Gf6IGDeM-y_nDO1C3m9xeyAJdkYRe2CN87Pi986A7B1qsjq5p9VkQw==
via: 1.1 d7782b26e589b8e1397d352f4daf0d58.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:41:25 GMT
age: 8233
etag: "ec19429fa76d9ad47a0578734b011b530b79ebbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400
142.250.74.10200 OK 13 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400
IP 142.250.74.10:0
Hash aa9933d8b73772db75aef6b7bb463624
55b27021a8ea2731ed9c8314ed077088a9abbaf1
f18e30db8af7007a8717b55bd6938e212dd66d17cf91839c85163e3bd17283f9
GET /css?family=Montserrat:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:35 GMT
date: Tue, 06 Sep 2022 09:58:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7514
Expires: Tue, 06 Sep 2022 12:03:52 GMT
Date: Tue, 06 Sep 2022 09:58:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d404793e430ea237e75be9cb1e2bce4
059b34d1809abedd223f7beec75e7831673878be
f180b1cdeb9a794ba3211348673783508d021aeaed419d782374be1a92a4c8dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9300
x-amzn-requestid: dc833608-6b16-4baa-af21-d3885043556c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWshHVxIAMFlGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-1710086818614ab247bcaf58;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sPkksSz3FIV3WcWpoY8E8UYKmUTE8LJ2lr5WO2JVNCGIuAvpPwYMYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:01:20 GMT
age: 43038
etag: "059b34d1809abedd223f7beec75e7831673878be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1977025203&cid=1071428255.1662458312&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458312&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1977025203&cid=1071428255.1662458312&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458312&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1977025203&cid=1071428255.1662458312&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458312&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://balletmagazine.ro
date: Tue, 06 Sep 2022 09:58:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c23179b2131543088771e3fa84ff231
ae50ae4aecd962b698c19f2863857b51cea7fcec
660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8OlwFzmUfQEPeP7pT-g5wRMq0I1jllBnRU0Nxk4kNkcVD_evLZYc7g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:17:51 GMT
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
content-type: image/jpeg
age: 42047
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7fe061740ad833cfe7ff0fe078d6810d
15d0fc3fdced758b5797361bae0fd53341e0581d
5409b6775bca5afd03901975c61c27f267efe2c8a8e739f05ebc52a938c5a368
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F022243d2-ac74-4a81-b31f-104b203bf550.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5459
x-amzn-requestid: a75bf8a5-dc96-4a88-9de5-b79d1d62ff21
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XxB_bFMFoAMFkEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631049fc-2685c90962d8af5f4a7b5908;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 05:58:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: YqgTII0TYwznz5DfHLFpfzTPh08akwJSWc3wIf-YpBgUrs84AYM2Yw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:45:54 GMT
age: 40364
etag: "15d0fc3fdced758b5797361bae0fd53341e0581d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3fe4a321dcd6a94a637a528d74f9321a
3f3aad2cc71226b39549db1a9baa6837d4f1d897
a19b6749429e8ecaeac8fc0849abc4d891bfc628489762b1619a3ee3064536e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12573
x-amzn-requestid: 92e03b26-883b-41e2-9033-379a6d02210c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYCdGy8oAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d42-1c4ea2f74b796623574bde87;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: u1hKGB5UKEuuIVqcQ_Lx5wfBjy_hB32Jnp7_mDnF2BrsN4a6Mj_WJQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:46:16 GMT
etag: "3f3aad2cc71226b39549db1a9baa6837d4f1d897"
content-type: image/jpeg
age: 43942
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 31abc7fe976dbf9a68d45fb57e0c86c5
a1f6f5404850df3149a769dc685f5c795bc08435
0859eece0557d6b1b48ed8f04c2eb55bdc2ca3fb4633e52a193b206fdefbb5d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
216.58.207.230200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 216.58.207.230:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:44:23 GMT
expires: Tue, 06 Sep 2022 09:59:23 GMT
cache-control: public, max-age=900
age: 855
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 31abc7fe976dbf9a68d45fb57e0c86c5
a1f6f5404850df3149a769dc685f5c795bc08435
0859eece0557d6b1b48ed8f04c2eb55bdc2ca3fb4633e52a193b206fdefbb5d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8b3fc7b78a1c498440023dbb6004e984
688d8686e183a4e84577e0f70550350622796e2e
ac1f7b3d1c5bfc1888f50aa3a8e0498c11f7cce672e6de5c048bf31d4d3370c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8b3fc7b78a1c498440023dbb6004e984
688d8686e183a4e84577e0f70550350622796e2e
ac1f7b3d1c5bfc1888f50aa3a8e0498c11f7cce672e6de5c048bf31d4d3370c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 06 Sep 2022 09:58:38 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3df811ac19fde08f49ef246c29cef161
e1c8d54b357adaf32e80427028cc884fa35959e0
e2749178e0bf0c4045a96388a58029ddd92d13a866021737864cd68e11317292
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36079)
Hash 72692ad1b05fd9a02ff85f1c3ca30a46
520a2098d9be492a862bab96f6653393205e00e9
1c17c960446cf9498b1f6703a553a7e59f005816bb9991b97c5718524c5fa4d5
GET /js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14243
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 05:03:20 GMT
expires: Thu, 31 Aug 2023 05:03:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 29 Aug 2022 11:00:00 GMT
content-type: text/javascript
age: 536118
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash a0ac2753025e4d313f922a95f02bfebc
851a4c794920ba072414f8f385d695b5ceb1bfaa
dc0cc3c5dd555d383c061f79187127ac2f62902f19de8eaf4a3a8b6a96694b0c
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:38 GMT
server: ESF
cache-control: private
content-length: 30593
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 340 kB IP 142.250.74.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (57275)
Size 340 kB (340085 bytes)
Hash 38ff7ccce3f7569f9103be302886cf41
f23b4d3aa404931165154be45bcbc6309e0abeb4
661fc2977ed93756d10f03dc08cfbcd421d4e39de0c6568d03759ec2731b9f7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 982044cca5f664004f3f5acc3f7e4df9
980ca862cb773284f743959ed25b192d79aa7451
729a17e21e378f4e2ef50157a360eb70b82cc9270c46c9868b3469ed2fae2420
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash f761dc4252286ad6a1d0cb71ce235699
5d7e56e13f4ba9b069dad5c4b9035d038b6fa7be
049247d36e58ea4c00e51cdd3249c07d9a2ec35a86600f23b3da8c781fc2b91a
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:39 GMT
server: ESF
cache-control: private
content-length: 30623
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
i.ytimg.com/vi_webp/5wr7w9cVaTg/sddefault.webp
142.250.74.150200 OK 28 kB URL HTTP/2 i.ytimg.com/vi_webp/5wr7w9cVaTg/sddefault.webp
IP 142.250.74.150:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 043e9d37b61ea12916479c50e252d5a1
b868edebd3bcf3ddbf66779b2ad854a4d94e15d5
4879f3ea5416b011514a73f21000075f24a91ed9c68a46c8ccb52a80861bdab5
GET /vi_webp/5wr7w9cVaTg/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 28314
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:58:31 GMT
expires: Tue, 06 Sep 2022 11:58:31 GMT
cache-control: public, max-age=7200
age: 8
etag: "0"
content-type: image/webp
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 982044cca5f664004f3f5acc3f7e4df9
980ca862cb773284f743959ed25b192d79aa7451
729a17e21e378f4e2ef50157a360eb70b82cc9270c46c9868b3469ed2fae2420
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash b8e14a8d677e85b2dc6819baa8b06794
1419c7b49d10a5be1432bdfee3ffd87c43668a32
284c2a8461549bbc3d82618cd9826d50e0dbfec8a67c17769ce3d7aa147abd02
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:39 GMT
server: ESF
cache-control: private
content-length: 30685
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 092ab48a58576cf5228f75ca8e05deaf
2e79d46dc0bc28519be8133b7c56eef7486fe40d
0d6abd69dcba207deff031972ab6d68e283a4e6f702689bbe7a529f0bb9d1552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.5 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 4ca1e6b324714d1fea5334a9de625303
4722b513dc3cd0dfeac2d78b9d45e312ce198813
449a988197823b0499177ac871c4ad0d7188a09327cd623ec7a4a3ef3a4c84e1
GET /ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 3547
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:58:31 GMT
expires: Tue, 06 Sep 2022 22:11:58 GMT
cache-control: public, max-age=86400, no-transform
age: 8
etag: "v42"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 092ab48a58576cf5228f75ca8e05deaf
2e79d46dc0bc28519be8133b7c56eef7486fe40d
0d6abd69dcba207deff031972ab6d68e283a4e6f702689bbe7a529f0bb9d1552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&gjid=1647086828&_gid=1831582339.1662458312&_u=YCDACUAABAAAAC~&z=929223884
142.251.1.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&gjid=1647086828&_gid=1831582339.1662458312&_u=YCDACUAABAAAAC~&z=929223884
IP 142.251.1.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&gjid=1647086828&_gid=1831582339.1662458312&_u=YCDACUAABAAAAC~&z=929223884 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://balletmagazine.ro
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 06 Sep 2022 09:58:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 282e30bb1ff2decb700d84bebff341b5
17041adbfb3fd69fbf47f1a86e0816cdd2274a40
3a71f5e28f466482b547f62fbfa8cdc07f64a79fcf57ca56e0c854576ff7bbaa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 06 Sep 2022 09:58:39 GMT
expires: Tue, 06 Sep 2022 09:58:39 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&_u=YCDACUAABAAAAC~&z=1302459207
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&_u=YCDACUAABAAAAC~&z=1302459207
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=1071428255.1662458312&jid=173255872&_u=YCDACUAABAAAAC~&z=1302459207 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 09:58:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Montserrat:700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:700
IP 142.250.74.10:0
GET /css?family=Montserrat:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:35 GMT
date: Tue, 06 Sep 2022 09:58:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 0 B IP 142.250.74.3:0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4
IP 142.250.74.10:0
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:35 GMT
date: Tue, 06 Sep 2022 09:58:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2