Overview

URL inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
IP89.42.218.85
ASNROMARG SRL
Location Romania
Report completed2022-06-17 06:21:06 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Added / Verified Severity Host Comment
2022-06-17 2 inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/con (...) Phishing
2022-06-17 2 inchiriereelicoptere.ro/wp-content/plugins/cherry-plugin-1.2.8.2/lib/js/Fle (...) Phishing
2022-06-17 2 inchiriereelicoptere.ro/wp-includes/css/dist/block-library/style.min.css?ve (...) Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (11)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
[Mnemonic Passive DNS] content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-06-17 05:22:13 UTC 54.230.111.64
[Mnemonic Passive DNS] contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
[Mnemonic Passive DNS] inchiriereelicoptere.ro (12) 0 2019-08-18 17:49:11 UTC 2022-05-06 19:01:03 UTC 89.42.218.85 Unknown ranking
[Mnemonic Passive DNS] ocsp.pki.goog (5) 175 2017-06-14 07:23:31 UTC 2022-06-16 04:54:14 UTC 142.250.74.3
[Mnemonic Passive DNS] img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-06-17 04:12:25 UTC 34.120.237.76
[Mnemonic Passive DNS] firefox.settings.services.mozilla.com (2) 867 2016-03-17 08:25:01 UTC 2020-05-25 20:01:47 UTC 54.230.111.7
[Mnemonic Passive DNS] r3.o.lencr.org (2) 344 2020-12-02 08:52:13 UTC 2022-06-17 05:00:16 UTC 23.36.77.32
[Mnemonic Passive DNS] fonts.googleapis.com (2) 8877 2017-01-30 04:59:43 UTC 2019-10-16 05:12:41 UTC 216.58.211.10
[Mnemonic Passive DNS] fonts.gstatic.com (3) 0 2017-01-30 04:59:51 UTC 2022-06-16 04:54:19 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
[Mnemonic Passive DNS] ocsp.digicert.com (1) 86 2012-11-29 12:49:49 UTC 2022-06-17 06:00:52 UTC 93.184.220.29
[Mnemonic Passive DNS] maps.googleapis.com (2) 33876 2017-01-30 05:00:19 UTC 2022-06-04 21:16:56 UTC 142.250.74.106


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 89.42.218.85

Date UQ / IDS / BL URL IP
2022-08-01 09:41:14 +0000
0 - 0 - 3 www.jckfirs.punctulcentral.org/ 89.42.218.85
2022-07-12 05:17:12 +0000
0 - 0 - 3 www.jckfirs.punctulcentral.org/ 89.42.218.85
2022-07-09 01:56:50 +0000
0 - 0 - 3 jckfirs.punctulcentral.org/ 89.42.218.85
2022-07-02 20:49:20 +0000
0 - 0 - 3 www.jckfirs.punctulcentral.org/ 89.42.218.85
2022-06-22 14:12:06 +0000
0 - 0 - 13 www.prolexis.ro/_cgi/authen 89.42.218.85
2022-06-02 07:41:40 +0000
0 - 0 - 2 comsid.ro/cd/Doc/ 89.42.218.85

Last 10 reports on ASN: ROMARG SRL

Date UQ / IDS / BL URL IP
2022-08-14 18:11:36 +0000
0 - 0 - 2 turismtimis.ro/a-quas/documents.zip 89.42.218.164
2022-08-14 13:51:04 +0000
0 - 0 - 19 farmacia-organika.ro/doc/bME/o3Y/j3S/LR3cf33.zip 89.39.83.31
2022-08-14 13:35:04 +0000
0 - 0 - 1 db.vnc.ro/ 89.39.246.44
2022-08-14 07:11:35 +0000
0 - 0 - 1 actualitatea-crestina.ro/laudantium-reiciendi (...) 89.42.218.232
2022-08-14 06:32:21 +0000
0 - 0 - 1 louloucuisine.com/eligendi-soluta/documents.zip 89.42.218.94
2022-08-14 06:28:57 +0000
0 - 0 - 1 metalline.ro/sint-eveniet/documents.zip 89.42.218.72
2022-08-14 06:28:48 +0000
0 - 0 - 1 vladimirghika.ro/et-dolor/documents.zip 89.42.218.232
2022-08-14 06:27:19 +0000
0 - 0 - 1 rdrcollect.ro/ad-sunt/documents.zip 89.42.218.226
2022-08-14 05:57:34 +0000
0 - 0 - 1 biserica-izvorul-tamaduirii.ro/files/ 89.47.53.119
2022-08-14 02:52:17 +0000
0 - 0 - 11 db.vnc.ro/wp-includes/nanhan/ewtelekom/authen 89.39.246.44

No other reports on domain: inchiriereelicoptere.ro



JavaScript

Executed Scripts (31)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (37)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Backoff, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 17 Jun 2022 06:17:24 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gicXmOYeO3FiTksvo3LGjqcAQQD44luMuDIgoHKee_edxenN5g3OQw==
Age: 207


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    91dd975a7b17b2922dd23c0e49314e40
Sha1:   57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
Sha256: 09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "F7449D747B3C17B6AF8E1F057D563EE3B5833BE3C3BB77155DECB7AC5F3CC950"
Last-Modified: Thu, 16 Jun 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2385
Expires: Fri, 17 Jun 2022 07:00:36 GMT
Date: Fri, 17 Jun 2022 06:20:51 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-06-30-19-51-38.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.64
HTTP/2 200 OK
                                        
content-type: binary/octet-stream
content-length: 5348
date: Fri, 17 Jun 2022 02:10:50 GMT
last-modified: Wed, 11 May 2022 19:51:39 GMT
etag: "48ca0beea419a9039591cf1aee5179e0"
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OLoSCVFOKpq5b5br6C2XyEmNbAm1mTJFK0FBOC84wbhBJFna3UcHgQ==
age: 15001
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    48ca0beea419a9039591cf1aee5179e0
Sha1:   9e92629f505fcc07aab51221e8fe62197a23e307
Sha256: 630a5f110337b4a4876aa85c21107d9e8f2550bcc60f023a4777d895b17399fd
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
                                        
server: nginx
date: Fri, 17 Jun 2022 06:20:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         89.42.218.85
HTTP/1.1 301 Moved Permanently
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
location: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
content-length: 0
date: Fri, 17 Jun 2022 06:20:51 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Expires, Content-Length, Retry-After, Last-Modified, ETag, Backoff, Cache-Control, Alert, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 17 Jun 2022 05:49:19 GMT
Cache-Control: max-age=3600
Expires: Fri, 17 Jun 2022 06:17:12 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bYwPo20rCH6_N7qxKndczAVcxyAJoQqoDeK3a6b-vVFG9en24nss8w==
Age: 1893


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4678
Cache-Control: 'max-age=158059'
Date: Fri, 17 Jun 2022 06:20:52 GMT
Last-Modified: Fri, 17 Jun 2022 05:02:54 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /wp-content/themes/theme47005/bootstrap/css/bootstrap.css HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Thu, 23 Jan 2020 13:44:18 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 15214
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (568)
Size:   15214
Md5:    8ac1942acfaa82486089d2cd19fc11a9
Sha1:   195715f3ff0480096e69b0fc6eb31a38c1a7ae81
Sha256: 5f3c3ba87818cc32bea49474e4836a75f49a68635c662dab41d304a6cb1389fb
                                        
                                            GET /wp-content/themes/theme47005/bootstrap/css/responsive.css HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Mon, 13 Oct 2014 18:30:48 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 3797
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   3797
Md5:    b65f3ae292f7fdb23a6118f2da372c47
Sha1:   d29a4742dad35cecf7e4458472a1515e653b2daf
Sha256: db6f7a69ae45328eba52dc56f5b4399e9e260b3ae74eac83304b3ae536db412d
                                        
                                            GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Sun, 28 Jun 2015 18:47:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 2703
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   2703
Md5:    7d9d3af20fc0d59773249c56bf658507
Sha1:   12c948698f0f760edb4c91258ca8649f7395bc50
Sha256: 89a66f08415a84b349c0d4f70747e95206d9a9e1a5a33ca8176320ec8b7f5f5a
                                        
                                            GET /wp-content/plugins/cherry-plugin-1.2.8.2/lib/js/FlexSlider/flexslider.css?ver=2.2.0 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 08:02:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1573
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (445)
Size:   1573
Md5:    6157e0c1fd584a227f71a9191566b054
Sha1:   1167d5619b8bc9b8c1cab0229f30798a36785b80
Sha256: 83903e65cbac27b50ef991897d6e0a16f7833ac9ba884bf909bccd61573dd23d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/theme47005/style.css HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Sun, 28 Sep 2014 12:24:28 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 185
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   185
Md5:    af65534f5e94e114c7f6dca9d38bc4d7
Sha1:   713eac9b0411e272ad75dc72483721cb621e9840
Sha256: fa005c3e8e715f21e4b78e9a3c43df084773bf34f0a36d7aafb094ac83ffd85f
                                        
                                            GET /wp-content/plugins/cherry-plugin-1.2.8.2/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 08:02:09 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1037
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1037
Md5:    ca79486d1533f9e524d3f9e7074b1b0e
Sha1:   017fa80cf344721453c6e5049d868568c51d20b1
Sha256: 04762abf0a71d6e82bf9ce5201b71bbbe6ea57ec9c2440a5cb2124ed95f2bf4c
                                        
                                            GET /wp-content/plugins/cherry-plugin-1.2.8.2/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 08:02:10 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 532
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   532
Md5:    36a329192f7f7532a2e53be5613d4808
Sha1:   58d29ea258c1dfb8305457d2d4b5e2fcd5882296
Sha256: 0e903f52a8f6f208d0f01fba3f9ddaa09f2925ce19f736e7604efaf4b7955888
                                        
                                            GET /wp-content/plugins/cherry-plugin-1.2.8.2/includes/css/cherry-plugin.css?ver=1.2.8.2 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Wed, 08 Dec 2021 08:02:04 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 5518
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5518
Md5:    3c1c743af3b6eb243565ecff78d8cbee
Sha1:   6df0c523c9dcb384b3d0baf6ebcfdf96ccdbe554
Sha256: 508fef33bfed62bb4d61a0f6b5ca50665946376dd95792013d28beb3dbc84b50
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=4b8991001f63a3009365e846dd365513 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Wed, 25 May 2022 06:32:35 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 10929
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   10929
Md5:    5013de2f619b68401f195339ff13d4b3
Sha1:   79ec290146ea0b1b99dc978a327340f59c9cd24a
Sha256: 1ce4091af50157c7abe3be7a9cb84fad758581015db47102f149deb4625fcddf

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/theme47005/main-style.css HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Thu, 23 Jan 2020 13:44:19 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 4417
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (340)
Size:   4417
Md5:    d395112db748962d25a697444c5b1ce0
Sha1:   0c19f47673137c7ec8bf4fee250317f76b73feab
Sha256: 95ec7524baf9c2a401e01cc95fb11422fb571798037b7777187da950861a0e3e
                                        
                                            GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1 
Host: inchiriereelicoptere.ro
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/wp-content/plugins/formcraft/file-upload/server/content/files/1608e0eee884f6---17776505003.pdf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         89.42.218.85
HTTP/2 200 OK
                                        
cache-control: public, max-age=604800
expires: Fri, 24 Jun 2022 06:20:52 GMT
content-type: text/css
last-modified: Sun, 28 Jun 2015 18:47:54 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1998
date: Fri, 17 Jun 2022 06:20:52 GMT
server: LiteSpeed
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1998
Md5:    ee000f4568e28b9b2d7fe648990d96ab
Sha1:   fbb4cb6faf62b505dc95c4c5c628d954cd0f1045
Sha256: 8e832f40e54e24b1425a1c05d72d1f6b7fc09884955847c4fd0224dc068d1047
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 06:20:52 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 06:20:52 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /maps/api/js?v=3&signed_in=false&key&ver=4b8991001f63a3009365e846dd365513 HTTP/1.1 
Host: maps.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.106
HTTP/2 200 OK
                                        
content-type: text/javascript; charset=UTF-8
date: Fri, 17 Jun 2022 06:20:52 GMT
expires: Fri, 17 Jun 2022 06:50:52 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: mafe
content-length: 52964
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=10
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2417)
Size:   52964
Md5:    28563f3d6d1017c95835c0a1ab4a4836
Sha1:   7e3a8c3b1e9b5ec89dd53f4333723b735e828b27
Sha256: 6cd754dddd3e6cc303d61320ce0a951e5db0d5b04006b1bfb0a3ec073b39be98
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 06:20:52 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=PT+Sans:700,400 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.211.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Jun 2022 06:20:52 GMT
date: Fri, 17 Jun 2022 06:20:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 06:20:53 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/ptsans/v17/jizaRExUiTo99u79D0KExQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://inchiriereelicoptere.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45300
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Jun 2022 19:27:53 GMT
expires: Thu, 15 Jun 2023 19:27:53 GMT
cache-control: public, max-age=31536000
age: 125580
last-modified: Wed, 27 Apr 2022 16:11:08 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 45300, version 1.0\012- data
Size:   45300
Md5:    5fe660c3a23b871807b0e1d3ee973d23
Sha1:   62a9dd423b30b6ee3ab3dd40d573545d579af10a
Sha256: e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
                                        
                                            GET /s/racingsansone/v13/sykr-yRtm7EvTrXNxkv5jfKKyDCAKHDn.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://inchiriereelicoptere.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21808
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Jun 2022 23:44:57 GMT
expires: Thu, 15 Jun 2023 23:44:57 GMT
cache-control: public, max-age=31536000
age: 110156
last-modified: Wed, 27 Apr 2022 16:30:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 21808, version 1.0\012- data
Size:   21808
Md5:    7310cea5631533dd1d4de6f53a35ee44
Sha1:   834e4ad53f2574b4fd9ee7af4a6c8f5f5f8f585b
Sha256: ff62fbe5cd16b3b5530b055525079a7e4348d4295f8262e52546ec154bdcc8b7
                                        
                                            GET /s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://inchiriereelicoptere.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.163
HTTP/2 200 OK
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47048
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 15 Jun 2022 19:27:53 GMT
expires: Thu, 15 Jun 2023 19:27:53 GMT
cache-control: public, max-age=31536000
age: 125580
last-modified: Wed, 27 Apr 2022 16:55:54 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 47048, version 1.0\012- data
Size:   47048
Md5:    87a1556b696ae2cb1a726bd8c4584a2f
Sha1:   1be0f6f39e0cf316f9827f945eeeaef8294cc37b
Sha256: 141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 17 Jun 2022 06:20:53 GMT
Cache-Control: public, max-age=18000
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /css?family=Racing+Sans+One HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         216.58.211.10
HTTP/2 200 OK
                                        
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 17 Jun 2022 06:20:52 GMT
date: Fri, 17 Jun 2022 06:20:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   6658
Md5:    ca97ed153c539f2751d9113811f898e3
Sha1:   a84ed29b2fa9f4f77998df81e530e87e0edf17b1
Sha256: 91e9bd47f0aa3ce7801fe92ad546eb468adec8ad3ea88c07f5d271e6150dd99d
                                        
                                            GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1 
Host: maps.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://inchiriereelicoptere.ro
Connection: keep-alive
Referer: https://inchiriereelicoptere.ro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.106
HTTP/2 200 OK
                                        
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 17 Jun 2022 06:20:53 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://inchiriereelicoptere.ro
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   23
Md5:    e3981ca10169a319d5aa062bf43a5fa1
Sha1:   2c6ed584767b65688ce99b1ebe1a3b7448a67421
Sha256: 8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB5C47750CC94CF64FD493FB2AFBECF9465339D271763D045556E55840F067C3"
Last-Modified: Thu, 16 Jun 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2639
Expires: Fri, 17 Jun 2022 07:04:53 GMT
Date: Fri, 17 Jun 2022 06:20:54 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16c02755-d0a3-410c-9ac5-688e311ac855.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 4694
x-amzn-requestid: 2358f5dc-c14b-4212-aee7-ab9876cf6e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TydTKG4xIAMFc9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62aa75ad-4ea51e2e45fd67012aedea41;Sampled=0
x-amzn-remapped-date: Thu, 16 Jun 2022 00:13:33 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BKLCQi1GfUh_CkNghNcq57TuLuJ2NZNY5HH2GX5Yz4fFlfKZ3xLbMQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 02:17:55 GMT
age: 14579
etag: "9fe947f6645a4f3488ac2c65ffc1ec0a0cfa22f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4694
Md5:    d9332c69bb8b283d0485438b715f9b3a
Sha1:   9fe947f6645a4f3488ac2c65ffc1ec0a0cfa22f8
Sha256: 355014755aa11af1a0ffb044ce488ad0290b59b8343070dd6d23556d6705a7d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feec7edf3-0bf6-4d2d-8af7-e0e0fdaa0f8d.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 9165
x-amzn-requestid: 554f8f1c-7268-48ac-9508-7fd604c5dce7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: T1vbgHAKIAMFWxA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62abc5e3-652b12e842876d2e4b30f884;Sampled=0
x-amzn-remapped-date: Fri, 17 Jun 2022 00:08:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: RgvJqcbV4gLB_0zHfAz-vCGj-1YS57wzDr79ltGxGavP7WitOIeWUA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 00:23:27 GMT
age: 21447
etag: "0bbb59d45628de8ba0c7ca2a1abe0ba5b7e23e87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9165
Md5:    7fcdcfb815eede56737edb6082ddd3e0
Sha1:   0bbb59d45628de8ba0c7ca2a1abe0ba5b7e23e87
Sha256: 0c45b0f0c417cd2f6ecbc5c25d38ff32bbbb605b06846e95ffc6cd23303a7cf5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facc2579a-4dc1-44c2-8c91-85192f952284.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6619
x-amzn-requestid: 470edb78-c474-4199-b246-b5f3035cfe75
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Tr2aPEwgIAMFegQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62a7d10e-4ca5f03b09ffaa20052ad232;Sampled=0
x-amzn-remapped-date: Tue, 14 Jun 2022 00:06:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: lknBIWKZzR1XlAjF-MLtGpKI8FkznAWYrEnbhMPwANmG7PSG0orMQg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 16 Jun 2022 13:21:04 GMT
age: 61190
etag: "82e19b95c27b5ce6213e68d2dd24cb6639476d40"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6619
Md5:    34dc805e546491654e8a39ebb0662c58
Sha1:   82e19b95c27b5ce6213e68d2dd24cb6639476d40
Sha256: cb2b2d1031adb1ca257c3bdeb6c5038bdc9e023c673a902654ee30c08f382649
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ffb99a8-7b85-4b24-8e82-63e595b69b0c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 7786
x-amzn-requestid: aa2db05d-e904-4c96-b7d0-b44c3145657a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TDOnSEW_oAMFsyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62979161-0a0caccd4e99be5133cc415f;Sampled=0
x-amzn-remapped-date: Wed, 01 Jun 2022 16:18:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YUBrnDfRGuR8KZSP6TJwBOBFAXNN9XJzJ-aBBnQS7GRm7Y-vZTE0SA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 00:13:11 GMT
age: 22063
etag: "395527898e2aeae658230fd130ee3e0eec0364b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7786
Md5:    dfb76c7ed297589b1383c25342a2d444
Sha1:   395527898e2aeae658230fd130ee3e0eec0364b5
Sha256: 64c44fe63a48fbb36b3fd02e8f7761c4b353cb0e646d679b55da114fb61fdb30
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b5c97d-0a58-4834-a7d8-035b931ead37.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 5869
x-amzn-requestid: 84fd2b6e-cb1f-4502-abf3-a2c7e3f56f1d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: T1vbfHAaIAMF2mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-62abc5e2-5c89f9871440a8324fe7cc72;Sampled=0
x-amzn-remapped-date: Fri, 17 Jun 2022 00:08:03 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: h_2KG-Qbg30GKvxH3Qrb1HyJeEmC4QbgiDn4-918LZh8y4sBYyuUPA==
via: 1.1 3c974a460e97e56c6eb1e6a30797d9d6.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 00:23:29 GMT
age: 21445
etag: "e7862b8e354d515fbcba197c671e5642085b948c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5869
Md5:    93a491d5e815a0fdadb2fe42470de96c
Sha1:   e7862b8e354d515fbcba197c671e5642085b948c
Sha256: 58aaa9b304e2b19b0117c91b06624ea5f25827787ff7165d37e754ed8d2f679a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18147d64-0c7d-41a5-a71d-4fd56bdffb30.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
                                        
server: nginx
content-length: 6494
x-amzn-requestid: 1f265257-d385-415c-b40b-dd18a955daeb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: TYEKvHGVoAMFVRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-629fe711-19765e96179848215c6adff8;Sampled=0
x-amzn-remapped-date: Wed, 08 Jun 2022 00:02:25 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: PrjaiQ3Cx19Mm2D9He0E2WbqWPYSr_qulVf72Q6SGww3l7yhKwUjsQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 17 Jun 2022 05:14:02 GMT
age: 4012
etag: "ebec170a01f95e4d9e3f5f267b98b94e0f19ea3f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6494
Md5:    0767f0942ece4b6415612e1507b068b8
Sha1:   ebec170a01f95e4d9e3f5f267b98b94e0f19ea3f
Sha256: d474a427df51baea04868e284f79c7af709173d80caef39b1d8cbdd1cb7761f9