r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6437
Expires: Tue, 06 Sep 2022 11:45:44 GMT
Date: Tue, 06 Sep 2022 09:58:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 09:12:29 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FLwtBwbQIr1rUeKziHAfZivOoO3XGyaDAS1bBjefKHWfpZzP_YfyVQ==
Age: 2758
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: KjQsy7uH7Afo7X9xqGKeAYCivDaA3xnEBkZbz-kM9vUPYONkxn_HrA==
age: 31390
X-Firefox-Spdy: h2
balletmagazine.ro/
172.67.176.225200 OK 48 kB IP 172.67.176.225:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30466), with CRLF, LF line terminators
Hash 38a5667a8cc3f62f7826f17a5d73b40f
f65d6b58b1e438fcabfcc813c368aa60df95800d
0fb64a7f1d022950adee7006f9b650f6082b8977612c341af28fc5008bf9de90
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
link: <https://balletmagazine.ro/wp-json/>; rel="https://api.w.org/"
x-litespeed-cache: hit
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JnGndfPKBNCSctKftcIn7yb2%2Fqy0uF%2FXjGS4dj%2Bg8%2FfmNS6Ky0rTFtnVr9AY%2B4kvC%2FsXfZOsRdwjtxuCyJ6%2Ffz7rPQT1S377eV7VoZy4o7pD1Fr0wNhEy9uA3GFuY%2BRuCNA2%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a3b9c10af6-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?family=Oswald%3A400&display=swap&ver=5.9.4
142.250.74.10200 OK 508 B URL HTTP/1.1 fonts.googleapis.com/css?family=Oswald%3A400&display=swap&ver=5.9.4
IP 142.250.74.10:0
Hash 0fad5706604122b2d564f96aa8737e34
e5b3356ff94569474daef87acc92e71fe26daa88
4b8b0ecf50c67a23d4b1e60b2c9c2e94599fa254cd9fe87269ed12c5eada451b
GET /css?family=Oswald%3A400&display=swap&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Tue, 06 Sep 2022 09:58:27 GMT
Date: Tue, 06 Sep 2022 09:58:27 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: cross-origin
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 09:58:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4
172.67.176.225200 OK 300 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4
IP 172.67.176.225:0
Hash d3e1f7fdc7d2165e7a3887d1466aa596
f8bc27d211ea6a9fff9a54bd56b6fe483816e1b5
d9e0137d0777fc5547580c831df1ad774ed8218b9f90955a6d57b1a7aa975d02
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 300
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 10 May 2022 06:47:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AstMF0vdmxUTtvzNlin5ywom2ubkG%2BW9JwM97ZEihzMRYjvcEk5FRUZJ1noypk1I396wnUe97xjaqs6ZvU18K%2F8lpGdGZc7I%2FGeKklxDjSDNpub9oXEo%2BkNNCkg2XKQx%2F6A74g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a56b780af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
172.67.176.225200 OK 11 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/css/dist/block-library/style.min.css?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (39791)
Hash fb05e752eec030b6f476138087d4d8a3
ebd274bb1c09e706c24cb638492d952eb798e2dd
50577406a44544dc7629fe3f6b78421cde604b620966387d0d0a37a25bf20baa
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 11182
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Wed, 06 Apr 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAu9gWsk1WvfD79TozTZcjdCVbEbPTOLIhjFOBhr99XIFv72ek%2B%2FhAUBHExefpj9kuC97z5O9Fn95Cy%2Bmom5KA%2FrvM8LRDSMPMno%2B%2FbieZn0jXwrvAnl8XNSBH8wniZNNFMXew%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a57b810af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
172.67.176.225200 OK 972 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3
IP 172.67.176.225:0
Hash e355e7e30d2cbeebefa6977790886c3a
eccf1c43237a1de702ae36722813fa10d580dd4e
49d452b612934ceb8ce12bfadb85dac2f573d458337a9ae0da76705a8ae8b018
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 972
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CYsJORvb2saOZpHG%2F1qQdvIJR00oYufkMp8c995J7PZS2Ce5ax9nHg39Ismq30rMzizi0JlKSdt52nb6z%2FKJ%2FuzKxLoEy2D30VqzP4Rk5p%2Fty9pdy87XbVr8UlPhMHGVi1cyHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a57ea40b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6
172.67.176.225200 OK 589 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (1390)
Hash 5647c86ebf12ca66aad900441ea2976c
f41202f5660ecaad5367d768661f0059fb4df2f7
97f527a40c3959fde9a8e862de87b8652e8c90cf4128c2084d45fc0b39f868ee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 589
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMXwfFomgyScFXfo%2B7bfgvmPrErQJQV4Z0oELAWEOKy8DC6MPEFIMxTE9lSuhlpDxKicUdEYjQ21h7g2EYUSK%2FCGAUGQrr8n%2FrMnutDEadlZvvYaMIYYjB36DF8l3dJlaT%2FCDg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a57a35b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6
172.67.176.225200 OK 4.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (13426)
Hash f4be1e5bb243627ae5e7f2240b2b5015
ff05484a833d08561841ed91187f79be18ae97ad
158a3aea299f672a324fa5e1ff18a36e07fd4c56b5e127cadaadd290240c1178
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 4137
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fjRb4Emd8BTl%2ByQYszRO%2FtkhvVV4O%2FlOoILljFlqtdacYysiuP76HIkzA5L5%2F%2FRr%2Fc50xku9cZybSv0lD73WWdDCUHSIEv%2FN%2BUb%2B4hvPr6lPndmopAmW9KE2qOjqQDyCup2t4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a57f7bb4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6
172.67.176.225200 OK 1.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (9099)
Hash d18c1fbce6db4fc0f693e2ef765aaeaf
80d427646aec01bcf7c144e92d4896ccffd50feb
f2860886b876336e7884986cce751727112ef4d07dbc43f7c71421ea87c6beee
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/css/gs-logo.min.css?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 1811
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVXzeonHGxovrFH4qpo517UuHGsPKYq31v0%2FWihNhOinI3ggAL6et5rzKPkDdPDTF%2BOIv%2Fhzro40X9cAq%2FBLx0p53AZXoE4Ig%2FbSdX9XzJtK9CuKfqLnvhs48Tnv9XO61DhoBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a58b680b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css
172.67.176.225200 OK 1.5 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css
IP 172.67.176.225:0
File type ASCII text, with very long lines (1730)
Hash 4c030ed3e806b7a96fb0d827bfbcca52
3a5b62d40dd2dfba58c5ddb0415aba83d1bf90c2
c7947780729a1b223d5c74c45ebab61f77d3d8703068550ba6ce67fdbc92cf77
GET /wp-content/plugins/simple-youtube-responsive/css/youtube-responsive.css HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 1503
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 19 Nov 2020 02:44:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wbfd4UkkHQsweY%2FLsI4sRlU2CHZVVDMcLTZbX9%2B4DcFKsUhPcM8bvQ4pF2WpGEAqsIqERyfoKQ0nSJzGQfwVDakj7yZG7QWUU5tT%2FvXODecpxasgtYFCqOkha%2FowtqWYRKXRA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a63c490af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0
172.67.176.225200 OK 13 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (59158), with CRLF line terminators
Hash a4a3a68df21cbce1269d7bfdfb0d3651
2fca9808c87293f011e65080cd8c90a540aaba42
d35c820d832f898ba185fbcf247a258849817eb05e782d04e128d226756a91b7
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/vendors/fontawesome/js/all.min.css?ver=5.13.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 12842
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqGTJ6ou2XfIStNq4LDjdHl2ACO%2F0%2B3sSwUYC459BRgrKbwnWMf3jNEeqYus%2BnOMVnv3xbeYbMexB6jCpv0VKUSCqlOo0JkPXpxXUlUa1xa71XP%2B2DQjbQKWWwn%2BmPmGJ0MCiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a64f5e0b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8
172.67.176.225200 OK 1.4 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (10694), with no line terminators
Hash dcb503fee23af5ce7e781140eb69ce73
58a471d79ffb0b2a335aa98d49f9f30152f9f1c8
32fc1e62971f781eb47fe45152ae13c3f63748ee4de3c3745a33ccbec0d2e383
GET /wp-content/plugins/starcat-review/includes/assets/vendors/flexboxgrid.min.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 1411
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AUr7j7AKWA%2B1JaOClLYAdniC1ngPiapXhpCkM%2Fbcrk6fySLHYqhGe3u5MUzdi6i0kE0IKpZ9pOU0prLhtCDDGyt3SOKqbrf%2F%2BQtUzuy2pm3D3TxytqXL%2FY4y6zBoUUMCtBgwIA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a64b21b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8
172.67.176.225200 OK 11 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (49734)
Hash d6b10700152077b25c68cfc6e5f5ecd9
892a9a9ceae8499df71a9176f40e3b98061fc8a1
7728cabdf6fb34a51722f0ab82851b14739de4c29b3edaed0026e8517547610f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 10891
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8cZ5WByKQaVTeOCSrf161AUSPQSN%2BsolK%2F0C%2BFPoee%2Fa1iTGErrz4ozqiGfAuB8tgM%2FxrpEgsWa6EQq7ym%2FWHLAU9ge9jIloOw9QZR%2BFqfdrxUCr0bh8n%2BJnierFOp492EDbZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a658bab4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1
172.67.176.225200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash 5ce4357fd0365f2abbf242a64f8acee5
10f60b6beb9b564223999c4a61e9de3664e670e5
25266b0ffc17c7499cd894caa04714b2ca530cb6cd535ceedb9a8943e34a885b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/css/sfsi-style.css?ver=3.5.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 14578
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ubuPKb0kmfaTnOwKoDRnXot0kU0mWSsnyMpHQ%2FRPO1hWLoSDtNYpUMUe9t6Umg%2F8Dew%2FG5k6DenxXLZhdLmk21T7UgFGL4AJUHXpjrr4JnaaIy2TgzjLWfyPzLQq%2Fm2eW8oe%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a65c490b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8
172.67.176.225200 OK 58 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (65134), with CRLF line terminators
Hash 01780d81bd36ab43ceaeda0f584cd23c
143deb8b9c3ba0be173c242ee3b26284dea54715
12f227968d867db8ba12bfd5d80858bac0a4051d6b920bcb83934ee05d1f6651
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.css?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 58453
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vb1mwoC%2FO1fcaH%2BDq1NQvVBpkMLUfjnjPHPW8eHxIEp6%2BloJCV5QdEN2P5J4X087BYKxYhZQ4D6q2vXHNQaM2z7tqCmQBKrWp8A3wjiP0Gcax%2FUxCNPqfXA2we1k5%2FbRhFXlAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a63c580af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0
172.67.176.225200 OK 729 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0
IP 172.67.176.225:0
Hash 9bda17729d21dce80fa2ae03edd2eb91
2d5f11891f28e68d85fa1009df925159d3e186c4
361bbbef454ca794cf52ab6e09616f4486b741d667d566b9a207d1f008fafdc0
GET /wp-content/plugins/wp-polls/polls-css.css?ver=2.76.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 729
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Wed, 25 May 2022 06:47:08 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6M7dI7qZi9HP0XcUbv5Fmu4KWaSHvoIF4nK8v1BCBKW2NSwbmo8tJ3aEPgiJJqKQEvwKO0YhW1IwI3ghqatwykZkuxg2BpiptK3GQIFw17RhKI5VFiuiknrDgtCM7CWQlx9GPA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a6fd090af6-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f41565238dc856269109dcc30c34c535
28517f51eb3b6cd08981afbf878446d635430741
9e314961a8fca836481ea022db365cc463bcef3b5003c63ccece611b8ff77fe6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2
172.67.176.225200 OK 2.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2
IP 172.67.176.225:0
File type ASCII text, with very long lines (13825), with no line terminators
Hash b618c7163214d65c3f44a35df821c905
1df6f9cdd8952c293be36355332dc3a3acc95067
248b9d33d6fe3387053ab83f68b1226291055e7a88545a393df8db010b1b48ae
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 2793
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zs5HRVlA2Ht6DTtTUd04Y%2F2wEd%2BYGh7A5hqWHvozUD%2BHtyRjc%2FAIyn%2BW6jWZhjfEAGNfdc37HHCceZgL8878jrLZ%2FqEZSQ1r%2FzOqvP%2Bc0%2FzjMW7DL0YSpev3M4l6Znwr68IB7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a71bddb518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4
172.67.176.225200 OK 2.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (14965), with no line terminators
Hash bcbe99815e015557abc8c8ead023bd32
f1185c735e71b6c0a1ba68a3e221b9f6cad41264
ec15b77130c0563696b337675f8d5f811facda780ba1621469e24d848ee8db53
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 1990
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ScP7JUGYc2SqbI6rdxLxaotbzHf9T5TkUYWIv7VcmoB5LA1pj3zrO5nkRbWNJEBqKjHeRD7hZAMwtZ9NsPV%2F2j6ChtEtpTxd0nLPU3kN5C6QTwmtapxtntDKiAIaVndlYkf7tA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a719cab4f3-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb9bf29f1e0acaa7ac6d6566381370
dec1bea642dffbc11ebd6d65c94f87d6db95703a
b2bf22379151923244cbb9bd62499ded7b6f313a7db77914383bc1e704dd65de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f41565238dc856269109dcc30c34c535
28517f51eb3b6cd08981afbf878446d635430741
9e314961a8fca836481ea022db365cc463bcef3b5003c63ccece611b8ff77fe6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-151068238-1
142.250.74.72200 OK 43 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-151068238-1
IP 142.250.74.72:0
File type ASCII text, with very long lines (1615)
Hash ea6abb0b48ec48780b5b80bea12b6bd9
01bd697e75a59a11e705f716843a03e1c42bdcf7
f9e6b42fb5fd6569daf7c0524ceec270a5df630c7bf2af1932fbefcc16066787
GET /gtag/js?id=UA-151068238-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 06 Sep 2022 09:58:27 GMT
expires: Tue, 06 Sep 2022 09:58:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42878
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2
172.67.176.225200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2
IP 172.67.176.225:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6d20596f63c3608b853eabb2c6a05e2b
d4fd07ae1c1f39ce98e40e25654a3701945f4a82
420d140651b180e0f14dc1278645300facad4ba96f8197a81a51c86fedb8d88a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 14642
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SpnnjdxN9URUJp70ZBUrvfAWav%2BITQ3EkMGkLKKuGwzbWpDhuQAZzBa8%2BZvHTvGNqtVHJVDtoI3AG4josYGyR8v8ZWBxihUMUyKHwTxqFvlUTJVbqWI53lzNbylBqT3MzBPVoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a7181a0b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8
172.67.176.225200 OK 560 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (1682), with no line terminators
Hash 088541d3f4072ba2a6c270ca758a1c3e
34a42dac71a1806a0dcb878053a46b6ebabc2109
141cbd57444b324bec15c0a9836968a23a0acc1fa3a3959a4f50857f801dc489
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/mailchimp-for-wp/assets/css/form-basic.css?ver=4.8.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 560
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Fri, 26 Aug 2022 06:47:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sVOsqeEasPgV5y%2BgwUETY7ZJmfQnw5frr7vr0Z2N08dLDj1YLt1ybjk2HS0m%2Fz54KP0AMjfPkwt9gVboHPrhrrlfeePUMmfYncbaYYGR73a8XQungmE60noDPOIZuDn7DUaQg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a77d6b0b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
172.67.176.225200 OK 7.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (30855), with CRLF line terminators
Hash 34f4fe6d423142797546a5314db88012
0afa5a61ec28bc122c0954854a195837dfb15e68
d4a198eb295c32516a402ca73ea60fe72f807a33114b7fcbd533df6ba2899b92
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 7004
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=corBfEpNk3BiVe8nXUnjWjUEBKH9SDPEU0RoweDsG9Q7s91zujOs59LiZR8Q0Nd4E7RrXPAzay3StR65YfuwtVmLU8QhtXod9WAxseq2IlmNAwgfjT%2F%2BBd2oWlTden0IXJc6RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a7cdf00af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
172.67.176.225200 OK 1.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with very long lines (6212)
Hash 1343449bf9423afa7bdf8ae241c08c33
b7e57332ed9e59451bdc57f283c2b1b62f7422cb
807800333ad17083dca69aa176b12a7e16830f43b76639c82a42143dc0b2dfa4
GET /wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 1310
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mDesR4bumF%2Fjo3yZ7ks1TNc8LxZyH3eQY9LQ9yo3eWu3mequOpM22AGuN5KeF9a0rMQMzHra2ySxueuerG6%2Fgq4mxeBo1fQltGeulwGrzKtiP7XWQHf5Ms9XrVKm7sC36qYAoA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a7dcceb518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/css/social-counter.css?ver=8.2.5
172.67.176.225200 OK 803 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/css/social-counter.css?ver=8.2.5
IP 172.67.176.225:0
Hash b43c78a31755b036425f584fcfc43333
a6a8493ac85bb8bf14fd6371b074443439f99528
dc0d3656a4c4344b1ae680b1103bd0893a6fbf4923df26c319838aa3fdd0bea6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/css/social-counter.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 803
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ca%2FX6%2FAcVReyqrvwTzuChqGh%2FzwwQr8mUQx0ZPtnGX%2F0HEic28lVzBfN1hxZH2BD1Yo3j9najQ1svAgaYMZECKFllHVgXSH4FBnIktFVrYYgfcinj3VHcMUDbJKWWoOCn4ERqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a849360b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/style.css?ver=8.2.5
172.67.176.225200 OK 440 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/style.css?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash 9c5307dde06b0dd96a7c3443b730866f
4080bd98383e08a64ef47829301d811f06487f13
a23769d84246b72fbb632215bf619405b7be8fc6f51defa8fc27fa017845c3b2
GET /wp-content/themes/soledad/style.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:27 GMT
Content-Type: text/css
Content-Length: 440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JUn6b3tG1eRtm4iFIqQQw3ww6vPZmYGJuW5NgNzGO751uu3mEXwxUm2Ba4XjTdWnVj2cG1ovjTvrqIo2Uz8ig5sBr8Dlbda6l%2BgziOMBXQi105DDYvHhitY2BxxRRLYQetb%2BgA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a7eb3fb4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
172.67.176.225200 OK 3.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (19233)
Hash 72a65647874a407bf12f2b50f1aef2ae
3727b7b8b63c40299ce4f85186a04b9aebeb5032
019798e29fe8b572ae1363921494484bead80c515999fc5b7fb35fa8f37a7667
GET /wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 3915
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Km3XGU2%2FTTU1zAFDkr5%2FRWNt4WWYgbN8TZdeM%2BAYoiUV%2FOHNlGx5zgY4iaITRlZXwNqV3sfi9DPTSU%2BB6qg3JDtia6dAivYlMk3JCbBAaVNWYIc5GfI4HZ5tpBL5iX3NYDa%2BlA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a84e160b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4
172.67.176.225200 OK 854 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (13766)
Hash 551529258b1a693f5625017921ca3759
7e0491a9836e2e1830ef2c0068379af880450420
b325fecd3133b15e7332687ee07f6c94481257f09c66a34bbff1d5598f5401e9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/elementor/assets/css/frontend-legacy.min.css?ver=3.7.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 854
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AUT50HylZerIXe08ORnyJiCaRTRd%2FYYI9daRttZJkX9en9zIyUMhcMGPfizIdG6ka6LXirdj%2B09oL1Vyvz7Ku7cqYoU03vqmMNKtdx3ZAguFkBPaHd69r6jkylFqup7kn%2F0GbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a88efb0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/uploads/elementor/css/post-3970.css?ver=1662015150
172.67.176.225200 OK 414 B URL HTTP/1.1 balletmagazine.ro/wp-content/uploads/elementor/css/post-3970.css?ver=1662015150
IP 172.67.176.225:0
File type ASCII text, with very long lines (1250), with no line terminators
Hash 30edd65e46a0ae9b4583c0c973f1ec74
d82015f7124f00e03c7cc12ab2865c8ec6550364
d57a64fba511ae729b7cc2b8393518f2047d1f7b9bbd441ae2a61dcf126c3fac
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/post-3970.css?ver=1662015150 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 414
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:52:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8A1GihMnqikSljTJt3vCDAXzwosYlJrMC60vBwtCjGGXr7lV7%2BZ107TY%2Bx80eg489Cg0kNA6NOFiUzII19jH2Rphv21DW38bPEaHePeeIa%2FDn2xssvwl7l%2FA5m6jXmyFa8G4hg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a8a9b00b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43
172.67.176.225200 OK 2.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43
IP 172.67.176.225:0
File type ASCII text, with very long lines (9700), with no line terminators
Hash e0a86a233fdc68f018034b39e6acc8dd
b35870a5ba4653c46f794dfe1d450b088f3b1bc5
850f3d88c295549ba4c5b15b901ae48eff396156028dfcf7467b6dbeca111a9f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/sassy-social-share/public/css/sassy-social-share-public.css?ver=3.3.43 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 2341
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2dPvgD96gwj0Ihp6t5wv2lMyUn5efuE3SnaQeGL%2Fcl3Vx3UjbY3nyd7ZylBqEws2pplo5jnKq7Cj9IxItd%2FZnnvN9jBnak%2BLKZ%2BnhHMgKVxFrabS%2BnUUcjoXX9hxhEi7Q3m%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a90f560b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/uploads/elementor/css/global.css?ver=1662015151
172.67.176.225200 OK 1.7 kB URL HTTP/1.1 balletmagazine.ro/wp-content/uploads/elementor/css/global.css?ver=1662015151
IP 172.67.176.225:0
File type ASCII text, with very long lines (14216)
Hash f4527a04a37f924bd6843aef68cc915c
9dae6b767f768898a38dc1c61475a911d17957c1
a4961062629fe9f50d94d8c4b999a00d034a459e9faec3ea2e0afe3da13af450
Analyzer Verdict Alert fortinet Malware
GET /wp-content/uploads/elementor/css/global.css?ver=1662015151 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 1652
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:52:31 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8olTLJkU4LOEdJfIwRxv6hr0FSGRdFpp1tJ1yHIJ2SdlzNY6GVREF9djVe68r%2Bf5JgqWDkliUntgDenafEUo6Mm%2F%2BsBD17yuIn5NXJOzEl6OCwUzr3unumv%2B8GY53J%2FIYiZBA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a8ac7cb4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/main.css?ver=8.2.5
172.67.176.225200 OK 132 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/main.css?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Size 132 kB (131520 bytes)
Hash 9e56253fa96fb2f7bd3ff5128b861cb9
beca3d8718d6982fa68e7e6dbd3f118d0ec87d64
21909f19794f721c0a82a8085f9a3d8319403117c52c183477772253f86bbd35
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/main.css?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 131520
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:27 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cb8Q%2BDHlbZsTGoQBb5kXH8pRb8uUGgXLRGfxo68yF85U4kUAxAEhGGjOwHV01H6jBCe0WBCv%2B7EWd5hzi5qv%2B2UOC5oXdZy4%2FxT0tNyNTYtD34LajJCM4gKJXiCNitalfkPWhA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a7bde20af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3
172.67.176.225200 OK 4.0 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash 2d69632c5fb2f8f28978cad757381619
62eecdf2295339490d0135780ff4ddf10b220a12
a4f5552d0a4b43edc285be23f53a0a9203f1d689dff9321e4346626289f773e8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/css/recipe.css?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 3966
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25%2FaluqHClKFigiEFAJQf5r7TxAwk5LQ3q6fJMobepFwMEH95Vlmy%2BgLajhYCp9XshqUsyOn7Cw8jVDD4DM9D73fE7ttZQdbPAxo%2B%2FF3GByGIO7LwjP%2FOTtc0s9hPKtw5v%2FKTA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a95fe30af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4
172.67.176.225200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (65497)
Hash dced786015fe6ca9e795fa0512b0e9c5
870eb49074839c89b450efd7e03d726f8069f735
8cffae67449c6afac463166982e78e7c12225e1809078ea61e42899cad7b2e15
GET /wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 20222
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:47:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zzO8WgKgUabcm9jQe6P1YTqek%2Fc924h4UU7L6cp67I6VYH7zK%2FDeE5%2FhLT9zmMQWZ5SE5Yws706CobajBZAiUtA1uJjzU7Z%2B7K65fFsmIu7%2BxyR5ZqKrNdHb9Ip5RFmV6WsGCg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a89da8b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
172.67.176.225200 OK 824 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (3432)
Hash 37b0886047bd869e153fd52867989cc7
583982bd616e700f82579a80a032d832d91c4735
46fbb61abcc2c019348932157a9fa3fda895a983b5fe0b950701cf85da7dd954
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/css/view/general.min.css?ver=5.2.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 824
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:42:55 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0KJe1FQrN4Sudl6l%2FJbFO4LBp8I3hwyPLW3FKsTXZ0%2BINwuDnc51SABAjXS7PsmRPgTNcBCPlzBI9dcg2eTx15N83OS3kNcAof54VRfTMqaBWaSF3uXSpE1OTTsGAnd5YqJnIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a97a3f0b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
172.67.176.225200 OK 4.2 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 172.67.176.225:0
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 4168
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WjaVr3Ep5cyQlTSXZjWVClFB13jWQ2jgXYAn%2B7JUQDnQCixdmX5VlJY7XtJkPHzICtuBsUNrgLAj70tS50lVA13hWuY%2F9uVbxFG7VcLHWmMBZouOI3Je2ASfUjq9nJxHhd5o6A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a97dcab4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
172.67.176.225200 OK 31 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (65447)
Hash 554969c8ed0e4b5eece1261c4e1e9cd0
3b514b21c2e26b2caa15054e43ed00184a8ebc38
4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 30969
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 13 Aug 2021 12:21:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sal02IUfIv5eL7l%2BmUk36rJ6qU%2FLUmQoXvbsBCMpqtK5HaXpNYWwPV4hGa%2FshiW67RWEc07FsKxlAdkXZQhFNu3gIRCmfphQR31Uo4JCUvNsl6Yr5KjZ%2FqgpH8FJ556ETtV9vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a97fb60b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
172.67.176.225200 OK 4.9 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/wp-emoji-release.min.js?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (15224)
Hash c5861eec8c65717219134960db9e361e
7a9a5ed5ca3de9e30fa3c14d1ada2ecb6eb4505f
b96639b87d4a408e9cddadc6f2a1228cbb20678f3f069785fe0614c0db78430d
GET /wp-includes/js/wp-emoji-release.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 4937
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 13 Aug 2021 12:21:30 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7NoSdJJEtr7wTR4tIZOAMYBR4e%2FzkyBFwoPsiHoUVaIa42%2B1Xc3zSnNObplJ41ZlT3f4gkv%2Fxt2xLvMRm2rRDDBEkKMqfJs%2BoxJWYz7MZqy4JTXgdcM5eUGl4IMoqSJzFEUnXA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a9df51b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
172.67.176.225200 OK 2.6 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 172.67.176.225:0
File type ASCII text, with very long lines (11256), with no line terminators
Hash c2fc17077428d552284c691d25aa3ded
b5a0a0fc41e5e19db63b6db787c706c6124cedb6
b239bfb18444bac17be1d684d9a670d5de358c883237aad27e194f71e3c65d17
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 2582
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FWjc5Ea6%2Fr5V9ZECePMf3SSw5ypNlmqi9GUq%2FW%2BQ2eek0Y5QzmmAuxhkIlzPEmrDTbAvTPBfnVYvtqlwFf%2Fks2JMFWF%2FXEeFT67PQjFbg0pOLAQpiiwkwd0KSpXap%2Bn5A1MinQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aa3b210b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4
172.67.176.225200 OK 14 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (31759)
Hash d2d09e0251e0526c8fee881557a41656
94e413871c8c99ff801a541a14347be0347531db
627467b330a9b6997107c85f4bf56c9683303dda0a176cf5ad088d32a9f0b5f5
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 14461
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xzBC6OXqe8K9j2NnDmvSI6MpTopUH2szKn9N1W6iU7lGEsrOlh9md7N1qUf6IZQx%2FtpZ05LSDgDBM7zsQMjo%2BeO%2BWNKPOyTDbsoi%2F8Ua7zcrLyN%2FdUeQGS56XZTsjK6e3qSMvA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a998150af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
172.67.176.225200 OK 2.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3
IP 172.67.176.225:0
File type ASCII text, with very long lines (9680), with no line terminators
Hash be8270d30953f83f3137e2c7121e3656
1bbc1d1a19f27b4dd66c838214bf196862307078
9506efdf97a3132894069273b42fff14928e25579be11b57b3ab03aa426e1e23
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 2929
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbIQOYAtr14Jq%2F293jTj%2BwME6t8fxfzGL62LjWFr36%2Bd5vnBSZEG3s41WkimBO%2BJYHGXFJnddnKOAwWVkgw1n3g%2FZt0WVqxVoFcIWQRbcUQOGxV5q14lSN47Ov268rAxdEFGiw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aa589d0b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4
172.67.176.225200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4
IP 172.67.176.225:0
File type Unicode text, UTF-8 text, with very long lines (64131)
Hash 5c3702574ebc00121ae862afb15a5280
a3c03ed6be6215b0b313a27f8334847b1f25eb51
4c10f6972e96ef0ef49f0c0dddfa79d5a893867c2ae6a825a0f4f8d8ed8e6a79
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 19922
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=73FSVnqMql9s%2FZ0IS1G%2FkhXQzxNCAXQCpThfo0JkAPlu4KKLjmQ8zcFzIfyX83%2BCmFY4NthaqANMEHkVsmicC7WmK69Ar7UlZ8wobFqQfcrkidGZyZBe6yTIn2Wvgl8dYkChFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658a9c83c0af6-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2ccc4fa4f7710c25311b3e8221a62560
d2159746ef08cd3ee3c35d4b4613a592f80ccfed
148688576cbf8b818e40e016478a6ee4d929358742304efbd8c6df09df9b5d7f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4
172.67.176.225200 OK 1.1 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (4186), with no line terminators
Hash cc467bb5d18a9c3c4808b267748b4318
36cbf86408ccb35e204172bca28bf0c6b726c385
feacb74068853206ff6d9040bce92f3d95a386c3803b0147f08c23235cc333dd
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: text/css
Content-Length: 1148
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Wed, 13 Nov 2019 09:45:09 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWuOUhhSVAQkyGSbxC54m99PLLsgaHYp%2FEqXV2WGECN0Tw48dY1KeiVDC4p%2B1rBRNitoagZe9pSkUh83KEaRSCmGhqMm%2BPEzc4PWOquv1IwMQmk%2BIkGaq76EKSrplPJmAtPCow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aa3ee1b4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6
172.67.176.225200 OK 1.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (5477)
Hash 91ae572eda7d4a577e52ccbffa8c7dc8
a0e0d8acf4d52aed480bbef4ef5d4b1dc595144e
17b5043c047e8a251e06b6d642f5c7fd847b420faae08c21359de0439bcd4b9c
GET /wp-content/plugins/gs-logo-slider/assets/libs/images-loaded/images-loaded.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 1808
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gB45qX1cPmP%2BJOUcb0pS7GuHI1JNk%2FJrl6POh2Yb9rAXjoryearOCLx9SIOj60JaJ68Wz6uEtUJtaHDO43a6%2BfkfC9OYaZNKI3GBdjIv9AQLKEik8etHMbHG553RCL3YG5s2iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aaab890b39-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 76c6ad39ad355f829170427e9076311a
26a82c7dd26986900a4964464e43d9837dfef1f8
40c6ca74d92e002befb684bce24ba4714c260ba30918cc4e9a4bb02ed4f809dd
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2109
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Last-Modified: Tue, 06 Sep 2022 09:23:19 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1
142.250.74.130404 Not Found 0 B URL HTTP/2 pagead2.googlesyndication.com/pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/js/r20210414/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4001904154299870&plah=balletmagazine.ro&amaexp=1 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
date: Mon, 05 Sep 2022 22:33:28 GMT
expires: Tue, 06 Sep 2022 22:33:28 GMT
cache-control: public, max-age=86400
content-type: text/html; charset=UTF-8
age: 41100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 09:38:18 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 10:33:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5qwulU3JWbgqY3DpqDcEjpEweJFSv0-hXWeQKYRby7K8lw1otj8QHA==
Age: 1210
balletmagazine.ro/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
172.67.176.225200 OK 3.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3
IP 172.67.176.225:0
File type HTML document, ASCII text, with very long lines (12211), with no line terminators
Hash a71f31ad8ab59495c235f70e11af94d5
dd92f0033787042cdc33b4f7a738cc1a8f1aaea2
02de035caef83e16f5631660c82c3c61e69e4a919f32552131136b5762dbe846
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.6.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 3925
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2B3Eyo7AUtzBz940P9jrZMXg%2BFczHFJmyy75QMJb9G0r5X70WH2xU7ZY8ubqEOooQBYlxz0QlfcUbwVYkPCjW%2Bp5zoolc8yG7xAMaIyiCVjYGgo3v9JFxz9gh2UHu8B8qoY5RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aa983cb518-OSL
alt-svc: h2=":443"; ma=60
fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4
142.250.74.10200 OK 2.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4
IP 142.250.74.10:0
Hash da30101108e548547d9c90257764d28a
ea553fe0112ef3e26e5a500cdd69386f87165b9f
b015bc48876e36fd0e485b4c31c11575369ddb8bbbf3030f14daca14eb43137c
GET /css?family=Roboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=5.9.4 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:27 GMT
date: Tue, 06 Sep 2022 09:58:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1391
Expires: Tue, 06 Sep 2022 10:21:39 GMT
Date: Tue, 06 Sep 2022 09:58:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bcbb9bf29f1e0acaa7ac6d6566381370
dec1bea642dffbc11ebd6d65c94f87d6db95703a
b2bf22379151923244cbb9bd62499ded7b6f313a7db77914383bc1e704dd65de
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api?ver=1.0
172.217.21.174200 OK 959 B URL HTTP/2 www.youtube.com/iframe_api?ver=1.0
IP 172.217.21.174:0
File type ASCII text, with very long lines (509)
Hash a14498b9bcf46d1c252d11c6677a519e
7d2b4ee0f640970d85c5d318ac2c15e5605fc828
88261534ce147ccacd518dffd241a1684b990359436b6a6085d1ef1ed382d1ce
GET /iframe_api?ver=1.0 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Tue, 06 Sep 2022 09:58:28 GMT
date: Tue, 06 Sep 2022 09:58:28 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=1UmQQuMYihs; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=E2XHtIIiKL4; Domain=.youtube.com; Expires=Sun, 05-Mar-2023 09:58:28 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+393; expires=Thu, 05-Sep-2024 09:58:28 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6
172.67.176.225200 OK 2.4 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (7209)
Hash c24f217542eb02720fac0fd55bd8921e
74f084733e57ba209e7ded40220132fd20840f3b
cb6cababb9250d8fb131a48e5d129ce7d008230f2e07f2cd6895bc2ba70a12c8
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/js/gs-logo.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 2437
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24AUpO3hOPRWu%2Fx0TqoioSdt%2F43OjKuaeZGWVvSr386wc%2FVvrAGYnkApgsEwEuZbi8o4PcrLBhbJ6lpT9IpDntw9cQSfQ4M9CkRDiVi5iqhPsxgcOFRyv1ZhTKCXxxQ59j9IEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aae9810af6-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Tue, 06 Sep 2022 15:57:45 GMT
Date: Tue, 06 Sep 2022 09:58:28 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2ccc4fa4f7710c25311b3e8221a62560
d2159746ef08cd3ee3c35d4b4613a592f80ccfed
148688576cbf8b818e40e016478a6ee4d929358742304efbd8c6df09df9b5d7f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6
172.67.176.225200 OK 36 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 79166f8c0e16ad5dfee8fef85d6b568c
e7192c4f09f10b536d96061d55b0b019a26fa8ce
7fc2f696a3056a243c6dc61d111bc9f6bd1ce51311f0755f53e732eaa0adb4b6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/gs-logo-slider/assets/libs/swiper-js/swiper.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 35676
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2FgWEFz5FJE4%2Fu%2FP3kE1hlPmP0XsNacIkrNvs7pzVaha3pdrFooLLkuw8QGw9VINvFVZ9rTyWe%2FyClV2hN3LchjTUqIcmMPBYMfZg%2FPe3r17n6SAO5HkeTVrfaO0A2ZuZsrSQw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aab95b0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0
172.67.176.225200 OK 1.7 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (3765)
Hash 1d87105c6857a225bf858e33ef57063b
9a31780a00952c16e8606369c3916d0fd2cb2f03
41ad0f2d38eda665205997eb28ea40804f280fbde8de3f94c7688a3e144edf77
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-review/js/jquery.easypiechart.min.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 1693
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMYcruRKjFgb%2FV0uMh295NIV3jey%2Bc8ymfbainR3LOKD9lySCroOtwQNX4%2FzzR0evenH7Rc4fZC0TMrwh05mBsz5gNdp0D72fqwgH%2BHcyOoh8LIu0dJSswrbrG3BBmncjAjLAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ab0828b4f3-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3370
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Last-Modified: Tue, 06 Sep 2022 09:02:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
balletmagazine.ro/wp-content/plugins/penci-review/js/review.js?ver=1.0
172.67.176.225200 OK 365 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-review/js/review.js?ver=1.0
IP 172.67.176.225:0
Hash 793b0c5e5f1bb569673e980a1cbc1ab0
c16a1633bc494ea6d56ac315863070d56fabdca3
c03e96d0b1eb30368976e63359ec908f4473bfbe48e83d218588d42eff918a9a
GET /wp-content/plugins/penci-review/js/review.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 365
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:15 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=izn%2F9Ro7fY0b6ai%2Bo9dMcxPC2MSs3tqC08aQzXPes04lRZOjOMUuAPtxAnC16lJRxCrxIfx%2FEfSxfaZYKAmT5%2BUvaLjT3Y6p%2BkKb%2BU9RMsr2akyQa0%2Fm%2FxHv0lLGo4NAduCiMw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ab0bf90b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6
172.67.176.225200 OK 14 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6
IP 172.67.176.225:0
File type ASCII text, with very long lines (23493)
Hash 75b798e6eec96f668c10ec1af0bdff27
b1013012e57bc4db0454b81a0a26185b68664d2f
6b84ca377dc75321d032aac6726c552caf581e6860ea391fd1844ae2a2206392
GET /wp-content/plugins/gs-logo-slider/assets/libs/tippyjs/tippy-bundle.umd.min.js?ver=3.3.6 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 13756
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Sun, 17 Jul 2022 06:48:17 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8T19X97uBq3MP4nEf3TQFkTCdZ0SMUFD0Ev5NPGImMFpWLJdnRIsF7RAbcuAv9aEzMI4SPZ0nHG7f8MVarsiravwj9EmQxntF9GZxmAdebgC2Kf7Q3x1gkGNYsR9YroNCoE9sg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aab93c0b65-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/uploads/2022/05/banner_with_photo_bir_2022.png
172.67.176.225200 OK 32 kB URL HTTP/2 balletmagazine.ro/wp-content/uploads/2022/05/banner_with_photo_bir_2022.png
IP 172.67.176.225:0
File type PNG image data, 544 x 78, 8-bit/color RGB, non-interlaced\012- data
Hash 355802b0ec21e6bc355f15d5174c352f
7243e8fa49266eafbc95c00d19b3aaf7337bda08
65d5ccbc84aaa05cc2ac6a6493d0ec8dd6ca4e69f971c8fe57cd14fc4ad4cad9
GET /wp-content/uploads/2022/05/banner_with_photo_bir_2022.png HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:28 GMT
content-type: image/png
content-length: 32264
cache-control: public, max-age=604800
expires: Mon, 12 Sep 2022 10:39:08 GMT
last-modified: Fri, 06 May 2022 16:55:03 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 83959
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZvVRloxFPXciiPmVkkKB15gk5wt41s6EpbwYA8b4bwPD8bvjLv44Z%2BgUfyXbx9axJHRnaSAuIpZMR6IjWu6g6S5pK3KCRsUhVWY%2FD079vcbPOkBfcFENLGYn2GtsGnTF%2FWQAIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658abdc1ab4fd-OSL
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg
172.67.176.225200 OK 174 kB URL HTTP/2 balletmagazine.ro/wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg
IP 172.67.176.225:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 2180x565, components 3\012- data
Size 174 kB (174391 bytes)
Hash 943deda40d55b8dd9d920e11cf021c48
dd24590e0e37956fbed06ddcb7dc321bc9412021
1361b55b00129985e89611e17714e78cff10aad3c0aa2502eeb1480d0bd27fe3
GET /wp-content/uploads/2019/11/Ballet-Magazine-logo.jpg HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:28 GMT
content-type: image/jpeg
content-length: 174391
cache-control: public, max-age=604800
expires: Mon, 12 Sep 2022 10:39:08 GMT
last-modified: Fri, 15 Nov 2019 11:57:49 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 83960
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bkoSDwqq6IRcCYY5MRS1BANWXlLjnA5SBbNlvl0EhKWAiih0GaNESdHteBO8T3HfRkgvGKrK%2BcFs9FzCljljsxBLz9FtugfWDEGFC6o5Z8scOttt2DwmbKOIHVTyr59%2BNpWZNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658abdc14b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0
172.67.176.225200 OK 1.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0
IP 172.67.176.225:0
Hash e706af7caeff1e349e05638e0587fbef
2db93df8c91ba32d5a5aad668134e57b4e788ca1
ba7d6ee3dc20ab1dd7557fe621c62e8f51c545e2327377ca8c384bb2c92dc3da
GET /wp-content/plugins/penci-shortcodes/assets/play.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 1094
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 01 Mar 2022 17:00:09 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BmzKNpyr05yVWrhA1fLWfGF0Jtf9%2B5qC9tyoz7UhcOga%2Fb7CB0UAKsRZwTgrIOsuhxMKyZ7ZVrpha1VakuC17d6pwfO638W69lUKy%2BPWw2ny1%2BkO6aSf5ymSeH4yreh%2B43y1Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ab5969b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4
172.67.176.225200 OK 1.5 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4
IP 172.67.176.225:0
File type HTML document, ASCII text, with very long lines (2861), with CRLF line terminators
Hash 4312bc5146570cdf364bc5bda00ac43b
9e6da60b963c179d195892d28cb0076cc2408175
5a68aa581b5145f6fefe3d7513453ad7774fecb29824d5e19cb96a3550f69c84
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/modernizr.custom.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 1499
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vDor7CsxVwsN%2FoaA6sfOy85j%2BtrEj%2FkhhdkXapduPoOpSK%2BYRvztYiYQnQQmZf8HU7kghfjqOKx1%2BcOJ6BT42A50oX%2B%2BKs4L2pxnaWy6kF8aYRTRiIKWm5ny6kL0YYJXHo9UmA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658abea7f0b65-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ee6743e22ac3ee28c4a204c796760b87
a1e2410e3e83b4cccb6bb6cdeb440a85552f2d61
85d0817fab6bfe49d55386c56b5d2b30659ba772d7c900d808c9641a99cfd673
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "85D0817FAB6BFE49D55386C56B5D2B30659BA772D7C900D808C9641A99CFD673"
Last-Modified: Mon, 05 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21557
Expires: Tue, 06 Sep 2022 15:57:45 GMT
Date: Tue, 06 Sep 2022 09:58:28 GMT
Connection: keep-alive
www.paypal.com/en_US/i/scr/pixel.gif
151.101.1.21301 Moved Permanently 0 B URL HTTP/2 www.paypal.com/en_US/i/scr/pixel.gif
IP 151.101.1.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /en_US/i/scr/pixel.gif HTTP/1.1
Host: www.paypal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
cache-control: max-age=0, no-cache, no-store, must-revalidate
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
paypal-debug-id: f32672682d355
set-cookie: ts=vreXpYrS%3D1757152708%26vteXpYrS%3D1662460108%26vr%3D123ca7641830a1d6778801affe37440b%26vt%3D123ca7641830a1d6778801affe37440a%26vtyp%3Dnew; Path=/; Domain=paypal.com; Expires=Fri, 05 Sep 2025 09:58:28 GMT; HttpOnly; Secure
ts_c=vr%3D123ca7641830a1d6778801affe37440b%26vt%3D123ca7641830a1d6778801affe37440a; Path=/; Domain=paypal.com; Expires=Fri, 05 Sep 2025 09:58:28 GMT; Secure
traceparent: 00-0000000000000000000f32672682d355-c5dc50fc5b0b5ca9-01
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
date: Tue, 06 Sep 2022 09:58:28 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4055-HHN, cache-bma1650-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1662458308.358727,VS0,VE177
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
content-length: 0
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js
172.67.176.225200 OK 377 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js
IP 172.67.176.225:0
File type ASCII text, with very long lines (520)
Hash b8fce8ade2c934911eebcda529224322
533706bef2c32af2d2437b79e881b918ff5dd472
6031f2ad0e2526b4b7181b9ddfa75c0ad45fb3319ee5da7a04a695e45f103438
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/simple-youtube-responsive/js/youtube-responsive.min.js HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 377
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 19 Nov 2020 02:44:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=47DwlHZbsG4Vkfjcsif2xnkOVp7sZo1a1ag7RQRXY%2Bb0gno6Pe5u2smgmWuqHd45cp2uaInG8CmmaxS3HAXjF5BmBfiRES30n1qgxBsbm%2B9WStffZ2E2GxGdJq1iOgQD7Vn0DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658abca800af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
172.67.176.225200 OK 6.9 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/jquery/ui/core.min.js?ver=1.13.1
IP 172.67.176.225:0
File type Unicode text, UTF-8 text, with very long lines (8189)
Hash c1f2ed1d7320c7920bf0ea8b73657822
0d80247d3482ff92b5f8c3ee6c1eea3ba808877c
6b2069162ccec1dc23e84bb6387f6433c98c4e4c31f68e28c23c37b3b032548f
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/ui/core.min.js?ver=1.13.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 6875
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 22 Feb 2022 18:53:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXe2QVajuF7TWaGaZCVBjySV14A3hljpaGOFrUct80vklvV8BpYn50ELASxOqFf3Q7xJ4OH4BSjskDBqiPUzxeGeD8I74WkVtntIQEA%2B1DuLDtGhUhCyLj9pO81Gk6GDHoe2%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658abed1e0b39-OSL
alt-svc: h2=":443"; ma=60
www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
151.101.86.133200 OK 3.1 kB URL HTTP/2 www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif
IP 151.101.86.133:0
File type GIF image data, version 89a, 147 x 47\012- data
Hash 9085513a3d86b5c5ea4c8107a0a824fc
52b7da0a47f3dde547fa405b41da8201a54975e6
ee1c4cfd1b1818743cf6930452dee0e56aa4709359e06ded6052d1e7abb14474
GET /en_US/i/btn/btn_donateCC_LG.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public,max-age=3600
content-type: image/gif
dc: phx-origin-www-3.paypal.com
etag: "W+Pu/C7SAaVROD4yxJfYhtmfI4zA8n2pGKd1zdw5nBA"
fastly-io-info: ifsz=3099 idim=147x47 ifmt=gif ofsz=3098 odim=147x47 ofmt=gif
fastly-stats: io=1
paypal-debug-id: 4968af7b330f9
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 09:58:28 GMT
x-served-by: cache-sjc10080-SJC, cache-bma1653-BMA
x-cache: HIT, HIT
x-cache-hits: 13382, 11912
x-timer: S1662458309.594066,VS0,VE0
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 3098
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4
172.67.176.225200 OK 4.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (12128), with no line terminators
Hash c62259d1e69ce9293c375ee58939707e
04de6eff4619781bd398113b551c5b2e233c0c1d
9901023777d6437c406e54b58b2ce1f6f5880ed2e063f2e5d61af4fb43864bc1
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/jquery.shuffle.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 4327
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2JokeXYB2z8O0Rzlpog1ptB%2FcPYB0SD4peWzsCX8AWMMxmJXOH%2BBP6nHXdYGs5RVf2iaAynLgF7iBa4qwwUTEJ%2FP6NGMyqt5PKPxuGSSNZJERmbG64ohuxTo3zkQoQNkqbZ2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ac3a64b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8
172.67.176.225200 OK 52 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash bf3d601906d9f332b0dd9057fd835a9d
f62a7a395f11f90ad8aa2995e341b0b24e22372b
38c449102d4eccca193cb6ed658813b0fd37ed9591fb975568a6b57932290c2e
GET /wp-content/plugins/starcat-review/includes/assets/bundle/main.bundle.js?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 51760
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Y%2BgPG9djus%2BXbXoW7yVjdHPqtLYdv7OXfCT%2F%2BvW%2BgnWSe%2Fd0WJqLjqNhpeYKezxZlAPKJThkFMsD%2BFNM7H5DWI3egmFgzjjwW%2ByGuq1zw7sprEleTxeXZGVZa9ZXs8K4f65yw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658abd93db4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1
172.67.176.225200 OK 7.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1
IP 172.67.176.225:0
File type Unicode text, UTF-8 text, with very long lines (993), with CRLF line terminators
Hash 6bd15ea6197c8a63c797bfd997cefd8f
c90f69623a9fb0022255e7f3c0e5f03f88a207cf
0734d7822d77068802d4d4311cfc5b3ac2754715ab02d9c26d0d7108e81c1234
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/custom.js?ver=3.5.1 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 7080
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvKy%2BBE8Iyi%2B198orbs1vC3pjqREH5jFXnkqCq%2Fb4kYO8nCDim8F%2FqxkKhjZ8%2Br9s%2Bi1zIhGkYeXfDBJI613VHrj8p%2FsIIuvQlPqekR8raCHmVNwvWELh3tWfpmvedvvhiKoqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ac8b510af6-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4
172.67.176.225200 OK 695 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (1477), with no line terminators
Hash aeaa1eb85c0c2d2b78dc0e4cc3b0f095
72b8a1ee30e9fd03f57ca8749388a569978e889c
076bb1b76d8c984c533ea83978ad13f86e882e5360695c62d95e1d622d23b158
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/ultimate-social-media-plus/js/shuffle/random-shuffle-min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 695
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 08 Feb 2022 06:47:12 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJi4PESV4LNBC4KTVCp%2FskosXaM6w%2Bq4TfgpPCZBk%2BLqGmeA16cVZ24PzOt21YMQEem1Md8Xu4FuEtMvkV9OlZX5YGGy%2BAdwS5P9SI6Jo%2FlHYlYvbOgavejnUzScJN451wJYYw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ac5afd0b65-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
142.250.74.163200 OK 7.8 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Hash 25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:58 GMT
expires: Thu, 31 Aug 2023 19:30:58 GMT
cache-control: public, max-age=31536000
age: 484050
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
142.250.74.163200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 12708, version 1.0\012- data
Hash b4a68b1e743ee317eaaf0bbadd131571
f24f7823d4e3830c7cfa5bcb33733d2897c00f13
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12708
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 06:06:20 GMT
expires: Fri, 01 Sep 2023 06:06:20 GMT
cache-control: public, max-age=31536000
age: 445928
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8
172.67.176.225200 OK 40 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8
IP 172.67.176.225:0
File type ASCII text, with very long lines (65306), with CRLF line terminators
Hash d23ff243d2bd4572fc71b5e66bccc95f
662e91d8dadf8338b8d90d48507bbf03c7bc98f3
5da60a0a05c0b59d94da2b9d51eef93bb2df66704883a5a16074e101a5a8582d
GET /wp-content/plugins/starcat-review/includes/assets/vendors/semantic/bundle/semantic.min.js?ver=0.8 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 40470
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:05:49 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jdZnEG9O9zALAJDuN53SGT7ud5vuvaapNiSJsuJxYA1BRWKX%2FV6y030ZAXLk59ry9yAbkhMiKG8GrmnmO6V0Ndq1WkHmMAYocdS2Ugyd5ow9IZo6EsGxggQf3mGG5%2BTuZ1Gy8A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658abdaa20af6-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.163200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 484049
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 21916, version 1.0\012- data
Hash 4b63cb477ab7d5e6977a788100ae58d5
c6e58ffe35827e911091dfbe4447b9902406c9d0
b5bc6e295567ab6723e8b71b9cebbaf12239f9a94c804af09e57412ce70c3177
GET /s/notoserif/v21/ga6Kaw1J5X9T9RW6j9bNfFImajC7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21916
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 03:36:26 GMT
expires: Wed, 06 Sep 2023 03:36:26 GMT
cache-control: public, max-age=31536000
age: 22922
last-modified: Mon, 09 May 2022 19:18:51 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2
142.250.74.163200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 45388, version 1.0\012- data
Hash 61b1bfc9c7b5d64ebfaa374a169cb0ed
cd7321bae6b67d4dedf713e76670ad178343b12f
3d7aa71c13df7631a188f23135f47496d5b01a8183a555679981f2217a8883b0
GET /s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFkWaCi_.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 45388
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:32:55 GMT
expires: Tue, 05 Sep 2023 21:32:55 GMT
cache-control: public, max-age=31536000
age: 44733
last-modified: Mon, 09 May 2022 19:47:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0
172.67.176.225200 OK 648 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0
IP 172.67.176.225:0
File type ASCII text, with very long lines (3242), with no line terminators
Hash d96ce374bc0c7d48b1867f4f5147f137
436a19ec96884f3bb3a1875f5d49a74c282957f8
dce82df98c8329089475f855383486e86bf565d6a9c94ab6e8ac4da38133cfc6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.76.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 648
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Wed, 25 May 2022 06:47:08 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ao5iBX%2F1FW8tMkt2m4V5unsy6lsONyLYtnBpP9bOw%2F%2FOIHX%2Fdh8%2BYoUczr4ulWZpSZGem0%2FPggZQ2fvuEnxGiRpp8GeOSyZfgrdFVrXxVcdQ%2BemrOD7Gc%2F%2F8YLCpOoskvZS8w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658acae040b39-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23948, version 1.0\012- data
Hash aeb92e524ca62170347fa63974605767
1e10bfbd720481e42035a5469d7ce8fc51d34aab
25475d82cc976fb2c71b15b3e416c22bf636dd247bbb268d312e7c076ec5b6e4
GET /s/notoserif/v21/ga6Iaw1J5X9T9RW6j9bNfFcWaA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23948
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:05:04 GMT
expires: Tue, 05 Sep 2023 21:05:04 GMT
cache-control: public, max-age=31536000
age: 46404
last-modified: Mon, 09 May 2022 19:47:44 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/themes/soledad/js/main.js?ver=8.2.5
172.67.176.225200 OK 15 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/main.js?ver=8.2.5
IP 172.67.176.225:0
Hash 13e66021bd3a785cb23639f508290ee4
2bd2b40710410385fba3bf362eb66c5c7d211f83
edf90b6dacb1a071fd2f71a3b30732e8c47e2ff92e90d4705cceee9ea4ecdb59
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/main.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 14586
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYDtKaBCdQuOHKk5yHIPqsDfxg7Qcoq%2FmYbSsdndfdSiXTWHAexeG%2BnpjiXOF9Sj7Erk%2Fz%2BACIPa30aX9vwkfWkLDDYqGfa6MQjQHv7LzdS6X4R2p1k0jcAepBPqV88hTziAow%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad1bc00b65-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyCMIT5lu.woff2
142.250.74.163200 OK 30 kB URL HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyCMIT5lu.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30448, version 1.0\012- data
Hash f6a5275600e3447cfa07e0ee749c765b
c5b0110362478148228002baf85595775cf53fd1
ab47b8f50fe4195819b4af2ac0fffb2b3543502e11282d492d6cd73c124845cf
GET /s/raleway/v28/1Ptug8zYS_SKggPNyCMIT5lu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30448
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Sep 2022 21:35:04 GMT
expires: Tue, 05 Sep 2023 21:35:04 GMT
cache-control: public, max-age=31536000
age: 44604
last-modified: Mon, 18 Jul 2022 20:08:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2
142.250.74.163200 OK 5.5 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 5452, version 1.0\012- data
Hash a6ff41d10fa89e7f8fec937c243d7428
334853f61ceb1fb096818740cc62d5840fbbae46
5f9d6298f5edc6d2b57a6f3a30f87f1c93c84b7aad7c5e9bf9d3a2c9384403fa
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1JlFc-K.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 5452
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:38:00 GMT
expires: Thu, 31 Aug 2023 19:38:00 GMT
cache-control: public, max-age=31536000
age: 483628
last-modified: Wed, 27 Apr 2022 16:10:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2
172.67.176.225200 OK 4.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2
IP 172.67.176.225:0
File type ASCII text, with very long lines (18766), with no line terminators
Hash 3b2c2cc098446462c673c17bb8eb047e
b4759bc956d5228156661c0a070a924f37d603c6
139d243d917060ecef7c62c009f0c5b25108b1a0c44500191def878c6e16a8e3
GET /wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=4.1.2 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 4102
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 06 Sep 2022 06:47:29 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0u5lZkxTPWEVk%2FWbTa1ld1V4IV8OVDvcHpx5XlvU%2BYABRsLSoxD8K%2BmXznwc2zdtnWBw9ZMu%2FJP5Px8mtRdvai%2Bov1y%2BTGhdIr0IDKSCYKmRLN6JUb087dgB0qB%2F32FyOy3Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658acfb4cb518-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0b9528d0aa584b0e7b8b95f31ec1c4ed
79afabc0856f6fb3c3e5a9f5675cb0a40ee08e54
2604edd5743acd1487c25665444019555a972492010c10bf3bd6aefeab4661eb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
balletmagazine.ro/wp-content/themes/soledad/js/post-like.js?ver=8.2.5
172.67.176.225200 OK 466 B URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/post-like.js?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash fde8cb09844b8f739348bc1c6bad19e9
f8f2ff103d041a70a202027b0f41920a045e0aef
493ba874e134c918d825b016004a522fa8536693e425d8a5d28bc478ef58d669
GET /wp-content/themes/soledad/js/post-like.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 466
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIrnbNPCd069FUvZ8FO9XpIb4e4%2FG1kLro%2FSzuC%2FdvDahl5jg%2FuMxoiG%2BzHfFM29kNiY6KVLt8jwzXXStMdE7feptWsM5cZjC%2Bz6CFOsgJvrcSt867cLOi7rgup8Y88SnD2L6g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad5c3b0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5
172.67.176.225200 OK 3.1 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with very long lines (8290)
Hash 7368e7edbf5688252c7b5fdfe6d9326a
371bb5b75c17bab71df34bf7f762da77f64a5dc8
8f3ca098da70fa299df307d7de699efdfbfca1b6ed203d28c0b00723e021549a
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/penci-lazy.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 3063
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvjASyvHPkXbHNXYDyUinLOR3xuyibYEq5idy0LKH8%2BYk%2Fi2sKPRKRaAwBLIJNhQCHcm5BgBeiimosYEjIT7Bi7QwaZyTPFcOXLlbH8wIfdH%2B%2BU8KKwz1U57BFyPwt6ZVm1Lvg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad0af8b4f3-OSL
alt-svc: h2=":443"; ma=60
push.services.mozilla.com/
35.162.217.251101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.217.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: C08n/flIiPRG0K/R8GhZ2w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9OPer/nUlTRI1HItcVizXclNOs8=
balletmagazine.ro/wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5
172.67.176.225200 OK 2.2 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash 9796e76032102ee198e011ee824c221f
6ee4d1427f2103fc9bff9dd8e5fd828a31099616
e8c7fd3ff1e1cf4621f0dc63815734a326906fad682a02d56570aca2cc3ab8ef
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/archive-more-post.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 2185
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K%2BLWtDdQNVfQ8lFq1BXzjJZ59u7CXBwJ7W3ILPvzYWOBIoIfviL4%2F6pKMWqrikgPneCAg50QCrEFfB7mxoLaqo2cc34YYOVs6hAUv5kBdPju129n%2Bvp6emrIKLHsFGMRc%2B%2BGxA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad7eda0b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3
172.67.176.225200 OK 4.3 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3
IP 172.67.176.225:0
File type ASCII text, with very long lines (9050)
Hash d899fcbd438841752ccc3026e24e8785
fa71fba995d80a4d4d0d6c98332e3262d0d24f1f
e2f6e8f0c88caf9f4338fb5e81d009657f2055dbe60d2d60774583d441ceeada
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 4321
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rHWlFmTUDGHCfSuUjyvPk9v%2Bxg2vhg7EQeJJ1Ony5J3sA7hsv4dx3kRvCxy6222nFEvJTGdnIrd2Ila14SiJbame%2FcbFAZd7%2Fcs1nPdm1m%2FLOu8y6mdFERrjK0pwORI5QOPKiA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658adbc42b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0
172.67.176.225200 OK 435 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0
IP 172.67.176.225:0
Hash d7151ece3c262e3a3b940b9daab8a517
5df757e96bc8178f811367b90aa762c85419d7fc
e72fd34148d8f9221205fef9db435bbe576678c69edddf474a63bc2d5b93afbf
GET /wp-content/plugins/penci-portfolio/js/penci-portfolio.js?ver=1.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 435
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:13 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gP7kIUQC4s%2FsBja0B9oTClmqKpuFOmq8mjuSefJdZTGDLL7AVQ2GxUAqj57f8MpzUlLnQU%2BvxWm32X2IdFtjheYG08mG28pyqJrmjCpMh9zNtJMP0sbuiRzZ1EtcHQZZ12dsjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658adcc25b4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
172.67.176.225200 OK 2.8 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (8016), with no line terminators
Hash 023a09c7dea64bf4a30ccc3773a36381
60319e56baaac5c848de3dd13b1902433345c427
ff36c1dc57bb0b449ab07c62a5efbda1201af0039c4e0c0f696a105283e99f25
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/essential-addons-for-elementor-lite/assets/front-end/js/view/general.min.js?ver=5.2.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 2817
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Tue, 30 Aug 2022 11:42:56 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsTtzwFGkRy56Urj5NTAYg1BMsS6RQOsy8zoW3Kot1fN60APPBQRsmst%2Br3wYlqqNEWCxrCAKVDTR%2BcgDCPLnyGLnCAPbjUYFaxAt7dcp2Hy7b1KcVosoqR9lYJxXh0GIwzkjA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658adef430b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5
172.67.176.225200 OK 46 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5
IP 172.67.176.225:0
File type ASCII text, with very long lines (30308), with CRLF line terminators
Hash 87c158d89670e5e875d53707c300b1f5
844f2d64b9d9994d0e053aca50c43d7297611092
62aae3783f709a99bdd69f2e7b2168cf5d6fbc05794fd6bad46ad19234da0d23
GET /wp-content/themes/soledad/js/libs-script.min.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 45880
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7CJIhjlKmjoG2QlsqsGHw%2Bb46nCAJ6sumB3JkSsqllFUFqtfPbllFHEFe2NoSvYo5ge6Ija2GatsedhyUiBahXq8%2BCR%2FZEQrd%2BFMVfWSEfHJnU3CgOiLJbKu3813V98M0dh0Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad1be90af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3
172.67.176.225200 OK 523 B URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3
IP 172.67.176.225:0
File type ASCII text, with CRLF line terminators
Hash d9e49a32cf1958b0643a7aa3190afe77
d364fe41df098023d6bc42c89b56d1fb1559783a
88afe18d49409b27abca58b06d0633786a115d64d03af297edd87a08a54d1f1e
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/penci-recipe/js/rating_recipe.js?ver=3.3 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 523
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Mon, 17 Jan 2022 06:57:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZGPB0EgevPYziw0JFMWxq%2FnQxyB5Zckv7zDryrsNVH7FNpxCfDr%2F6Sm4kbcnWz8on3Sg6HlEWEh%2Ff2D%2B2JtRaanAnc%2FassPXW8EMQszkowpRF2Agt1dsb3ZfFg0%2BvyLEtLZQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658adbcbc0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5
172.67.176.225200 OK 1.9 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5
IP 172.67.176.225:0
Hash ede329c6eddc6340e3f4ec290fea51fa
ca2f9739beb26b84c7a8c7a94997224bc1485b94
6b6d8696f80caebddf5bac0daab51bc35257b6102d67c6620660ca3688815c31
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/js/ajax-search.js?ver=8.2.5 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 1909
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:00 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDg90Qws%2FiaZJ%2BUOn2JXopCfzc%2B2mTZGxyga%2FC5T%2BjKhNGBybH5CRbRVsnBUH7szLwgIZ9HJsIuNC%2BbdoXhogUjXQ0wfpTX%2F40%2BzolG5q3yK6JQx5icLRwuTRJUQ36OvDcWKHA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ae4cbfb4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43
172.67.176.225200 OK 40 kB URL HTTP/1.1 balletmagazine.ro/wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43
IP 172.67.176.225:0
File type ASCII text, with very long lines (2747), with CRLF line terminators
Hash a380c5711bb3c60c018356bdb7e9a10d
6722b86e697f6f4dc75426c588576cd630a514a6
b214b408823b809ae94d54c60bbe7d8a6768ba7324770c760adc029b6417d686
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/sassy-social-share/public/js/sassy-social-share-public.js?ver=3.3.43 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 39896
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Fri, 02 Sep 2022 06:47:37 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cgNNxkj0pnkieGTOQt95d6w4VEHwfVsR%2Bkpeks8G%2BwPoB%2FxJPAlJy6q3t3B%2Bwt5Vbhnr97Zh6DAydYpnjeJmsakUXhh7c%2Bp6osTdvMZ3OFFmRNAYH0Rssd7KazSyC2ImoYCuqg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ad9c2d0b65-OSL
alt-svc: h2=":443"; ma=60
www.paypalobjects.com/en_US/i/scr/pixel.gif
151.101.86.133200 OK 42 B URL HTTP/2 www.paypalobjects.com/en_US/i/scr/pixel.gif
IP 151.101.86.133:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash edea81b5233a30f7357cb50884370e4a
51a5c1a9d7328dd1651e0b9c98771c16f8c9d833
0c1ce4dd3afaa97d8627ecebc2e255fe5c1b3c2038f6961a86d10f0381056cc7
GET /en_US/i/scr/pixel.gif HTTP/1.1
Host: www.paypalobjects.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://balletmagazine.ro/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=3600
content-type: image/gif
dc: ccg11-origin-www-1.paypal.com
etag: "dNSbNMYiK1Q98dwxkre+GOK5+qX2pefyT9A/BaBsoeM"
fastly-io-info: ifsz=43 idim=1x1 ifmt=gif ofsz=42 odim=1x1 ofmt=gif
fastly-stats: io=1
paypal-debug-id: 3b332fe3ea371
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 06 Sep 2022 09:58:28 GMT
x-served-by: cache-sjc10082-SJC, cache-bma1653-BMA
x-cache: HIT, HIT
x-cache-hits: 14, 18540
x-timer: S1662458309.928714,VS0,VE0
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 42
X-Firefox-Spdy: h2
balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4
172.67.176.225200 OK 543 B URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4
IP 172.67.176.225:0
File type ASCII text, with very long lines (1193), with no line terminators
Hash 5a207b116c35490c40998f4e126e3ab3
ea6c61ff9abdaadd0089afbde4fa065e6a68e34d
075c90ccad0f38671b0dc839c6476fadafb5bcc3c707e4da67c4e68df8ba0bb7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 543
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 04 Feb 2021 02:43:28 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iIzlqVxleowQYL0jVFPz9P6ucTM2HbcFyOcaX3eFKhhVmVfsX2JHLdmf3Wl7rNq%2BttFtUEh6l%2FNv42%2FQL6OoGjFW%2FKSvyA6lKVAnOm6RPsEVCh8zBUXfzAdcAU7c3f0xJN1oFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ae9dcc0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
172.67.176.225200 OK 39 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
IP 172.67.176.225:0
File type ASCII text, with very long lines (65266)
Hash ecb6a2daff6006632f7ccdce1979ff99
5c491e7ccbcc2ffae12af18013491bb9e728ff7a
dd3f904f4f676b70f017cf6a54027b8f7bc3988f57e6ab9dbc1b9c2816e2d5a7
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:28 GMT
Content-Type: application/javascript
Content-Length: 38785
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2B1tfw0nxSKvGpgZSOzj0T%2FLqDYBHnWQxfSdJekv4xVcyuYRfsURsR%2BcwJ%2F4doOhW4LnJk30OhVb6x7lSBFEpTqcRMX6j96EdRUNXEDvOiP2qn4V03lOAwtumqZgw6NY3A108w%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ae5fb80b39-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4
172.67.176.225200 OK 473 B URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4
IP 172.67.176.225:0
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash a518daf269ea7166199f72596d3bcced
ea873832ee6b07d1970e1c55b22084a6118b618b
7b8abe07d078f2598c1002b2c3b08d2742f809a8eb37ac4cf96303e9b3a39031
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.9.4 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:29 GMT
Content-Type: application/javascript
Content-Length: 473
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 04 Feb 2021 02:43:23 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pt%2BX%2FLyhHgjSV1vpOp3g7JKIFVaY7GD8MIwl8ej7L%2BPfGFcZzrQe1CbXT1z86aHsmKV%2Fpnt%2BhltkIuiCxVY9b1hnmM8rp3buvg0XuFay43C378PxrtehSw2QLij01ATc7P9CiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658ae9dcf0af6-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16
172.67.176.225200 OK 2.3 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16
IP 172.67.176.225:0
File type ASCII text, with very long lines (6194)
Hash 84d4a97c02f7548b70852509c9c941bb
a62f329fb620cbbedf78575ba8ba2a246cf036b2
e88c405e7c4f7a2bfcbef6197f5c3c76463bec5f6c4f5698729165699658455f
GET /wp-includes/js/mediaelement/renderers/vimeo.min.js?ver=4.2.16 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:29 GMT
Content-Type: application/javascript
Content-Length: 2275
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 10 Dec 2020 15:09:16 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rf8Y6eB19oyXI%2BPu8dkp49yFmf%2BhoITQwDFFGBAzIs3J5yXwG9mmjq4CtU01A6ARu5Yv7QYBJuosc7z9Yj3GN5EAxjb26xtsZgQkkxtkVUaWz%2Bvp1DlwTFPO%2FM3QdBaFePg2A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aead52b4f3-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/fonts/penciicon.ttf
172.67.176.225200 OK 20 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/fonts/penciicon.ttf
IP 172.67.176.225:0
File type TrueType Font data, 11 tables, 1st "GSUB", 16 names, Macintosh, type 1 string, flaticonRegularflaticonflaticonVersion 1.0flaticonGenerated by svg2ttf from Fontello project.htt\012- data
Hash b3efaa7714447dfac01c728764336f55
b12c3af60a6615bb8313cb9f8392a8068a2673b8
8135e9b20effd8a4160927a19f3d94e70eac5e89ecdb20fb9d93ad4e8361b9fa
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/fonts/penciicon.ttf HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-content/themes/soledad/css/penci-icon.css?ver=8.2.5
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:29 GMT
Content-Type: font/ttf
Content-Length: 20358
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXe0QZ2oxjNa3D6XcQ%2BnqChjdzdhdRJBTU5PuXpQfpPG2x0vEB9bdeE79iIG9vi3c9738oqm%2BGfvBd6zCVRCSQpYNG8YN0kNjFjge1%2Fejhn95Vd1QTkfmUuwyYqkJFCVeXYcqw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658aeedb0b518-OSL
alt-svc: h2=":443"; ma=60
balletmagazine.ro/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
172.67.176.225200 OK 77 kB URL HTTP/1.1 balletmagazine.ro/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
IP 172.67.176.225:0
File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data
Hash af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-content/themes/soledad/css/font-awesome.4.7.0.swap.min.css?ver=4.7.0
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:29 GMT
Content-Type: font/woff2
Content-Length: 77160
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:28 GMT
last-modified: Thu, 01 Sep 2022 06:48:01 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HcfC8UdayyrqXhJz2Ha5cwSawtdCf2p99vTK%2B84Bemn66o1lFf5aL3Mio7qL4X2G%2FN4C%2BgmQftsOdIoBsO3I42UA%2BIlZ3JDkrC%2BedAN6DBaxt2vjVq98gIufVK6UUlxSpQwfmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746658aebd3d0b65-OSL
alt-svc: h2=":443"; ma=60
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/1.1 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 6923168491aa54aaab101c4d637cca6a
cc65c31f869372d95df37164a6836420e7e3f7ac
83fea217933d4496b062d396c31464762be9661e29e04b8e0ec7c36763861053
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Expose-Headers: X-FB-Content-MD5
x-fb-content-md5: 5fd24b2310451d423abcce1b8a6febc4
ETag: "1afe33e4987f0a1e8acd748b33e6e7bf"
Content-Type: application/x-javascript; charset=utf-8
timing-allow-origin: *
Access-Control-Allow-Origin: *
cross-origin-resource-policy: cross-origin
Expires: Tue, 06 Sep 2022 10:00:37 GMT
Cache-Control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
X-Content-Type-Options: nosniff
x-fb-rlafr: 0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000; preload; includeSubDomains
Content-MD5: aSMWhJGqVKqrEBxNY3zKag==
X-FB-Debug: FXSDHN7YgznhkiXL9cFPjIkS5ITRF+2rsK6YR5xQsxepJ675DJGnx7SFx09yV1a+XJnjDm1WedQUZU4VSaGkHQ==
X-FB-TRIP-ID: 1904183273
Date: Tue, 06 Sep 2022 09:58:29 GMT
Alt-Svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
Connection: keep-alive
Content-Length: 1686
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:29 GMT
Last-Modified: Tue, 06 Sep 2022 08:16:37 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d
IP 31.13.72.12:0
File type ASCII text, with very long lines (13115)
Hash bfcc2b92a989765be5aaff8b6bf08066
96a9e74bd9764eca99d90de5cf9d185df7fc2e1b
7ee07c3b2e726d711f2dec1deed73263bbb82e871b9705f52e3b5ab3cc3bbeb4
GET /en_US/sdk.js?hash=ae1a211d384d3d908c41ce86cb9fcc3d HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 761eaf39bc56b556c8b36ca4e766c5a2
etag: "a04612dd1212376d8663d565713f1c1d"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 06 Sep 2023 09:04:28 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: v8wrkqmJdlvlqv+La/CAZg==
x-fb-debug: q2z1ApEbHAzq9WeKZNCjJG89Oc1GDtPuuKSNGIaHRGEfbzgRQm/lVfHGgusZT2ogw+jz8QPA853Z8gmpDcuDNQ==
priority: u=3,i
content-length: 86676
x-fb-trip-id: 1904183273
date: Tue, 06 Sep 2022 09:58:29 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 07869ddc8aa688fe8a93876ef1264055
636614db9c01c03fcc2d10f5f949b513e1a338c9
ab8f4fcf2e21b2e44d69d6e4a6478a7eb6cf8e451202c7dc2854ef68b8e91b2b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6112
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:29 GMT
Last-Modified: Tue, 06 Sep 2022 08:16:37 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
142.250.74.98200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220831/r20190131/zrt_lookup.html
IP 142.250.74.98:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 09a8bd805dba1307ae0bd76a0c9ca73d
bdc16e7610abae944da47ff3a0e5fea818241fb0
e3978f36e9c5f0b909ed64015db629e2c64b46e75d165c6d1d146fcb792cdbde
GET /pagead/html/r20220831/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4412
x-xss-protection: 0
date: Mon, 05 Sep 2022 23:39:48 GMT
expires: Mon, 19 Sep 2022 23:39:48 GMT
cache-control: public, max-age=1209600
age: 37121
etag: 8616628553774171045
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7482
Expires: Tue, 06 Sep 2022 12:03:11 GMT
Date: Tue, 06 Sep 2022 09:58:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7482
Expires: Tue, 06 Sep 2022 12:03:11 GMT
Date: Tue, 06 Sep 2022 09:58:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5540d72831e7e7b9fc287f92c48d9f5e
ec19429fa76d9ad47a0578734b011b530b79ebbf
bc27a44853fd17cf51d6bba0db58a755c75a309d9b0cbcd454dfc9d62785f72f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F803e9506-f3ea-4e09-a966-608b8dabf3b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8134
x-amzn-requestid: 5f6027e8-842f-476a-85e5-cc8b848e4567
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X7FlpEoVIAMFuiA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63144fbd-7095c29a04d2f5310b1b84c4;Sampled=0
x-amzn-remapped-date: Sun, 04 Sep 2022 07:11:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Gf6IGDeM-y_nDO1C3m9xeyAJdkYRe2CN87Pi986A7B1qsjq5p9VkQw==
via: 1.1 d7782b26e589b8e1397d352f4daf0d58.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 07:41:25 GMT
age: 8224
etag: "ec19429fa76d9ad47a0578734b011b530b79ebbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:36:52 GMT
age: 19297
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d404793e430ea237e75be9cb1e2bce4
059b34d1809abedd223f7beec75e7831673878be
f180b1cdeb9a794ba3211348673783508d021aeaed419d782374be1a92a4c8dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9300
x-amzn-requestid: dc833608-6b16-4baa-af21-d3885043556c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWshHVxIAMFlGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-1710086818614ab247bcaf58;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sPkksSz3FIV3WcWpoY8E8UYKmUTE8LJ2lr5WO2JVNCGIuAvpPwYMYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:01:20 GMT
age: 43029
etag: "059b34d1809abedd223f7beec75e7831673878be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c23179b2131543088771e3fa84ff231
ae50ae4aecd962b698c19f2863857b51cea7fcec
660900ca69b1787a734c1dbe3d6b9b19656912b4bc4715964c4325edff57f008
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4b02d0f-9da0-42dc-a234-02e974e7d286.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7855
x-amzn-requestid: d7c8054c-d7d3-4b76-815d-36c3a2e1f6a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYn6FwzoAMF40g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166e32-3ededbf27f83503978e0d775;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:46:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 8OlwFzmUfQEPeP7pT-g5wRMq0I1jllBnRU0Nxk4kNkcVD_evLZYc7g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:17:51 GMT
etag: "ae50ae4aecd962b698c19f2863857b51cea7fcec"
content-type: image/jpeg
age: 42038
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3fe4a321dcd6a94a637a528d74f9321a
3f3aad2cc71226b39549db1a9baa6837d4f1d897
a19b6749429e8ecaeac8fc0849abc4d891bfc628489762b1619a3ee3064536e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12573
x-amzn-requestid: 92e03b26-883b-41e2-9033-379a6d02210c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYCdGy8oAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d42-1c4ea2f74b796623574bde87;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: u1hKGB5UKEuuIVqcQ_Lx5wfBjy_hB32Jnp7_mDnF2BrsN4a6Mj_WJQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:46:16 GMT
etag: "3f3aad2cc71226b39549db1a9baa6837d4f1d897"
content-type: image/jpeg
age: 43933
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F404ac7e7-f8ba-4b04-b736-5cab0995739f.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F404ac7e7-f8ba-4b04-b736-5cab0995739f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8a5ed2a9c430f2f02da773c400d096e0
618252c5082ccfeeb8bc92aecba4485c48ac4206
948158a29f15f5f5ab45f541b665269d43bfc1e3b444ee4ecb9ba715d5b616d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F404ac7e7-f8ba-4b04-b736-5cab0995739f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11003
x-amzn-requestid: 29b9c3bc-4b10-44ed-9bc0-111a672c1d25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XqpJpGjxoAMFzSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630dbbd7-1547b64d2fc3052e510f6218;Sampled=0
x-amzn-remapped-date: Tue, 30 Aug 2022 07:27:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: EXc9RRYhl4EmZGyr2V-YVVoNRU4VC-K1lQcsEzY_PdnYl8qNg3vEAw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 09:36:47 GMT
age: 1302
etag: "618252c5082ccfeeb8bc92aecba4485c48ac4206"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2daf90ca7ff3170c8ff9c94a049c8428
e98f05039236ff1602325ce7f5fbbcdc847eb474
1fc019e794628a930a136b133e637cc0b2ddb560a969159e5029ea396535f297
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2daf90ca7ff3170c8ff9c94a049c8428
e98f05039236ff1602325ce7f5fbbcdc847eb474
1fc019e794628a930a136b133e637cc0b2ddb560a969159e5029ea396535f297
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/adsid/integrator.js?domain=balletmagazine.ro
172.217.21.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=balletmagazine.ro
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=balletmagazine.ro HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:30 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=balletmagazine.ro
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=balletmagazine.ro
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=balletmagazine.ro HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:30 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da4692f1529a23a6cfb04391e382c936
7befa8be966f1128ff3c25be47986e7fa7087de9
d8460cc7719813509b4e38be06b8d184306f9451695c3e1974c1d06e5c29039c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6e1449d2fb461603b9e1870ec82338bd
122379473791a4dcc90376188cc004e989c0df84
8f7c9913234f4be5e6055b0efa34df462484b961d60e4fb3a5ec1eb8d1c6072d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1317059614&cid=2040011005.1662458304&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458304&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1317059614&cid=2040011005.1662458304&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458304&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-27Y6BLKFZW>m=2oe8v0&_p=1317059614&cid=2040011005.1662458304&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1662458304&sct=1&seg=0&dl=http%3A%2F%2Fballetmagazine.ro%2F&dt=Ballet%20Magazine%20-%20Revista%20de%20Balet&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://balletmagazine.ro
date: Tue, 06 Sep 2022 09:58:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
balletmagazine.ro/wp-includes/js/mediaelement/mejs-controls.svg
172.67.176.225200 OK 1.4 kB URL HTTP/1.1 balletmagazine.ro/wp-includes/js/mediaelement/mejs-controls.svg
IP 172.67.176.225:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (4597)
Hash 42745442e709209482aeddcf29b64f1d
72d8097f85bd2e1694b445794055016f6b289540
938a2e54741f1a1589272df3c26a31b8a0ba524476ba4eebc2e3dcfff5970be4
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/mediaelement/mejs-controls.svg HTTP/1.1
Host: balletmagazine.ro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://balletmagazine.ro/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Cookie: _ga=GA1.1.2040011005.1662458304; _gid=GA1.2.1929217679.1662458304; _gat_gtag_UA_151068238_1=1; _ga_27Y6BLKFZW=GS1.1.1662458304.1.0.1662458304.0.0.0; __gads=ID=02e0e0ba605aacc0-22305f9c13ce0016:T=1662458310:RT=1662458310:S=ALNI_MbQZ0Mzn9kHufbdkmLWNF8bPxThdQ
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 09:58:30 GMT
Content-Type: image/svg+xml
Content-Length: 1400
Connection: keep-alive
cache-control: public, max-age=604800
expires: Tue, 13 Sep 2022 09:58:30 GMT
last-modified: Tue, 01 Aug 2017 07:13:52 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNj79mPBKGO549BEvpeXXolbwzzYs%2FZF2q%2BlDzs3PBO5yNtjyMDpTbuRKgsZYM75STOCquqLE58Zb%2FvcvmrefJQA1XKltX7AX7Ie%2FWR7bw8q9ZqPfK5m%2Bw8ctE8XQEIHnqIgmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 746658b8283a0af6-OSL
alt-svc: h2=":443"; ma=60
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 12:31:58 GMT
expires: Sun, 03 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 249992
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 31abc7fe976dbf9a68d45fb57e0c86c5
a1f6f5404850df3149a769dc685f5c795bc08435
0859eece0557d6b1b48ed8f04c2eb55bdc2ca3fb4633e52a193b206fdefbb5d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
216.58.207.230200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 216.58.207.230:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:44:23 GMT
expires: Tue, 06 Sep 2022 09:59:23 GMT
cache-control: public, max-age=900
age: 848
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 31abc7fe976dbf9a68d45fb57e0c86c5
a1f6f5404850df3149a769dc685f5c795bc08435
0859eece0557d6b1b48ed8f04c2eb55bdc2ca3fb4633e52a193b206fdefbb5d3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8b3fc7b78a1c498440023dbb6004e984
688d8686e183a4e84577e0f70550350622796e2e
ac1f7b3d1c5bfc1888f50aa3a8e0498c11f7cce672e6de5c048bf31d4d3370c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8b3fc7b78a1c498440023dbb6004e984
688d8686e183a4e84577e0f70550350622796e2e
ac1f7b3d1c5bfc1888f50aa3a8e0498c11f7cce672e6de5c048bf31d4d3370c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Tue, 06 Sep 2022 09:58:31 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 3df811ac19fde08f49ef246c29cef161
e1c8d54b357adaf32e80427028cc884fa35959e0
e2749178e0bf0c4045a96388a58029ddd92d13a866021737864cd68e11317292
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js
142.250.74.164200 OK 14 kB URL HTTP/2 www.google.com/js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (36079)
Hash 72692ad1b05fd9a02ff85f1c3ca30a46
520a2098d9be492a862bab96f6653393205e00e9
1c17c960446cf9498b1f6703a553a7e59f005816bb9991b97c5718524c5fa4d5
GET /js/th/97z2yBxPcYiv6eioOAzftW1739b5eZ3I_zVAeb-vK4k.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14243
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 05:03:20 GMT
expires: Thu, 31 Aug 2023 05:03:20 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 29 Aug 2022 11:00:00 GMT
content-type: text/javascript
age: 536111
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 280 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
Size 280 kB (280230 bytes)
Hash 972d443ceba2107b03445256c88b53e7
6bcb6f464250eb5a2d02dd1b04e3d7282428866d
059d9a8a2ded365191af1a8193f85f9d73abcb0ff080577f53f34a064a024868
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:31 GMT
server: ESF
cache-control: private
content-length: 30662
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 982044cca5f664004f3f5acc3f7e4df9
980ca862cb773284f743959ed25b192d79aa7451
729a17e21e378f4e2ef50157a360eb70b82cc9270c46c9868b3469ed2fae2420
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 8b3fc7b78a1c498440023dbb6004e984
688d8686e183a4e84577e0f70550350622796e2e
ac1f7b3d1c5bfc1888f50aa3a8e0498c11f7cce672e6de5c048bf31d4d3370c7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
i.ytimg.com/vi_webp/5wr7w9cVaTg/sddefault.webp
142.250.74.150200 OK 28 kB URL HTTP/2 i.ytimg.com/vi_webp/5wr7w9cVaTg/sddefault.webp
IP 142.250.74.150:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 043e9d37b61ea12916479c50e252d5a1
b868edebd3bcf3ddbf66779b2ad854a4d94e15d5
4879f3ea5416b011514a73f21000075f24a91ed9c68a46c8ccb52a80861bdab5
GET /vi_webp/5wr7w9cVaTg/sddefault.webp HTTP/1.1
Host: i.ytimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Origin
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 28314
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:58:31 GMT
expires: Tue, 06 Sep 2022 11:58:31 GMT
cache-control: public, max-age=7200
etag: "0"
content-type: image/webp
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 80f29cbbe260408ee1418a6fbce5a537
96cfe52bcf90cfdba5cba7907d49a91f44adc032
de264b42b7c59bdadf606387adaca04af680705a947096d048f288c3e5be8517
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 092ab48a58576cf5228f75ca8e05deaf
2e79d46dc0bc28519be8133b7c56eef7486fe40d
0d6abd69dcba207deff031972ab6d68e283a4e6f702689bbe7a529f0bb9d1552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 982044cca5f664004f3f5acc3f7e4df9
980ca862cb773284f743959ed25b192d79aa7451
729a17e21e378f4e2ef50157a360eb70b82cc9270c46c9868b3469ed2fae2420
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yt3.ggpht.com/ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 3.5 kB URL HTTP/2 yt3.ggpht.com/ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Google], baseline, precision 8, 68x68, components 3\012- data
Hash 4ca1e6b324714d1fea5334a9de625303
4722b513dc3cd0dfeac2d78b9d45e312ce198813
449a988197823b0499177ac871c4ad0d7188a09327cd623ec7a4a3ef3a4c84e1
GET /ytc/AMLnZu89QHwXMkZD--4tw59Pfs_ODCPCwmYrw0gddmxi=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 3547
x-xss-protection: 0
date: Tue, 06 Sep 2022 09:58:31 GMT
expires: Tue, 06 Sep 2022 22:11:58 GMT
cache-control: public, max-age=86400, no-transform
etag: "v42"
content-type: image/jpeg
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.42200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.42:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash 3b15a641ed7dbad45249a76df49900f7
d2e60aa59fd7ec2ad9cd83c49dd23949bc8906e1
98e90d6823715b57619be4aef60fce4dc7d913a87d7a1f57e8fbf7bd0ce39735
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 06 Sep 2022 09:58:31 GMT
server: ESF
cache-control: private
content-length: 30592
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 092ab48a58576cf5228f75ca8e05deaf
2e79d46dc0bc28519be8133b7c56eef7486fe40d
0d6abd69dcba207deff031972ab6d68e283a4e6f702689bbe7a529f0bb9d1552
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&gjid=302497062&_gid=1929217679.1662458304&_u=YGBACUAABAAAAC~&z=1976039878
142.251.1.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&gjid=302497062&_gid=1929217679.1662458304&_u=YGBACUAABAAAAC~&z=1976039878
IP 142.251.1.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&gjid=302497062&_gid=1929217679.1662458304&_u=YGBACUAABAAAAC~&z=1976039878 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://balletmagazine.ro
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://balletmagazine.ro
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 06 Sep 2022 09:58:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 282e30bb1ff2decb700d84bebff341b5
17041adbfb3fd69fbf47f1a86e0816cdd2274a40
3a71f5e28f466482b547f62fbfa8cdc07f64a79fcf57ca56e0c854576ff7bbaa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 06 Sep 2022 09:58:32 GMT
expires: Tue, 06 Sep 2022 09:58:32 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&_u=YGBACUAABAAAAC~&z=1041123458
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&_u=YGBACUAABAAAAC~&z=1041123458
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-151068238-1&cid=2040011005.1662458304&jid=1368066894&_u=YGBACUAABAAAAC~&z=1041123458 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 06 Sep 2022 09:58:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e1336388cf579034dbc18680696da587
6d633baf8cf123d56a6da8bba402659ad4cb7c08
7d44c52a9037bd2cf2069acccacc49bf38f4c392fd92a6d4f1bfd4623cdcc49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 09:58:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Poppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CNoto+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CRaleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap&ver=8.2.5
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Poppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CNoto+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CRaleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap&ver=8.2.5
IP 142.250.74.10:0
GET /css?family=Poppins%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CNoto+Serif%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CRaleway%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dlatin%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext&display=swap&ver=8.2.5 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:27 GMT
date: Tue, 06 Sep 2022 09:58:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
follow.it/static/img/colored-logo.svg
104.26.1.52200 OK 0 B URL HTTP/2 follow.it/static/img/colored-logo.svg
IP 104.26.1.52:0
GET /static/img/colored-logo.svg HTTP/1.1
Host: follow.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 06 Sep 2022 09:58:27 GMT
content-type: image/svg+xml
last-modified: Wed, 31 Aug 2022 04:03:14 GMT
etag: W/"630edd82-f2d"
x-frame-options: DENY
content-security-policy: frame-ancestors 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=600; includeSubdomains;
cache-control: max-age=14400
cf-cache-status: HIT
age: 1923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eRc%2FagseBKCo6twBT5h5FfpUhNrWIVhICAkpHCnZs%2FpzW2sLG4RTyPA5HbNaTzPEuK7rncU%2Fl0%2B1r%2BbLlHRZmB95MzV5jEoMQUpOhH%2BLB9xacE%2B%2BF%2FLq%2BnanPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 746658a818c0b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400
IP 142.250.74.10:0
GET /css?family=Montserrat:400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:27 GMT
date: Tue, 06 Sep 2022 09:58:27 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:700
IP 142.250.74.10:0
GET /css?family=Montserrat:700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://balletmagazine.ro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Sep 2022 09:58:27 GMT
date: Tue, 06 Sep 2022 09:58:27 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2