r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c7a8ba48383a0e56baca8c8c41b81a04
b04c1f1e730a71f17ff639c9db697c532d4e5421
7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10835
Expires: Mon, 07 Nov 2022 05:44:55 GMT
Date: Mon, 07 Nov 2022 02:44:20 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 05978511215be8462d0b69e33b3a91a3
61535ba131d547f1c5108d9e7763ee3fc8d8c824
cfdbf0f9e88e3c1ae8eb03e46c352633a75d4b2edbfbd57c1c6b52ff1623a109
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5172
Cache-Control: max-age=119574
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:20 GMT
Etag: "63678ce7-1d7"
Expires: Tue, 08 Nov 2022 11:57:14 GMT
Last-Modified: Sun, 06 Nov 2022 10:31:03 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8684
Expires: Mon, 07 Nov 2022 05:09:04 GMT
Date: Mon, 07 Nov 2022 02:44:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: h5CFnJRa677G2/WQ9qicolsnXu4q1HHMFgN4jhCuj1jkZ4sBuNUfMaR7lWHaRe7xP4T1EBC8BEA=
x-amz-request-id: W9TFPTG3JEFG3WZN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 07 Nov 2022 02:10:41 GMT
age: 2019
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
tofi.it/welbin-webcatche/emailsetting.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/emailsetting.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/emailsetting.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 07 Nov 2022 02:44:20 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tofi.it/welbin-webcatche/emailsetting.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 07 Nov 2022 02:44:20 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3072
Cache-Control: max-age=112422
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:21 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 09:58:03 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
tofi.it/welbin-webcatche/emailsetting.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/emailsetting.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/emailsetting.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Mon, 07 Nov 2022 02:44:20 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
push.services.mozilla.com/
34.214.17.205101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.17.205:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XwllexDKn2Hd51nb3yUadw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SHp0Jh+bj8DcDV7dfBwkCFOm0mM=
www.tofi.it/welbin-webcatche/emailsetting.zip
85.234.151.73404 Not Found 55 kB URL HTTP/1.1 www.tofi.it/welbin-webcatche/emailsetting.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash f49a5cf88f30d400433b866ade92441e
1b37a372e8bc87d78d027738ca3f6caf216ac7b0
2e199c94bc27acea9cb2f04a1d2f7e77efc19c4f4d1beb8c95445f35ccc47114
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/emailsetting.zip HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.tofi.it/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
85.234.151.73200 OK 89 kB URL HTTP/1.1 www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (43771)
Hash b7915926fe42d76e9c802353ab01dae4
3a8192a4312f25f53de25b100d62829c0f14d67c
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2022 19:20:44 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
85.234.151.73200 OK 1.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash a2e915fb21387a23a3578cb1b2b5a724
c3601301dacf90fc9eede9363f2698d922c05327
fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 1920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
85.234.151.73200 OK 19 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3
85.234.151.73200 OK 5.5 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5461), with no line terminators
Hash fd081bc5500fcaf246c15ffcad3467c7
62ff35896a1803419163ffc3117fe077d0d59054
52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 5461
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
85.234.151.73200 OK 18 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (17459)
Hash 888fdd39e95ee8ecfabd72580861683a
d5ea47f1de0ca987682f4b89c851d7ef18d8752f
9240a25a99b786a64ed9f39d2aa70a327f019ccc4269dcc6bf70779863294817
GET /wp-content/plugins/trx_addons/js/swiper/swiper.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 17710
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
85.234.151.73200 OK 13 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 4045fbc98e0caae7e213f52330c52c21
253b81dc846081e189174789220a296d96849681
168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 12663
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
85.234.151.73200 OK 5.2 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5156), with no line terminators
Hash 301f825956e0202555eeb32a62b20edb
b4bb15601acb7aa9d1b0029f389e590195c65dbf
5bf51d12e86de98c7f594516b6b5c9613da60f64c863a803c3e870fa871f3e7f
GET /wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 5156
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
85.234.151.73200 OK 43 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7136)
Hash be226b70c4a044c014c0fc8c5afca14e
9d6165705084ebef3a550df37cad765a8004474d
4062e6f54df1e95d09317853df6fad95e103ab7ae67bbadd22ab2769c711a2f1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 42720
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
85.234.151.73200 OK 259 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65389)
Size 259 kB (259021 bytes)
Hash 24bc41d3b6194f8598fd82a1e43efb73
3472c81afeeb2722a31a440271588ba0c89f6b53
17a73aa1104951434d367e50ef97d524e782089bcf090ef8ceee1e130f290d3f
GET /wp-content/plugins/trx_addons/css/trx_addons.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 259021
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
85.234.151.73200 OK 7.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7873)
Hash 39af00ca0151248005d3a90ae3e48289
6ef42eafe3c578530a3df35ea3b7adb3f6aa3257
219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
GET /wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 7874
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3
85.234.151.73200 OK 81 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 0c86cdcbd3de3b1fb99d7e1882030f81
8e96156956fcfc8b7074c72f7b303da326824de8
fdaebf38e9d60745a2e2cdcbf9550bf50058d490f4c0a5eeef93671c7659475b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 81317
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
85.234.151.73200 OK 60 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash 6965137b6996c7953be805866df582ed
7fa546bdc941a31224fcc0b64c75d30f23630583
b86f3cdcccad303cb5300fab4d2774eafc3a2788f07ff1f3cd1953dd0debaa3f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 60053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/style.css
85.234.151.73200 OK 147 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/style.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Size 147 kB (146976 bytes)
Hash 65674f4c837f876b229cfaaeb02a651f
57739f6a9bf7fa8bbdaaae3e863c7ef858d45589
a9b1e17454837eb51bb49944ba490314f44ae6617a0e045d28b7b43e242a2065
GET /wp-content/themes/electroserv/style.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 146976
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3
85.234.151.73200 OK 208 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65169)
Size 208 kB (207790 bytes)
Hash 10493a040ec70e6f997887b04a4fef13
bfdfe3e0123bca9c9b6d3ac17de1c8b6c610aabb
474c7151d471e8dfdd71ff90539ed619a3a621fea465e6fc6d226dc70f0c75d0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:21 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 207790
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11256), with no line terminators
Hash 2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 11256
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3
85.234.151.73200 OK 4.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (4186), with no line terminators
Hash ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Accept-Ranges: bytes
Content-Length: 4186
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3
85.234.151.73200 OK 308 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65217)
Size 308 kB (308532 bytes)
Hash 6753dbc1940419475691cbd572835cb1
ecd9e7c611fa605ed64a3482e384979e0526247b
8a543831320f80549300cd85bf432627d6d2b9dd308367a0507b13115899ba05
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 308532
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.3
85.234.151.73200 OK 111 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type assembler source, ASCII text, with very long lines (696)
Size 111 kB (110619 bytes)
Hash 4a89add69adeb951442caeee5db24d80
4e341b21e8d0f71b47bcbbae5092e67e7215bcca
f067d724c42c05a9604ec4036d0ee641c3fe1f79ac620d7cfd8c18b495230f62
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/responsive.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 110619
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
85.234.151.73200 OK 9.3 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (9332), with no line terminators
Hash 6a229fc927df63e2b5f436bb01d2c37f
d09285c647f007d920a36aced75a0179d40ff4cb
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 9332
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.3
85.234.151.73200 OK 357 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Size 357 kB (357146 bytes)
Hash 92e8131e1a390042435247f2896d4e0e
42bc98de063148b711a5ac54340f50916a393b53
76ea2b5e1611a0094e2ae360caad752de442e722d85bada9556c26900885d6e3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__colors.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:01 GMT
Accept-Ranges: bytes
Content-Length: 357146
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.3
85.234.151.73200 OK 117 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Size 117 kB (116927 bytes)
Hash cbf0c557f5cc513fe1881ec1f53ad90e
6169b1c05f01169d9e5a2290d1c14f7fe869677b
64245dd70f9080ff8d1b391478958d61033e994aea3d5cfdf77a00166bf323c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__styles.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 116927
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
85.234.151.73200 OK 90 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65447)
Hash 02dd5d04add4759122013c5ab4dc5cc2
a45a56e396ac549b4ff39b696ce9e0c16a7612de
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Accept-Ranges: bytes
Content-Length: 89521
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
85.234.151.73200 OK 119 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (41022), with CRLF line terminators
Size 119 kB (119386 bytes)
Hash 1eca6ed028850aa07d5f4a003fd7079e
1f02b8c5485108373bdd14a96bb1fe22d72e157b
9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 119386
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
85.234.151.73200 OK 14 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f89263c0c2f24398a1df52eead69f5f8
850e9cfb1680eb1df4365889724e69f38df7bb9e
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 14280
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
85.234.151.73200 OK 7.0 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f2d8d0aeb67bf6d5258efd5d6018c9fe
66a55167b4923cf03470b7013546893b0934041d
997c7e1d4ca02022f240b77a3e6d37c4693d8b7566349ee2b9c81dd34f66b8d3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 6985
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
85.234.151.73200 OK 133 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (65387)
Size 133 kB (133329 bytes)
Hash af40015a43d12924cf11954bdf3c3026
b1fc1cc4b5c9869f8c22e7d3bc8c8daeb5fd544e
d4ed2787901051677e5769e6285b6f2dda4eb077e0a62f7e3f36e0c9493030cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/trx_addons.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 133329
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
85.234.151.73200 OK 6.7 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (6684)
Hash 4c35d53fb0a5355136c6ab4df90ca3e1
388a6dc93b1d1d7d99700151dc495e045f4f3afa
af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 6685
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
85.234.151.73200 OK 20 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20087)
Hash ba6cf724c8bb1cf5b084e79ff230626e
f455c5f153f872e52265f87a644ff89fe14a6fb6
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 20216
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
85.234.151.73200 OK 85 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Hash 5e700606291a106e0ca748039676f8ce
265c4d1273b137892d2c7915226d5cce071b1f44
8fad17f40a3d49bf4bbd2d56fd8c4f7e958a8413d896606a3b18e24c46439b40
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/js/__scripts.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 84953
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
85.234.151.73200 OK 158 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65266)
Size 158 kB (157610 bytes)
Hash 6de31d697a1b1b2b0e2a3b29b1fb458b
c9b6c996a66918f7c4d49c9b60134ce282c47143
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 157610
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3
85.234.151.73200 OK 1.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (1191), with no line terminators
Hash 51300497928562f8c86c7aaba99237cd
e5826832b85c6afc6502b74cbb8ac5394b04c363
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3
85.234.151.73200 OK 906 B URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash 2c6d3b562a48e0df5474999dd47e58fb
945220e990eb176c14e53cc663fb01e04e31b59f
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 13:35:18 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
85.234.151.73200 OK 21 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20478)
Hash b19cf4664534718fbf45d1ab11c1e03f
46236e58872c4f83370dc2239f737ac9c9670428
527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 20697
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/uploads/2020/11/logo.png
85.234.151.73200 OK 22 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/11/logo.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f5bc92861c7d332c46c99d8665fad56
98911e8a3fd9aa9ce944d94034741325b2d43a65
31b8f6d3b6d6216568b8df126992f05b2f46be2a99af58aeea55dac26746db22
GET /wp-content/uploads/2020/11/logo.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 17:32:08 GMT
Accept-Ranges: bytes
Content-Length: 21477
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b8988c44d656e4521aa7d84091f926d3
debd55429e2a0f0bcd257201f2efe00d2e7ed35f
e04704fa687f5daa90436f47c59fabadc7779f604a68cef3baf6b97a0bc5e92b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.99200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.99:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:40:18 GMT
expires: Fri, 03 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 295444
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.99200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.99:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 17:10:21 GMT
expires: Wed, 01 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 466441
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.99200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.99:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 17:10:21 GMT
expires: Wed, 01 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 466441
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.99200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.99:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Nov 2022 17:15:32 GMT
expires: Wed, 01 Nov 2023 17:15:32 GMT
cache-control: public, max-age=31536000
age: 466130
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 6dba1915540598e77ae8d73ce49c4b3b
f9c34b678d814548946cafea65b20ff352fb501b
89f7e3ac689535c3a373e1ff2f4125e7879782917687c26210a3eaf6c9a6e6a8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
85.234.151.73200 OK 1.5 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 66cc32a57727ac9775d9466634b24e7a
15baf4fd5dffe9cd12ab5919dc5fe650cffb9678
c85c46e673c2c4cffd9297b5184b02cc8adee620d36e2edea48d4dd17b7716be
GET /wp-content/uploads/2020/12/favicon-tofi.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:32:51 GMT
Accept-Ranges: bytes
Content-Length: 1488
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3849d297978f9334d294adc6e87ace82
6a45655d6b8da63381537bcf2ea8c2cf6ecc4dc0
2ebf3ed3cc8c16602d23c4058816cc0691bb3a950c067b18b774d8772a1c7c6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 02:44:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 02:44:22 GMT
Connection: keep-alive
www.youtube.com/s/player/03bec62d/www-widgetapi.vflset/www-widgetapi.js
142.250.74.110200 OK 53 kB URL HTTP/2 www.youtube.com/s/player/03bec62d/www-widgetapi.vflset/www-widgetapi.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (817)
Hash efbe5d693c29988cd946bacd530b5424
45a2aa278239d51efe6141f66909e0168ffe10c2
696e8e37891b75f8b331acfd60dc86042657593af43aeb40b2c50881e31059b9
GET /s/player/03bec62d/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 52800
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 06 Nov 2022 15:34:51 GMT
expires: Mon, 06 Nov 2023 15:34:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 31 Oct 2022 00:17:24 GMT
content-type: text/javascript
age: 40171
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 02:44:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2e37c89a5a7f608a21ac42b87ee0f7fc
55132fb03671e178b7e186da48ac7e02d6e96e23
6d71b8c1578f69619e174e61fbe9c92de7df4563e4a413b7b3d1be229f464df2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6D71B8C1578F69619E174E61FBE9C92DE7DF4563E4A413B7B3D1BE229F464DF2"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11716
Expires: Mon, 07 Nov 2022 05:59:38 GMT
Date: Mon, 07 Nov 2022 02:44:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7a5e060b41bd5313b1cf828c1d5ecbcc
e63e4bee84953491236a8261ef07b5a4743fa891
e8750b0156ed980f11682d92f5c60ce2783518b37f156e74340617a74d826813
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa958db65-71f7-4c79-9753-9af1fe88477b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13224
x-amzn-requestid: d6c8a626-313d-4add-9467-eb946a38262a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPHEkgoAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172d-1be7a03a1b288dec56281915;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: R2vHbrKm_n2kWK3bG4htWAIqi1YNjNjaX8LG5AWWHPlKnaWi6JAGzA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 20:12:14 GMT
age: 23528
etag: "e63e4bee84953491236a8261ef07b5a4743fa891"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f04b5777f2d31ceeea81eb44f95b1ad
9c8cc6ad24cf350b2e6fa41ec522e097cbbfa826
0f51d5d4491c9ce5265d81b8eb657417187cdbddc9c5853d39f343d1946515fb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3a3eda5-ceb7-4dc4-b1cd-6ce67037090b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6045
x-amzn-requestid: d21b8ecd-77b4-446c-a450-fa0ce2ec1115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bD9nUFBvoAMFb_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364a961-474388240bca896e6ee6c1e8;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 05:55:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: df3Qjc7fsU_UyddBMSDfkagzKt2TKjGp-Fcs2ELdwX1Rk11zTCt3vQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 10:05:03 GMT
age: 59959
etag: "9c8cc6ad24cf350b2e6fa41ec522e097cbbfa826"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 63168
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe31fd091-80a5-44a5-88d9-6c7500097882.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe31fd091-80a5-44a5-88d9-6c7500097882.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a8a927e8e8d385db9016a6113dd2b391
ad99d073b2fb93ca950eb691a74d44d19d3724fb
f33c813d46b76b98bad5c43d111766f95b67f37fad1e1977ee288f9e224e9b49
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe31fd091-80a5-44a5-88d9-6c7500097882.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3845da3e-c9ff-4b0e-920b-327c85dd51dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: a9iPSHQ_oAMF5Vw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6362172e-4abebd8e7b96eabd6875931d;Sampled=0
x-amzn-remapped-date: Wed, 02 Nov 2022 07:07:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6vs2iAdBht_F-eMh1VhghUPD_fEmJn6cQUdhgj4FR9zGeSnTFR3F2A==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 22:15:18 GMT
age: 16144
etag: "ad99d073b2fb93ca950eb691a74d44d19d3724fb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3849d297978f9334d294adc6e87ace82
6a45655d6b8da63381537bcf2ea8c2cf6ecc4dc0
2ebf3ed3cc8c16602d23c4058816cc0691bb3a950c067b18b774d8772a1c7c6b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 07 Nov 2022 02:44:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ef544a0-c6ca-407f-9267-0d760303f311.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ef544a0-c6ca-407f-9267-0d760303f311.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d09300bebcacbd170aa8f6393d1b43f0
18b3df299b9f22f9cfda5e7b38a89c551cef1c6b
231bccdfaab237920fa122e71d45a62713792f9e02503e4eba0fcf72dd2f323a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ef544a0-c6ca-407f-9267-0d760303f311.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9066
x-amzn-requestid: 84bc4739-ecab-4480-a653-8c6fc3653ab9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bMtVSF5loAMFl7w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636828ee-67bb1f4f589c4a025c76b37c;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: nuzxMssilttroAKbCMrTiev3U86UyeAgeLI-ebaL1jkzRbU_seZ9tA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 21:39:31 GMT
age: 18291
etag: "18b3df299b9f22f9cfda5e7b38a89c551cef1c6b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.youtube.com/iframe_api
142.250.74.110200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.110:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Mon, 07 Nov 2022 02:44:22 GMT
date: Mon, 07 Nov 2022 02:44:22 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=Hvh_qHtRqUo; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=SCza_DJqzyo; Domain=.youtube.com; Expires=Sat, 06-May-2023 02:44:22 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+785; expires=Wed, 06-Nov-2024 02:44:22 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 327000
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 485416
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 02:44:22 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 87126
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3
IP 142.250.74.10:0
GET /css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 07 Nov 2022 02:44:22 GMT
date: Mon, 07 Nov 2022 02:44:22 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2