www.turchini.it/iqa/qakbot.zip
86.107.32.86301 Moved Permanently 246 B URL HTTP/1.1 www.turchini.it/iqa/qakbot.zip
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 151b586402ffe45d8c801eaf3e5699b2
df21fa0e95488a5a90bda463ba461644ab27e6f9
51595dec6fc92bb5e97f7f26f590fb8813f914080d3ae8ccde00e782dd3854c3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /iqa/qakbot.zip HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 08 Nov 2022 15:25:27 GMT
Server: Apache
Location: https://www.turchini.it/iqa/qakbot.zip
Content-Length: 246
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9e164a845d32db8fa51fdb5b1aa218d9
169099b4d2f8e119ab6cf6fca279b6fb535b1759
402ffbf1404cf05c0516c5a8cd5344bd53537ac5150d387730a90c81c17dc9e4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "402FFBF1404CF05C0516C5A8CD5344BD53537AC5150D387730A90C81C17DC9E4"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4713
Expires: Tue, 08 Nov 2022 16:44:00 GMT
Date: Tue, 08 Nov 2022 15:25:27 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7908acd0c083145e2b454aaeb063c236
0696647bb0a4118327f637a50ebcc21bac39d592
ffc30b68df0b33d67f31e37bbf5ae5cf4c23e1c8b8197bf76a95ee06bec4cd36
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6403
Cache-Control: max-age=161547
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:27 GMT
Etag: "636a2fef-1d7"
Expires: Thu, 10 Nov 2022 12:17:54 GMT
Last-Modified: Tue, 08 Nov 2022 10:31:11 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9a21dcd6794c5ba4178522096f695511
d731cf49db5e048d0d820d5cee03417cdd8c1c7b
c4981ce849fcfce045d1c9eeb2978767d87fcbf6087626f3d6541ec8b1938a37
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C4981CE849FCFCE045D1C9EEB2978767D87FCBF6087626F3D6541EC8B1938A37"
Last-Modified: Sun, 06 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7846
Expires: Tue, 08 Nov 2022 17:36:13 GMT
Date: Tue, 08 Nov 2022 15:25:27 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: o6heP/zA3eguIngDEgm+ul4AcycCukgHvndOg1+HJGhlCitoZXUoUr/zMSzUOscfah9hO24TEUY=
x-amz-request-id: SJ5M8W7M6F0JQMXS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 15:11:21 GMT
age: 846
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3f873fee2fb4dcd7eab85d65f17c177f
91efbfb68da5d267349879753f62dec1b9b78a09
59bb58e401929b6c003d3af3e2952491d5ddaee9b028c75b99a8528879a80aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59BB58E401929B6C003D3AF3E2952491D5DDAEE9B028C75B99A8528879A80AEA"
Last-Modified: Mon, 07 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20184
Expires: Tue, 08 Nov 2022 21:01:51 GMT
Date: Tue, 08 Nov 2022 15:25:27 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 15:25:27 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/the-events-calendar/common/src/resources/css/tooltip.min.css?ver=4.9.11
86.107.32.86200 OK 579 B URL HTTP/2 www.turchini.it/site/wp-content/plugins/the-events-calendar/common/src/resources/css/tooltip.min.css?ver=4.9.11
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1635), with no line terminators
Hash e71156cff983fe8b1875e63a1f1a9619
5ad165e49450a598ba78b3df4b7fed54f609cbbb
c9fcc6da4e924f59baa810a6a23540f1017d330db01628be1d792ec988907262
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/the-events-calendar/common/src/resources/css/tooltip.min.css?ver=4.9.11 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:50 GMT
etag: "663-5dfbfb0284724-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 579
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-includes/css/dist/block-library/style.min.css?ver=5.2.17
86.107.32.86200 OK 4.8 kB URL HTTP/2 www.turchini.it/site/wp-includes/css/dist/block-library/style.min.css?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (29271), with no line terminators
Hash dd7c1726a47a6a643915b33ff7d58ff1
af1eebb836aa766817ed21c3e35d2a3eb3e1aaba
d45cf6975f3b7ec4e2f867d0e6f718b8950a0245132bda965240d0d49c7a2c65
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-includes/css/dist/block-library/style.min.css?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:03 GMT
etag: "7257-5dfbfad50cc62-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 4788
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-includes/css/dist/block-library/theme.min.css?ver=5.2.17
86.107.32.86200 OK 562 B URL HTTP/2 www.turchini.it/site/wp-includes/css/dist/block-library/theme.min.css?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1495), with no line terminators
Hash c2c7e785ac554128579699541f35bc59
6cc27ac81033e580ec4abff557c6f0b86886a861
155a9547ffd9bd7c7a88d7ce3e02d6eac5a99151910565fc6ffcf4d5010cb78f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-includes/css/dist/block-library/theme.min.css?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:03 GMT
etag: "5d7-5dfbfad50a93a-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 562
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/blocks/style.css?ver=3.6.7
86.107.32.86200 OK 933 B URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/blocks/style.css?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (4166)
Hash 276cc536b64fe959b5001e8b9c50f65e
1881895bc3c2faa3e0f0c324cb403a77a6840659
8ff7bfd301d0d66f404762b57511af662c1e8c9d4b7dfc2103d6dd36c6c97110
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/css/blocks/style.css?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "18da-5dfbfafe20e8b-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 933
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.7
86.107.32.86200 OK 955 B URL HTTP/2 www.turchini.it/site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash b626cef5b048fdf1474b001bc2472a35
f34bc31a1b41829f8dc181ed6197e645b764e6aa
630d5de8c43fd1fcf89eaf6bd530ff0092c514c01bfbf4d4bd201bee56621f3f
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.0.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:43 GMT
etag: "c25-5dfbfafbb0a3d-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 955
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.7
86.107.32.86200 OK 4.9 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash 63231eb017f64b2b1750e672f51d080f
a667ebbd33e63d20e8498e885c6cf7b9f0d82a84
7b1f6418f2296d849b10c67b54db686e6e987006af661b05031431ed87e5bb4e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.0.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:43 GMT
etag: "7058-5dfbfafbb0a3d-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 4947
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.6.7
86.107.32.86200 OK 2.2 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (16542), with no line terminators
Hash 7e972f6c1b2623731f8a00bac6c27b89
c74dbad6d727697f8a479e8928da654273abdc4b
56a3d5d9f218531f5135906f5c15990ae8a70bd8d09abe40588bab417504ee8e
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/css/woocommerce-layout.css?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "409e-5dfbfafe31443-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2157
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11
86.107.32.86200 OK 13 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash e12a10918e68b2b4305c1fd800ed350f
7c62596c956aa07f1e678a35682525bb3e85be72
a749db20018567a58dee812859ec4bb87d2cbcec759cce1b1d2ffe84866adda5
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.4.11 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:45 GMT
etag: "efa0-5dfbfafe0031b-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 13020
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.6.7
86.107.32.86200 OK 8.8 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type Unicode text, UTF-8 text, with very long lines (62572), with no line terminators
Hash 1d0ad2bc538ac2d54d55271789f30dbd
74036a920ec37374f2df64cec639114158234992
0568c28420c6ce20babaf0bc1a3cb7b4d50c2fc75e6a72c40aa71f892702c9dd
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/css/woocommerce.css?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "f47a-5dfbfafe1e393-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 8810
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
86.107.32.86200 OK 239 B URL HTTP/2 www.turchini.it/site/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash 21fec527969cbcfec759744ce51f94c0
827130fb99b0005a5206028abfe82e93610184f2
fe2a280a5ffe9f5d3b1bf125035d478e46bae689a2f0cde07d48bef1ba7c74b1
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:58 GMT
etag: "176-5dfbfb09a4ab4-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 239
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2a47d129a3af5f02c654faf925c60273
9ad27ed9f4500c939260a677c12e702599b00fa9
0e031af077bf7009ffefada782407a247bbd31bddc96994c68de7bfe902bf992
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3335
Cache-Control: max-age=153413
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Etag: "636a1c26-1d7"
Expires: Thu, 10 Nov 2022 10:02:21 GMT
Last-Modified: Tue, 08 Nov 2022 09:06:46 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.turchini.it/site/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
86.107.32.86200 OK 5.3 kB URL HTTP/2 www.turchini.it/site/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (9981)
Hash 4905f83cf8091f7b0f1360da94c55ebd
f64fb074ecdfbfd2fd5bff1d1795f28977ac4f1e
bd4463fd47ce1f55eae84051cffc6b28f0ca9d21b2f22d3e4029f0f97793ba67
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:03 GMT
etag: "35ef-5dfbfad4ff7c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 5328
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d6dbaa7f1a697305cfaabdc859cdb9d3
680fa363852fb33b9b76b83d3ba5c0a4c51499cb
2ccc20d4d484d91da7e9fb07056d62a620af07b21f495be49f54e7e83c988dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.turchini.it/site/wp-content/themes/turchini-theme/style.css?ver=5.2.17
86.107.32.86200 OK 246 B URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/style.css?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash 8692cdaefef33a15418e9b284cc3855d
3f00435466f4757ffffba7de8fa4786bce7c590b
4e363f941ddf3a664f81f3f48e525574b806c7a04ee09223e021decd60d89bc8
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/style.css?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:31 GMT
etag: "15d-5dfbfaf06834d-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 246
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.7
86.107.32.86200 OK 9.5 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash 86c7c615fa9dbd112cb6e6119b233394
aa4b76ce84703b62e20870a6865600c25fc04ed1
ec14b61a213ef5fbcc4bf06a47e4d41af39802199d3b46983080c9287b16e1db
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.0.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:43 GMT
etag: "9868-5dfbfafb251c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 9490
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.9.2
86.107.32.86200 OK 1.6 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.9.2
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash ed483dac0de47242e6bbb2215cb36fe1
7a9fcab7c6b60ac4aa5b546e36d02c224587a170
97eae6826e99015afeab4dd9f237efc6d0c735d463ecd66b8ee765713f750389
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-form-move-tracker.js?ver=1.9.2 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:58 GMT
etag: "1476-5dfbfb0973380-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 1645
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.6.7
86.107.32.86200 OK 1.9 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1494)
Hash 450def929e9d601b4b24da8c58be36a2
9705b9a7831c1f9fdd3a1eeb5d23714591ee28a6
d21df6dc21ee394e7ab5caeea6f5282f17784dc47bbae5bd6d57721b4d312cea
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "1467-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 1943
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.4.24
86.107.32.86200 OK 1.2 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (7545), with no line terminators
Hash 0c0d65cd4fce18ef804cd2d801fe5513
bbc09913c792974606d5584e20602e402e5394ee
d77042fc550b9198a255eda914b6a4ccbec0f9d8feb6280088157b50804bfe87
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/css/browsers.min.css?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:40 GMT
etag: "1d79-5dfbfaf8f6e28-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 1227
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.6.7
86.107.32.86200 OK 2.4 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (2962)
Hash e306c53d22267d7aa7cf8486b8c31541
0d027c1cdceae97d855fa1a3b72d38f1bf9a1c42
9470007553f07eb505c1dc6b132145689adb26a5b86f4cda98a4c9643bf2da81
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "1a23-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2358
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli.svg
86.107.32.86200 OK 9.5 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli.svg
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (28236), with no line terminators
Hash f8471d3f15d6c5938737552154bf54d6
d92138150e7b163d72308078fd1f53d8044a7b24
1336d23978c7d494de3017d2cdeb5a5bde641497368cf07afa771fb3b31b2dfa
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli.svg HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "6e4c-5dfbfaf14b807-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 9542
content-type: image/svg+xml
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/F.svg
86.107.32.86200 OK 2.8 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/F.svg
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2379)
Hash 352f19fb5c6273c7a128db3b55ff81df
7bba005a0e3338fd793b977db1765097d7a30298
7ec7cd353c7f9a26a34a2deed4d37ef296a527c1f118d6cbb7a94f89b22933ca
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/images/SVG/F.svg HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "17cb-5dfbfaf149caf-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2774
content-type: image/svg+xml
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/uploads/2021/05/loghi-footer.png
86.107.32.86301 Moved Permanently 280 B URL HTTP/1.1 www.turchini.it/site/wp-content/uploads/2021/05/loghi-footer.png
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ccccc9197a36c6ba62794895f8cfa1b7
2cb968995d7db08c4c61073cddb92ce11f6e8ff7
b64a61778f38e6dc2e295c560453d1da822789cb6ad73123999c012f849f00d9
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/uploads/2021/05/loghi-footer.png HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 301 Moved Permanently
Date: Tue, 08 Nov 2022 15:25:28 GMT
Server: Apache
Location: https://www.turchini.it/site/wp-content/uploads/2021/05/loghi-footer.png
Content-Length: 280
Keep-Alive: timeout=1, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 96791bd486db22c41012d25318835bdf
b32c813f16b84a6b2660bd527843da5e368af8eb
61a4589c35910af9f8d20ff0c7eca296a77a336ab00730573fe9ce7cf2cc72c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/vendor.min.css?ver=5.2.17
86.107.32.86200 OK 5.0 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/vendor.min.css?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type Unicode text, UTF-8 text, with very long lines (33619), with no line terminators
Hash 876af401efcb449df7121dd487959ac9
0d5ce1c22c1ee681cedeab24ef2d7a30bb8ba681
f57fcfd72245b37df191927279f03e21c79a88b16a5a796eb7c9e8ac61ccda64
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/css/vendor.min.css?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:32 GMT
etag: "835d-5dfbfaf13ece7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 5010
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli_grey.svg
86.107.32.86200 OK 27 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli_grey.svg
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1926)
Hash c381371d04903b7d1ddf12f3f45ab144
49591c6e2b60fe42b1a45747bf8718aeda883745
c60ef2a149eb361878dfaf7e9fa75d9110d407893ce1745e1e1d67266e2c8a8d
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/images/SVG/fondazione_turchini_napoli_grey.svg HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "10960-5dfbfaf1498c7-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 26603
content-type: image/svg+xml
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/styles.min.css?ver=5.2.17
86.107.32.86200 OK 31 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/styles.min.css?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (35161)
Hash ceeefc5bba1f3aacf49de50054a84884
df2c5a14a24adbf3002959134f08c6d20b16747c
4ab1e04f78f4f233745024d9840596ef3d67e89bc70fccfd6ac42373fcd0a43a
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/css/styles.min.css?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:32 GMT
etag: "3de6c-5dfbfaf147d6f-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 30611
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
86.107.32.86200 OK 35 kB URL HTTP/2 www.turchini.it/site/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (31997)
Hash 49fc6aa0594688149a6721d305b82d3c
80792e91d9c9e82985d6521f09b33785109ccd8b
f777f5a52b2344679bd28243ccba85a5e19dbda86f6b13cd6fecfa01b6d81394
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:03 GMT
etag: "18910-5dfbfad4ff7c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 35118
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-includes/js/wp-embed.min.js?ver=5.2.17
86.107.32.86200 OK 2.0 kB URL HTTP/2 www.turchini.it/site/wp-includes/js/wp-embed.min.js?ver=5.2.17
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1413)
Hash 1f6221fdf2ec78326bc435db53aa0dfb
857240e189c8cf872c7c40f075c493cd9b73849c
58414dd952574d12f8934b0c7954292147a96b9b18cc1df81044062089169ba1
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-includes/js/wp-embed.min.js?ver=5.2.17 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:03 GMT
etag: "1416-5dfbfad4ff7c0-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2048
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
86.107.32.86200 OK 2.3 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1702)
Hash fa4c2144b8f4e5084f5901aa240aa49e
2f8ffe026b9ee7aaa6302a1d3fbd91dc4b5a09f8
f82e9492c41960f2e32aab6d6b42c869aa8714c1ddeaa2a1e2e17b6dbcda8fec
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "15dd-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2289
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-150269462-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-150269462-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 486a5fb99e53ea744ba0e143585e839c
7f78414cee610c0fa42631bb24cd54d21ec25124
ae0352ee1ba433d88dbd1be07db6cb20d12d89332a34a82283214e5cf69ffd12
GET /gtag/js?id=UA-150269462-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 08 Nov 2022 15:25:28 GMT
expires: Tue, 08 Nov 2022 15:25:28 GMT
cache-control: private, max-age=900
last-modified: Tue, 08 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43533
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/js/main.min.js?ver=1.0
86.107.32.86200 OK 4.7 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/js/main.min.js?ver=1.0
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (11083)
Hash e460ad04bd8d6676103f152b074fd731
59972cf0d951d4aeed2a18e620993bcbf72792e6
23c76d29392331c42a13c7c85ed8cc22b512923f4649c38ede8237ea9acf3e71
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/js/main.min.js?ver=1.0 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:32 GMT
etag: "39dc-5dfbfaf0a7900-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 4670
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.4.24
86.107.32.86200 OK 402 B URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (3860), with no line terminators
Hash ac419b9db2fe6cb74932b27694be12ba
9b7fcbc2e2f6b91b163b89b032c812f75c5494e8
cffd80c7223e354ef53ac567ff5b5ce82287f8e8c1290566138e1053b27a705a
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/css/formreset.min.css?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:40 GMT
etag: "f14-5dfbfaf8fb860-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 402
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.4.24
86.107.32.86200 OK 3.4 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (30439), with no line terminators
Hash 06fe34d52dfeab0e5d1a1a929ab259c4
0c784dcde018551fc31e8fd0059cd2334b75d60d
20a25e2c1fe589deffa005e0e9388d3f4bcb1d5f7e9308ad6f3788e7e3a53913
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/css/readyclass.min.css?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:40 GMT
etag: "76e7-5dfbfaf8f7dc8-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 3406
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.4.24
86.107.32.86200 OK 2.2 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (1870)
Hash 05b452b590b12aaa9018ceae689ea040
5993c9c5ac5bf5a1c7f8e2b9ebb64dc56f7b5d76
cc4907c5b7d538c3e9f055f3b0cb3a16e777c9b20e0b88d010cb620e17b0a20a
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:41 GMT
etag: "15df-5dfbfaf93cd40-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2241
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.6.7
86.107.32.86200 OK 2.3 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type HTML document, ASCII text, with very long lines (2659)
Hash 77fb6659a7b459ac5caef9c991de7c27
e4d9a63c8e11ca8631664fc91359c54328d13193
224ead82a6a52c60b0f6e416df88e92d7f3ff23326721a830639cb2a09400f3d
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "18f4-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 2277
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.4.24
86.107.32.86200 OK 3.1 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (4632)
Hash ced6ffffa63de528f5c774ef4e8cd888
d5a39a2768db5e6b414d7cd9a9a6504578617e85
46c341ca62ef4469f908f933bf0449d8ca238eee1cc28f1c1d6e313f0fea8173
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:41 GMT
etag: "20c6-5dfbfaf93cd40-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 3057
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.4.24
86.107.32.86200 OK 12 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 09ec82a8bcca780f3f53473dd0fb9c43
24f4522e9426beae754c6aad9dd759a43f2ca2a5
45e42507327deaf05b1170344ace33850496dfb5293a9ace7e52de96ebf8d8aa
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/css/formsmain.min.css?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:40 GMT
etag: "12282-5dfbfaf8fd3b8-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 11776
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/js?key=AIzaSyDPgr15C710vE5ro9zmB-4cUU2O7SU1Xxw
216.58.211.10200 OK 53 kB URL HTTP/2 maps.googleapis.com/maps/api/js?key=AIzaSyDPgr15C710vE5ro9zmB-4cUU2O7SU1Xxw
IP 216.58.211.10:0
File type ASCII text, with very long lines (2459)
Hash a3727fcdc15bed7e3339bf8d527b653d
6eeb64b2f4e01df6632496ee3be26ed4131519b0
35abba34b89025b827269ebf11e4024e325c04bd1179d6732f071f8976bc7516
GET /maps/api/js?key=AIzaSyDPgr15C710vE5ro9zmB-4cUU2O7SU1Xxw HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
date: Tue, 08 Nov 2022 15:25:28 GMT
expires: Tue, 08 Nov 2022 15:55:28 GMT
cache-control: public, max-age=1800
vary: Accept-Language
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-encoding: gzip
server: mafe
content-length: 53391
x-xss-protection: 0
x-frame-options: SAMEORIGIN
server-timing: gfet4t7; dur=27
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
86.107.32.86200 OK 4.8 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (9194)
Hash a477caf2705d94f1031f9b96ca96c052
1a8b8ad6224a828f4f772366e52c67185b0142d1
941731d3f13f94c0c3ac89056bbb8693e9ee227389633c96edbd85cfa2c1a448
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ver=2.70 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "3405-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 4839
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.24
86.107.32.86200 OK 12 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.24
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (35343)
Hash 646e326053b0f9daf256fb9d89b8cf90
d470428711348aad282c3a24a5cd40b301c8741f
cb49032d32b11bc8937f5fc1a8bde193f46e2dda4e95b88d02e7cb066266f835
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.4.24 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:41 GMT
etag: "98a0-5dfbfaf93cd40-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 11887
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.8
86.107.32.86200 OK 48 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.8
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (42889)
Hash 95b6605d1b92f3d7fb44dac412268c65
a78f1c78346a3f8007fae8afd9517e2e52865c45
b082d7795ae95d89b056055b33ca94768f593e3dc9421bb50361378d69c268ae
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.4.8 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "1f2de-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 48242
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.101.24101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.101.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pjwW9fIcTECbqQqUD1EOHg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ipa/B5/4Cp/9jsW3HNgQNsL5gG4=
www.turchini.it/site/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11
86.107.32.86200 OK 97 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Hash 10d4c2969644703be6ffa686e505b91c
d3257a94133cac7cc4561d9f0867232c20034e6a
60412704b98b246ee6648143f043cd443b94ae75bcda235bc2555f647dfec58d
Analyzer Verdict Alert quad9 Sinkholed
GET /site/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.4.11 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "59c76-5dfbfafe01880-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 96791bd486db22c41012d25318835bdf
b32c813f16b84a6b2660bd527843da5e368af8eb
61a4589c35910af9f8d20ff0c7eca296a77a336ab00730573fe9ce7cf2cc72c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b10986024b7c43560e2e76cb10764ec4
dcb10e65ceffd902d240df3c5682be4388119a96
6b9d5fdaeaf7b5c35fa5db97477ec3cde32b64b54b44c0d48b41fef1857630e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b10986024b7c43560e2e76cb10764ec4
dcb10e65ceffd902d240df3c5682be4388119a96
6b9d5fdaeaf7b5c35fa5db97477ec3cde32b64b54b44c0d48b41fef1857630e9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.6.7
86.107.32.86200 OK 1.1 kB URL HTTP/2 www.turchini.it/site/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.6.7
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type ASCII text, with very long lines (6758), with no line terminators
Hash bac3c679da4930209be92b338cb74b7f
1a18633b3aecdcb7146475a1f6a90c58058f9e9b
b5b63cee0120e4cf9a183bab0905af9d4fa8712d4afef4d0b7d7c0f914ae26b3
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen.css?ver=3.6.7 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:46 GMT
etag: "1a66-5dfbfafe2f8eb-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 1055
content-type: text/css
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 4dc4a177d25f666a9ba1cf6225354467
8975f2e5cc9cadc4a1e369da45471eb1f0830c5e
6c9e54a13abc265cac7bdee51c6fa49e5e7590fec7a1cc99096c384dabef31be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Libre+Baskerville:400,400i,700|Roboto:300,400,700&display=swap
216.58.211.10200 OK 32 kB URL HTTP/2 fonts.googleapis.com/css?family=Libre+Baskerville:400,400i,700|Roboto:300,400,700&display=swap
IP 216.58.211.10:0
Hash b853a1529eae0d08036c90fa060e77ba
a4d4ebe7cbee07139cb40df6f0df4714e726cbf2
eebb94c093780a75d9037e6b53d2f54bd17fe4d2986ba4d5dcd823dcaec237ab
GET /css?family=Libre+Baskerville:400,400i,700|Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 08 Nov 2022 15:25:28 GMT
date: Tue, 08 Nov 2022 15:25:28 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.turchini.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 503480
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.turchini.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 19:34:08 GMT
expires: Thu, 02 Nov 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 503480
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2
216.58.207.195200 OK 27 kB URL HTTP/2 fonts.gstatic.com/s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 27120, version 1.0\012- data
Hash 43e7d3f1dec74478587a2b3cfa272631
c065f24ac428353854ebd6715c49966fc4f4c762
6c6c9c3fad669c3d32227f5cc3467735c8211ddcf4f8c184c2e62e7f3ef7af44
GET /s/librebaskerville/v14/kmKnZrc3Hgbbcjq75U4uslyuy4kn0qNZaxM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.turchini.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27120
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:28:46 GMT
expires: Fri, 03 Nov 2023 21:28:46 GMT
cache-control: public, max-age=31536000
age: 410202
last-modified: Tue, 26 Apr 2022 16:42:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 03fc468285706210a3ce339d5a223c61
fd32b7fa20b5c53cc2aebc09a3defe4c890f61be
9401d1803a9bac1dd2297405f8cf32dffdc375912ccc1c7bcf884f59a0ed64ab
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.turchini.it/site/wp-content/themes/turchini-theme/dist/js/vendor.min.js?ver=1.0
86.107.32.86200 OK 103 kB URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/js/vendor.min.js?ver=1.0
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Size 103 kB (103020 bytes)
Hash cbd490cd7dcb07dd848bd457424c4a56
6d2c7369b799ff8d243448bb225b07af239ebbbf
10ed26087dacb2675443ef458636d0f77555ac3f8b671d361bc07aeee99c16be
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/js/vendor.min.js?ver=1.0 HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 24 May 2022 10:47:32 GMT
etag: "6156f-5dfbfaf0a7900-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-type: application/x-javascript
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/favicon.ico
86.107.32.86200 OK 702 B URL HTTP/2 www.turchini.it/favicon.ico
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type MS Windows icon resource - 1 icon, 16x16\012- data
Hash 41abe0d0d896f1983fdba987fb2f4d74
570d3907fa0fdb74483898a7644648ed694cd348
066bfd6ac3e12df9b3a7b13e799694a462aaeaa0078058a256827db858a530e5
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "57e-5dfbfb1a2be11-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 702
content-type: image/x-icon
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
216.58.211.10200 OK 23 B URL HTTP/2 maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
IP 216.58.211.10:0
File type JSON data\012- , ASCII text
Hash e3981ca10169a319d5aa062bf43a5fa1
2c6ed584767b65688ce99b1ebe1a3b7448a67421
8b0b8749aba12de93f3cf5d86f9fac9d6de7cac400a17473718f182a34ebb7e9
GET /maps/api/mapsjs/gen_204?csp_test=true HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.turchini.it
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Tue, 08 Nov 2022 15:25:28 GMT
server: scaffolding on HTTPServer2
cache-control: private
content-length: 23
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.turchini.it
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: xjT3fHJMTUaljR/MT9DFLu/3xP8R/gNWEq4S1IaYPfV2IIhLYHucW4HvnO1QaxcKjsNzcBXtJeOhRNhpufjFKQ==
priority: u=3,i
content-length: 27337
x-fb-trip-id: 1904183273
date: Tue, 08 Nov 2022 15:25:28 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 89d3b51d06a660181b023005fb2396a4
df0483119c2dfc20349c6aa00ddbc399e0ef03f0
51f52c22a57c3fbbdb9411641234063b9c8ce79a61a72fa81e7570ef2171220d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4296
Cache-Control: max-age=144668
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 15:25:28 GMT
Etag: "6369f63c-1d7"
Expires: Thu, 10 Nov 2022 07:36:36 GMT
Last-Modified: Tue, 08 Nov 2022 06:25:00 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.turchini.it/?wc-ajax=get_refreshed_fragments
86.107.32.86200 OK 164 B URL HTTP/2 www.turchini.it/?wc-ajax=get_refreshed_fragments
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
File type JSON data\012- , ASCII text, with no line terminators
Hash 9321f8c25b298fb366d0691ebe7a505c
46b09819b9a87ed18bd09b10e47a8ad536f2660c
02dd9606d7a707cb96c36867d89a9aef6732ea21cb79688233e2c31c6046fc42
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
POST /?wc-ajax=get_refreshed_fragments HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/iqa/qakbot.zip
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 18
Origin: https://www.turchini.it
Connection: keep-alive
Cookie: cookielawinfo-checkbox-necessary=yes; cookielawinfo-checkbox-non-necessary=yes
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.turchini.it
access-control-allow-credentials: true
x-content-type-options: nosniff
x-robots-tag: noindex
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-transform, no-cache, must-revalidate, max-age=0
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-length: 164
content-type: application/json; charset=UTF-8
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 08 Nov 2022 14:41:09 GMT
expires: Tue, 08 Nov 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 2660
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=539430643475305&ev=PageView&dl=https%3A%2F%2Fwww.turchini.it%2Fiqa%2Fqakbot.zip&rl=&if=false&ts=1667921126312&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1667921126311.930226452&it=1667921125921&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=539430643475305&ev=PageView&dl=https%3A%2F%2Fwww.turchini.it%2Fiqa%2Fqakbot.zip&rl=&if=false&ts=1667921126312&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1667921126311.930226452&it=1667921125921&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=539430643475305&ev=PageView&dl=https%3A%2F%2Fwww.turchini.it%2Fiqa%2Fqakbot.zip&rl=&if=false&ts=1667921126312&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1667921126311.930226452&it=1667921125921&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.turchini.it/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 08 Nov 2022 15:25:29 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:25:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:25:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:25:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:25:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8480
Expires: Tue, 08 Nov 2022 17:46:49 GMT
Date: Tue, 08 Nov 2022 15:25:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ff4c1be0934222258267f7595f2ecde
5d51855ed7cc6f8cac53eef1730212eb70b28036
49ce70117f2b108ebcff7f8e0ac14b2583eaf6b36a10baff097b35b728ba44d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92bcf73f-5c71-47c9-824d-b8fa1f9af018.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10781
x-amzn-requestid: c5063271-8b84-41d7-899c-958c135541c4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAwTF2cIAMF0DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b34-6b6018d826efae3e3738a7d9;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: yfT-BN4Codmr6J5v6xIIIpOG5EaHI1xnOqineRxdeQ3VJ_MmujMZew==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:38 GMT
age: 63771
etag: "5d51855ed7cc6f8cac53eef1730212eb70b28036"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7884b85a4b30e918a0b44f73a301a78b
f7ae1b83a0199b76dd0d31a21db4072b867e4f37
9576f9ad95c958887de953dee72b267cd0ed7293ed62fb540df76a2d49fac035
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3564993-11e9-4914-840f-9a1b924c950a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4527
x-amzn-requestid: c3be9447-c43a-48d6-9aef-c0999742886c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQA1GFN5IAMFaRw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b53-3bb315de52dcf6114da9ad05;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:40:35 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: _nFA59k8ERwiA6Ct_pZJs0WkFuagosyyiOkeQc1PuWMcno-Lpz4UfA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:39 GMT
etag: "f7ae1b83a0199b76dd0d31a21db4072b867e4f37"
content-type: image/jpeg
age: 63770
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: ad230e08-9f4e-46cf-9a86-f8e013a1c498
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQBFkEhLIAMFq_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697bbd-7e8b686a23a84c5d473c9ef5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:42:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FoOPmZEjC6nhw801dgqENVL-9-aC0pyFAF-fMS57XzQyfxck2GGUvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:49:14 GMT
age: 63375
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: C7GYpM3mXSf0hVyGO9Zzlxa3IHXHdyPlXsvr3i0GoQnaPZF6lO-OwA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 08 Nov 2022 06:28:01 GMT
age: 32248
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 37802736d42529da1237e5d89e253928
6f246d25b36dc880489f3af2ae8767a0f5f2542b
b21622ee7e858a4508096480ec3ffba824e96d469b0fcfa0f6daaabad296fd40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12165
x-amzn-requestid: 7baae03c-2e22-477c-9c14-d21a26469b47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEFHdIAMF_XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-2edb1d9722872b1166a5b085;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1QlljbC_YBobvvYSxTH2jH4a4kZAK8Am-k6CNxJrLIm1TY1gbfP1gg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:42:40 GMT
age: 63769
etag: "6f246d25b36dc880489f3af2ae8767a0f5f2542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg
34.120.237.76200 OK 95 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg
IP 34.120.237.76:0
File type gzip compressed data, from Unix\012- data
Hash 116c3aed1ed913c31c48fe06cb7e0b40
1af589761c87d6906419e655024d72cf999b1060
f4b4f5c681ee828209cf2a03d386e6e686c3e8959a898280ea9cc7f54f9a48ca
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a2bb539-06cb-47fd-8d3c-7043929bfeaa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9336
x-amzn-requestid: fb33f029-9d6c-40df-aab2-bdb139d8dedb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAKOGdEIAMFujA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697a41-53c235ce324b4e896b401a40;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: zP8bp-rTtlDnlSAnPdZNJL19gSEfS9HmA9WUgNx4jku9i1zoahW-og==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:40:01 GMT
age: 63928
etag: "e5e369ed7b77ff7639bffc16da2f2ca6c035421c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.turchini.it/iqa/qakbot.zip
86.107.32.86404 Not Found 0 B URL HTTP/2 www.turchini.it/iqa/qakbot.zip
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /iqa/qakbot.zip HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-transform, no-cache, must-revalidate, max-age=0
link: <https://www.turchini.it/wp-json/>; rel="https://api.w.org/"
x-tec-api-version: v1
x-tec-api-root: https://www.turchini.it/wp-json/tribe/events/v1/
x-tec-api-origin: https://www.turchini.it
referrer-policy: no-referrer-when-downgrade
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 15:25:27 GMT
server: Apache
X-Firefox-Spdy: h2
www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/fonts/dueper-font.ttf?fitx7f
86.107.32.86200 OK 0 B URL HTTP/2 www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/fonts/dueper-font.ttf?fitx7f
IP 86.107.32.86:0
ASN #52030 Server Plan S.r.l.
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /site/wp-content/themes/turchini-theme/dist/css/fonts/dueper-font.ttf?fitx7f HTTP/1.1
Host: www.turchini.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.turchini.it/site/wp-content/themes/turchini-theme/dist/css/styles.min.css?ver=5.2.17
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
etag: "14250-5dfbfaf13f89f-gzip"
accept-ranges: bytes
cache-control: max-age=31536000
expires: Wed, 08 Nov 2023 15:25:28 GMT
vary: Accept-Encoding
content-encoding: gzip
referrer-policy: no-referrer-when-downgrade
content-type: application/x-font-ttf
date: Tue, 08 Nov 2022 15:25:28 GMT
server: Apache
X-Firefox-Spdy: h2