r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9331
Expires: Thu, 10 Nov 2022 04:36:54 GMT
Date: Thu, 10 Nov 2022 02:01:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4c6e4047ec266b87485610e26a85bb6f
cd543757597609d7309d02652318359078a965c2
d8aff7a24f3274782b4f41d6dbd181ba817f5a562d992a3a82966481c91f8a90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4156
Cache-Control: max-age=121137
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:23 GMT
Etag: "636b8168-1d7"
Expires: Fri, 11 Nov 2022 11:40:20 GMT
Last-Modified: Wed, 09 Nov 2022 10:31:04 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dc90abd8b3ea8e75a68c144d74d75788
1ce29dca1ee9ca8931397de31ffb6cf7833baaf8
807000997bcf1b7a1fa35e43908cbfa54cd1704a5a0f53c09e1ae154638f10e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "807000997BCF1B7A1FA35E43908CBFA54CD1704A5A0F53C09E1AE154638F10E0"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12764
Expires: Thu, 10 Nov 2022 05:34:07 GMT
Date: Thu, 10 Nov 2022 02:01:23 GMT
Connection: keep-alive
tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/new-auto-upgrade%20_2%20_1.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 10 Nov 2022 02:01:23 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: JykuO5Sb9uqhRjq/7kWKPhyCJuRVKv4ryAGPNCH+wppz08pOaZsUgNOfStOYs2VyTzs83sRf/Ro=
x-amz-request-id: 41XSZRZTJKESNWC3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 10 Nov 2022 01:11:56 GMT
age: 2967
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 02:01:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/new-auto-upgrade%20_2%20_1.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Thu, 10 Nov 2022 02:01:23 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c59d06092401e375df491b06ee8e6dbc
2e27b8ff7c08a5349e27969bc2a08e5e19d0c1da
23ee4ab633fcf67dc5d4d1931450e365cec8d436ef1f9ba5f46b6bab974724c4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2292
Cache-Control: max-age=114218
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:23 GMT
Etag: "636b6da9-1d7"
Expires: Fri, 11 Nov 2022 09:45:01 GMT
Last-Modified: Wed, 09 Nov 2022 09:06:49 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.39.57.61101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.57.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: MtWuR29yJ0KtLG/hkIPwug==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rGupm7T9Cs+eEJU+up6U//jRKHA=
www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
85.234.151.73404 Not Found 55 kB URL HTTP/1.1 www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash f53754ca5b2d0a3bee1719fc2e459e1d
229407edcc6f7ec281891fdf998f8d3822f3c6cc
f14fe5a9f68ee5b5b7f073c74bc49642d503062e6d1a24e876d962790ad7a4d6
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/new-auto-upgrade%20_2%20_1.zip HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Thu, 10 Nov 2022 02:01:23 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.tofi.it/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
85.234.151.73200 OK 89 kB URL HTTP/1.1 www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (43771)
Hash b7915926fe42d76e9c802353ab01dae4
3a8192a4312f25f53de25b100d62829c0f14d67c
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2022 19:20:44 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
85.234.151.73200 OK 13 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 4045fbc98e0caae7e213f52330c52c21
253b81dc846081e189174789220a296d96849681
168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 12663
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
85.234.151.73200 OK 1.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash a2e915fb21387a23a3578cb1b2b5a724
c3601301dacf90fc9eede9363f2698d922c05327
fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 1920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3
85.234.151.73200 OK 5.5 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5461), with no line terminators
Hash fd081bc5500fcaf246c15ffcad3467c7
62ff35896a1803419163ffc3117fe077d0d59054
52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 5461
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
85.234.151.73200 OK 19 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
85.234.151.73200 OK 43 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7136)
Hash be226b70c4a044c014c0fc8c5afca14e
9d6165705084ebef3a550df37cad765a8004474d
4062e6f54df1e95d09317853df6fad95e103ab7ae67bbadd22ab2769c711a2f1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 42720
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
85.234.151.73200 OK 5.2 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5156), with no line terminators
Hash 301f825956e0202555eeb32a62b20edb
b4bb15601acb7aa9d1b0029f389e590195c65dbf
5bf51d12e86de98c7f594516b6b5c9613da60f64c863a803c3e870fa871f3e7f
GET /wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 5156
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
85.234.151.73200 OK 18 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (17459)
Hash 888fdd39e95ee8ecfabd72580861683a
d5ea47f1de0ca987682f4b89c851d7ef18d8752f
9240a25a99b786a64ed9f39d2aa70a327f019ccc4269dcc6bf70779863294817
GET /wp-content/plugins/trx_addons/js/swiper/swiper.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 17710
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3
85.234.151.73200 OK 208 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65169)
Size 208 kB (207790 bytes)
Hash 10493a040ec70e6f997887b04a4fef13
bfdfe3e0123bca9c9b6d3ac17de1c8b6c610aabb
474c7151d471e8dfdd71ff90539ed619a3a621fea465e6fc6d226dc70f0c75d0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 207790
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
85.234.151.73200 OK 7.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7873)
Hash 39af00ca0151248005d3a90ae3e48289
6ef42eafe3c578530a3df35ea3b7adb3f6aa3257
219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
GET /wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 7874
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
85.234.151.73200 OK 60 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash 6965137b6996c7953be805866df582ed
7fa546bdc941a31224fcc0b64c75d30f23630583
b86f3cdcccad303cb5300fab4d2774eafc3a2788f07ff1f3cd1953dd0debaa3f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 60053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3
85.234.151.73200 OK 81 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 0c86cdcbd3de3b1fb99d7e1882030f81
8e96156956fcfc8b7074c72f7b303da326824de8
fdaebf38e9d60745a2e2cdcbf9550bf50058d490f4c0a5eeef93671c7659475b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 81317
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/style.css
85.234.151.73200 OK 147 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/style.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Size 147 kB (146976 bytes)
Hash 65674f4c837f876b229cfaaeb02a651f
57739f6a9bf7fa8bbdaaae3e863c7ef858d45589
a9b1e17454837eb51bb49944ba490314f44ae6617a0e045d28b7b43e242a2065
GET /wp-content/themes/electroserv/style.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 146976
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11256), with no line terminators
Hash 2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 11256
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3
85.234.151.73200 OK 4.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (4186), with no line terminators
Hash ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Accept-Ranges: bytes
Content-Length: 4186
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3
85.234.151.73200 OK 308 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65217)
Size 308 kB (308532 bytes)
Hash 6753dbc1940419475691cbd572835cb1
ecd9e7c611fa605ed64a3482e384979e0526247b
8a543831320f80549300cd85bf432627d6d2b9dd308367a0507b13115899ba05
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 308532
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.3
85.234.151.73200 OK 111 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type assembler source, ASCII text, with very long lines (696)
Size 111 kB (110619 bytes)
Hash 4a89add69adeb951442caeee5db24d80
4e341b21e8d0f71b47bcbbae5092e67e7215bcca
f067d724c42c05a9604ec4036d0ee641c3fe1f79ac620d7cfd8c18b495230f62
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/responsive.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 110619
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
85.234.151.73200 OK 90 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65447)
Hash 02dd5d04add4759122013c5ab4dc5cc2
a45a56e396ac549b4ff39b696ce9e0c16a7612de
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Accept-Ranges: bytes
Content-Length: 89521
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.3
85.234.151.73200 OK 117 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Size 117 kB (116927 bytes)
Hash cbf0c557f5cc513fe1881ec1f53ad90e
6169b1c05f01169d9e5a2290d1c14f7fe869677b
64245dd70f9080ff8d1b391478958d61033e994aea3d5cfdf77a00166bf323c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__styles.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 116927
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.3
85.234.151.73200 OK 357 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Size 357 kB (357146 bytes)
Hash 92e8131e1a390042435247f2896d4e0e
42bc98de063148b711a5ac54340f50916a393b53
76ea2b5e1611a0094e2ae360caad752de442e722d85bada9556c26900885d6e3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__colors.css?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:01 GMT
Accept-Ranges: bytes
Content-Length: 357146
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
85.234.151.73200 OK 9.3 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (9332), with no line terminators
Hash 6a229fc927df63e2b5f436bb01d2c37f
d09285c647f007d920a36aced75a0179d40ff4cb
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 9332
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
85.234.151.73200 OK 20 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20087)
Hash ba6cf724c8bb1cf5b084e79ff230626e
f455c5f153f872e52265f87a644ff89fe14a6fb6
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 20216
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
85.234.151.73200 OK 87 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (32020)
Hash 93150feefb986b403aedf9e26c914092
64c397ca8c093de3bdb2c2eda2205fbfb8173f32
b18bb25b43e0bd89fa67b62f914da8ef6286e626c0690f0b4fac74e7a52f700c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 87126
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
85.234.151.73200 OK 119 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (41022), with CRLF line terminators
Size 119 kB (119386 bytes)
Hash 1eca6ed028850aa07d5f4a003fd7079e
1f02b8c5485108373bdd14a96bb1fe22d72e157b
9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 119386
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
85.234.151.73200 OK 14 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f89263c0c2f24398a1df52eead69f5f8
850e9cfb1680eb1df4365889724e69f38df7bb9e
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 14280
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
85.234.151.73200 OK 133 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (65387)
Size 133 kB (133329 bytes)
Hash af40015a43d12924cf11954bdf3c3026
b1fc1cc4b5c9869f8c22e7d3bc8c8daeb5fd544e
d4ed2787901051677e5769e6285b6f2dda4eb077e0a62f7e3f36e0c9493030cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/trx_addons.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 133329
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
85.234.151.73200 OK 6.7 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (6684)
Hash 4c35d53fb0a5355136c6ab4df90ca3e1
388a6dc93b1d1d7d99700151dc495e045f4f3afa
af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 6685
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
85.234.151.73200 OK 7.0 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f2d8d0aeb67bf6d5258efd5d6018c9fe
66a55167b4923cf03470b7013546893b0934041d
997c7e1d4ca02022f240b77a3e6d37c4693d8b7566349ee2b9c81dd34f66b8d3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 6985
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3
85.234.151.73200 OK 906 B URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash 2c6d3b562a48e0df5474999dd47e58fb
945220e990eb176c14e53cc663fb01e04e31b59f
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 13:35:18 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3
85.234.151.73200 OK 1.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (1191), with no line terminators
Hash 51300497928562f8c86c7aaba99237cd
e5826832b85c6afc6502b74cbb8ac5394b04c363
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
85.234.151.73200 OK 158 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65266)
Size 158 kB (157610 bytes)
Hash 6de31d697a1b1b2b0e2a3b29b1fb458b
c9b6c996a66918f7c4d49c9b60134ce282c47143
443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 157610
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
85.234.151.73200 OK 21 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20478)
Hash b19cf4664534718fbf45d1ab11c1e03f
46236e58872c4f83370dc2239f737ac9c9670428
527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 20697
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/uploads/2020/11/logo.png
85.234.151.73200 OK 22 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/11/logo.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f5bc92861c7d332c46c99d8665fad56
98911e8a3fd9aa9ce944d94034741325b2d43a65
31b8f6d3b6d6216568b8df126992f05b2f46be2a99af58aeea55dac26746db22
GET /wp-content/uploads/2020/11/logo.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 17:32:08 GMT
Accept-Ranges: bytes
Content-Length: 21477
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png
www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
85.234.151.73200 OK 472 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 2cc2a9c89cbd9d2da1fd4a79a7d8b1d8
b2a4971855e26ff842f71d5dd4fff2596a83bd59
3bdf6aea6d003d0b087c13a74034f422cb09a59fd5c97b2b48ce590dfca6109a
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 485416
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:40:18 GMT
expires: Fri, 03 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 552067
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.195200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Nov 2022 17:10:21 GMT
expires: Wed, 08 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 118264
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
216.58.207.195200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Nov 2022 17:15:32 GMT
expires: Wed, 08 Nov 2023 17:15:32 GMT
cache-control: public, max-age=31536000
age: 117953
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
216.58.207.195200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 08 Nov 2022 17:10:21 GMT
expires: Wed, 08 Nov 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 118264
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash f0c1ba8782042e64d296c64158811a67
ae25bf491e6f7381e4eecfead2a61e95489c850f
eb70540a2e2a591edb02abefb7ba5e08d35fe532db6469c1df9e45e5c4bb9983
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
85.234.151.73200 OK 1.5 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 66cc32a57727ac9775d9466634b24e7a
15baf4fd5dffe9cd12ab5919dc5fe650cffb9678
c85c46e673c2c4cffd9297b5184b02cc8adee620d36e2edea48d4dd17b7716be
GET /wp-content/uploads/2020/12/favicon-tofi.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:25 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:32:51 GMT
Accept-Ranges: bytes
Content-Length: 1488
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9cec7fd19118aaeb5702dd97a8dd2b0e
40769764dfe2e1d216aeb0f18b935ad9e2fd9b11
0d10421ffd21c60df554fc54330fb769ea6cf59b8a795c14500defff88f8b366
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9cec7fd19118aaeb5702dd97a8dd2b0e
40769764dfe2e1d216aeb0f18b935ad9e2fd9b11
0d10421ffd21c60df554fc54330fb769ea6cf59b8a795c14500defff88f8b366
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 02:01:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/c4225c42/www-widgetapi.vflset/www-widgetapi.js
216.58.207.238200 OK 54 kB URL HTTP/2 www.youtube.com/s/player/c4225c42/www-widgetapi.vflset/www-widgetapi.js
IP 216.58.207.238:0
File type ASCII text, with very long lines (817)
Hash ae0ce5c949c3cc29975dd77fd9bdebb3
00325ae2ca1c29c0f9fe563e192f1670b5423401
c537b6fe052e0b9e311c90bc61da3a6545033a061a04b79989b93a84cbf7176b
GET /s/player/c4225c42/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 53867
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 01:52:39 GMT
expires: Fri, 10 Nov 2023 01:52:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 01:22:49 GMT
content-type: text/javascript
age: 526
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Thu, 10 Nov 2022 07:17:38 GMT
Date: Thu, 10 Nov 2022 02:01:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Thu, 10 Nov 2022 07:17:38 GMT
Date: Thu, 10 Nov 2022 02:01:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Thu, 10 Nov 2022 07:17:38 GMT
Date: Thu, 10 Nov 2022 02:01:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Thu, 10 Nov 2022 07:17:38 GMT
Date: Thu, 10 Nov 2022 02:01:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4599ea4ab89bca0461dfc4e86cf90610
d513a3fca97e06dbc1a6cdd02fbdd3c7253c865a
6056ef181a66539dd449318a89c133c3711e3244394126a66b8ebd29cff4692b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6056EF181A66539DD449318A89C133C3711E3244394126A66B8EBD29CFF4692B"
Last-Modified: Tue, 08 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18973
Expires: Thu, 10 Nov 2022 07:17:38 GMT
Date: Thu, 10 Nov 2022 02:01:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 178b1b5efcd0c5997d0e5b820193abe2
460630852800c0304295c78df268bfec64416f98
9822d2ef4199dcc01f81a8e6d3a91d9545466c17abfca4eb30e0a49ca8301da6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F407f630c-7642-40eb-8db3-288b03315712.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3445
x-amzn-requestid: 92b5ba7a-e45a-495c-89ae-9738fd5644bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWloyHMpoAMF-Fw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c9e-5508b96c349a34537809ef0e;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:18 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3-XU3AO60wbMDZcPshBPHvxEFAQHVs7-dlg52BfbxkSlDAEx9kaeeg==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:58:41 GMT
age: 14564
etag: "460630852800c0304295c78df268bfec64416f98"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c2db9097ad95b726c65a3130483daf7
2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79
1da5e63e7a3e837c758bb365e5e99e6dfb6c54e9b2fe038c3eb1334a86dc4d74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F790db4df-e6d4-48ab-92fb-179a770f76b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7723
x-amzn-requestid: 1e07419e-8cd6-43d6-b0bb-61183502ee40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlpGHFKIAMFUUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1ca0-751c8b152ea5c28f5a78bf46;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: BXdwO74rhbF9575IFRz-DNbcEFNiX7JiCtsvghmUE8zOju0eyuFjow==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:45:34 GMT
age: 15351
etag: "2b6dbe326a49e03a0f8d1a5d15930fd7870f6f79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2917b487c605eb7f53d20ff3b4fbfef0
5dd8989fb1129638361c16ad2a1fde93a4c4aafd
aaf620d791f23829e15a454b3faf5b47a0f00ff37ada91d6de5c62c322fe90ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c73f10e-9c01-44bd-95d2-c18ba845fe07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8875
x-amzn-requestid: 1374243f-4fd8-4405-8f8a-946a8f92c457
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlniEw2oAMFtfA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c96-195c58a826eae13b58d21aa0;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MfDIK2PCS_o7UuNXVSNOb3YbR_P8vlF7xw75qf8WdbjRr8hzCVYu6A==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
age: 15297
etag: "5dd8989fb1129638361c16ad2a1fde93a4c4aafd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b66f592-618a-4463-834d-ff9bbe8866ae.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b66f592-618a-4463-834d-ff9bbe8866ae.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 848af62ec10d0c297922f8600b6ad12d
4eadbf5f0dade92dcc6d68c8ebb70898aadb9a7d
a3b4eb6768259876819d7e6c7ac9e21c603d54f60bf70ed077cb820711e2ae74
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7b66f592-618a-4463-834d-ff9bbe8866ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11316
x-amzn-requestid: 8456b25a-b87f-490d-86b3-fb217afea082
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlniESaIAMF3Qg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c96-30ed3b0972418bae4700edc8;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: y5MD-207EEHTD7hC8z0SzYCHA0JdOpYRrUhYDwo0cQ9ITGRbtQ-McA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
age: 15297
etag: "4eadbf5f0dade92dcc6d68c8ebb70898aadb9a7d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bbc8b-170e-44bf-9cf8-490e5ad231ac.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bbc8b-170e-44bf-9cf8-490e5ad231ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27a7615d7b9bd0b91421dc5942e35225
e54517b318fb3c290c836e40acbaf35f3fc5fd73
ab609c243e8fbb3c736f0d202e93af8c3ee55ff264812f0e48e727051ec261cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bbc8b-170e-44bf-9cf8-490e5ad231ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6169
x-amzn-requestid: a52c3f4e-2125-490b-84d9-409e99cdca1a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bWlngHg7IAMF8ZQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c1c96-64d32efe3d8d095255a1ea74;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 21:33:10 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: CkdZV5PlPe96cptE3jqDeeE6bKCHuR4k5lAyPlulWhfX8T_IoTcXIQ==
via: 1.1 332ef4544bd8b531e8f11abaa4197c08.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 21:46:28 GMT
age: 15297
etag: "e54517b318fb3c290c836e40acbaf35f3fc5fd73"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff77ae1-0bc8-4557-a572-f76f4061cd8a.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff77ae1-0bc8-4557-a572-f76f4061cd8a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7fa2648bda72248fd56cf98d3b2210b7
d10647bb2b9705edbbb21ddd7092404fff8b1491
a89679ead6f90b21f7d020911ca809686ea17d8c15e62e645462a5ee675a5c2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ff77ae1-0bc8-4557-a572-f76f4061cd8a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9082
x-amzn-requestid: f5e67e88-d5ef-4f68-86f9-f59f85eeb751
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bOAwmFdrIAMFuRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6368ae6a-38bc67d714f60c1f5e0f007c;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 07:06:18 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: hLaLpJKOvpvEw974yp7tKSP6ynnzRbAIP0hyH03CJTHT4MikDu9QRg==
via: 1.1 f4ae8c7714a9bd89828bad25fc96be24.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 09 Nov 2022 07:22:36 GMT
age: 67129
etag: "d10647bb2b9705edbbb21ddd7092404fff8b1491"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 327000
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.youtube.com/iframe_api
216.58.207.238200 OK 0 B URL HTTP/2 www.youtube.com/iframe_api
IP 216.58.207.238:0
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Thu, 10 Nov 2022 02:01:25 GMT
date: Thu, 10 Nov 2022 02:01:25 GMT
cache-control: private, max-age=0
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=-wzjGAjM_to; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=yrWPmMx4gqQ; Domain=.youtube.com; Expires=Tue, 09-May-2023 02:01:25 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+555; expires=Sat, 09-Nov-2024 02:01:25 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3
IP 142.250.74.10:0
GET /css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.3 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 10 Nov 2022 02:01:24 GMT
date: Thu, 10 Nov 2022 02:01:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/js/__scripts.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 84953
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
GET /wp-content/plugins/trx_addons/css/trx_addons.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/new-auto-upgrade%20_2%20_1.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 02:01:24 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 259021
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css