r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14505
Expires: Sun, 04 Sep 2022 04:33:28 GMT
Date: Sun, 04 Sep 2022 00:31:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 03 Sep 2022 23:43:38 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QuucB_43sofxwt0EYuFFuZVBYJ22ukt4HCz9qTwz-50OxJaBARBhQA==
Age: 2885
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aHHd9vInkPFOtk8h7R548bJ6kBU66eSKGprBEy7aao1RPZ-4yMp0yQ==
age: 83786
X-Firefox-Spdy: h2
tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Sep 2022 00:31:43 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 00:31:43 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 03 Sep 2022 23:38:16 GMT
Cache-Control: max-age=3600
Expires: Sat, 03 Sep 2022 23:52:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BEXDSQBCIi66byTqs1tW_swkwkK0MGGpcYJmVtIUR7iOH4m69DJNPQ==
Age: 3208
tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
85.234.151.73301 Moved Permanently 0 B URL HTTP/1.1 tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1
Host: tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Sep 2022 00:31:43 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4fc12f0a98aa28ccb56e0b56d7e40ded
f7efcfb8b4f4aa40268bada3fec380820a70ee35
a34aa9b7db949a583c3f1b4d87fed415a11d119c9615b5e710c3125173f8a277
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 923
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:44 GMT
Last-Modified: Sun, 04 Sep 2022 00:16:21 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Dwv0PK9LHnxpONHSdMDphA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FMbxbaDUKcXq3EZHuoF7fKiXqiw=
www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
85.234.151.73404 Not Found 55 kB URL HTTP/1.1 www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 338ec8f003bbb5408654301301b832c6
afebd7149c97c5bd2c1b57134a1001fd6f124b25
9d4afcdd8cff59e6ae5aba47b467a6269dd13794adb2364243d8f4a8c9ffe705
Analyzer Verdict Alert fortinet Phishing
GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.tofi.it/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
85.234.151.73200 OK 89 kB URL HTTP/1.1 www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (43771)
Hash b7915926fe42d76e9c802353ab01dae4
3a8192a4312f25f53de25b100d62829c0f14d67c
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2022 19:20:44 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
85.234.151.73200 OK 19 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/wp-emoji-release.min.js?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (15660)
Hash 32beb68a374e3aeac00abdf9e12b84ea
b5d18aa625e8696dd9d07cd0869337717b211ae0
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
85.234.151.73200 OK 1.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash a2e915fb21387a23a3578cb1b2b5a724
c3601301dacf90fc9eede9363f2698d922c05327
fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 1920
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
85.234.151.73200 OK 18 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (17459)
Hash 888fdd39e95ee8ecfabd72580861683a
d5ea47f1de0ca987682f4b89c851d7ef18d8752f
9240a25a99b786a64ed9f39d2aa70a327f019ccc4269dcc6bf70779863294817
GET /wp-content/plugins/trx_addons/js/swiper/swiper.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 17710
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
85.234.151.73200 OK 5.2 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5156), with no line terminators
Hash 301f825956e0202555eeb32a62b20edb
b4bb15601acb7aa9d1b0029f389e590195c65dbf
5bf51d12e86de98c7f594516b6b5c9613da60f64c863a803c3e870fa871f3e7f
GET /wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 5156
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
85.234.151.73200 OK 259 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65389)
Size 259 kB (259021 bytes)
Hash 24bc41d3b6194f8598fd82a1e43efb73
3472c81afeeb2722a31a440271588ba0c89f6b53
17a73aa1104951434d367e50ef97d524e782089bcf090ef8ceee1e130f290d3f
GET /wp-content/plugins/trx_addons/css/trx_addons.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 259021
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2
85.234.151.73200 OK 81 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 0c86cdcbd3de3b1fb99d7e1882030f81
8e96156956fcfc8b7074c72f7b303da326824de8
fdaebf38e9d60745a2e2cdcbf9550bf50058d490f4c0a5eeef93671c7659475b
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 81317
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
85.234.151.73200 OK 7.9 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7873)
Hash 39af00ca0151248005d3a90ae3e48289
6ef42eafe3c578530a3df35ea3b7adb3f6aa3257
219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
GET /wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 7874
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.2
85.234.151.73200 OK 5.5 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (5461), with no line terminators
Hash fd081bc5500fcaf246c15ffcad3467c7
62ff35896a1803419163ffc3117fe077d0d59054
52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:44 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 5461
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.2
85.234.151.73200 OK 308 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65217)
Size 308 kB (308532 bytes)
Hash 6753dbc1940419475691cbd572835cb1
ecd9e7c611fa605ed64a3482e384979e0526247b
8a543831320f80549300cd85bf432627d6d2b9dd308367a0507b13115899ba05
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 308532
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
85.234.151.73200 OK 13 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 4045fbc98e0caae7e213f52330c52c21
253b81dc846081e189174789220a296d96849681
168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 12663
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
85.234.151.73200 OK 43 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (7136)
Hash be226b70c4a044c014c0fc8c5afca14e
9d6165705084ebef3a550df37cad765a8004474d
4062e6f54df1e95d09317853df6fad95e103ab7ae67bbadd22ab2769c711a2f1
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 42720
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.2
85.234.151.73200 OK 117 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Size 117 kB (116927 bytes)
Hash cbf0c557f5cc513fe1881ec1f53ad90e
6169b1c05f01169d9e5a2290d1c14f7fe869677b
64245dd70f9080ff8d1b391478958d61033e994aea3d5cfdf77a00166bf323c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__styles.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 116927
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
85.234.151.73200 OK 60 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Hash 6965137b6996c7953be805866df582ed
7fa546bdc941a31224fcc0b64c75d30f23630583
b86f3cdcccad303cb5300fab4d2774eafc3a2788f07ff1f3cd1953dd0debaa3f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 60053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11256), with no line terminators
Hash 2b0dd7eecea03b4bdedb94ba622fdb03
703becba85161118dd6fc66af465428ef43f561c
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 11256
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/themes/electroserv/style.css
85.234.151.73200 OK 147 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/style.css
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Size 147 kB (146976 bytes)
Hash 65674f4c837f876b229cfaaeb02a651f
57739f6a9bf7fa8bbdaaae3e863c7ef858d45589
a9b1e17454837eb51bb49944ba490314f44ae6617a0e045d28b7b43e242a2065
GET /wp-content/themes/electroserv/style.css HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 146976
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
85.234.151.73200 OK 4.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (4186), with no line terminators
Hash ea958276b7de454bd3c2873f0dc47e5f
b143f6e8e8f79d8f104c26b0057ef5514d763219
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Accept-Ranges: bytes
Content-Length: 4186
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.2
85.234.151.73200 OK 208 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65169)
Size 208 kB (207790 bytes)
Hash 10493a040ec70e6f997887b04a4fef13
bfdfe3e0123bca9c9b6d3ac17de1c8b6c610aabb
474c7151d471e8dfdd71ff90539ed619a3a621fea465e6fc6d226dc70f0c75d0
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 207790
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
85.234.151.73200 OK 11 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (11126)
Hash 79b4956b7ec478ec10244b5e2d33ac7d
a46025b9d05e3df30d610a8aef14f392c7058dc9
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
85.234.151.73200 OK 9.3 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (9332), with no line terminators
Hash 6a229fc927df63e2b5f436bb01d2c37f
d09285c647f007d920a36aced75a0179d40ff4cb
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 9332
Keep-Alive: timeout=5, max=88
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
85.234.151.73200 OK 119 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (41022), with CRLF line terminators
Size 119 kB (119386 bytes)
Hash 1eca6ed028850aa07d5f4a003fd7079e
1f02b8c5485108373bdd14a96bb1fe22d72e157b
9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 119386
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
85.234.151.73200 OK 14 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f89263c0c2f24398a1df52eead69f5f8
850e9cfb1680eb1df4365889724e69f38df7bb9e
125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 14280
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
85.234.151.73200 OK 87 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (32020)
Hash 93150feefb986b403aedf9e26c914092
64c397ca8c093de3bdb2c2eda2205fbfb8173f32
b18bb25b43e0bd89fa67b62f914da8ef6286e626c0690f0b4fac74e7a52f700c
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 87126
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
85.234.151.73200 OK 20 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20087)
Hash ba6cf724c8bb1cf5b084e79ff230626e
f455c5f153f872e52265f87a644ff89fe14a6fb6
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 20216
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
85.234.151.73200 OK 133 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Unicode text, UTF-8 text, with very long lines (65387)
Size 133 kB (133329 bytes)
Hash af40015a43d12924cf11954bdf3c3026
b1fc1cc4b5c9869f8c22e7d3bc8c8daeb5fd544e
d4ed2787901051677e5769e6285b6f2dda4eb077e0a62f7e3f36e0c9493030cf
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/js/trx_addons.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 133329
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
85.234.151.73200 OK 7.0 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash f2d8d0aeb67bf6d5258efd5d6018c9fe
66a55167b4923cf03470b7013546893b0934041d
997c7e1d4ca02022f240b77a3e6d37c4693d8b7566349ee2b9c81dd34f66b8d3
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 6985
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
85.234.151.73200 OK 6.7 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (6684)
Hash 4c35d53fb0a5355136c6ab4df90ca3e1
388a6dc93b1d1d7d99700151dc495e045f4f3afa
af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 6685
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
85.234.151.73200 OK 85 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/js/__scripts.js
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (65384)
Hash 5e700606291a106e0ca748039676f8ce
265c4d1273b137892d2c7915226d5cce071b1f44
8fad17f40a3d49bf4bbd2d56fd8c4f7e958a8413d896606a3b18e24c46439b40
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/js/__scripts.js HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 84953
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2
85.234.151.73200 OK 1.2 kB URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (1191), with no line terminators
Hash 51300497928562f8c86c7aaba99237cd
e5826832b85c6afc6502b74cbb8ac5394b04c363
6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2
85.234.151.73200 OK 906 B URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type HTML document, ASCII text, with very long lines (906), with no line terminators
Hash 2c6d3b562a48e0df5474999dd47e58fb
945220e990eb176c14e53cc663fb01e04e31b59f
3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 13:35:18 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
85.234.151.73200 OK 21 kB URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type ASCII text, with very long lines (20478)
Hash b19cf4664534718fbf45d1ab11c1e03f
46236e58872c4f83370dc2239f737ac9c9670428
527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 20697
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript
www.tofi.it/wp-content/uploads/2020/11/logo.png
85.234.151.73200 OK 22 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/11/logo.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash 5f5bc92861c7d332c46c99d8665fad56
98911e8a3fd9aa9ce944d94034741325b2d43a65
31b8f6d3b6d6216568b8df126992f05b2f46be2a99af58aeea55dac26746db22
GET /wp-content/uploads/2020/11/logo.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 17:32:08 GMT
Accept-Ranges: bytes
Content-Length: 21477
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive
Content-Type: image/png
www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
85.234.151.73200 OK 471 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 9439a7cde73fea464c1463febdda0556
6a0030d4f26b2e9658700708c82e7ce6120ce93c
c3a5a489f4ef8c8cce54dbd819c5cf573740317ea3718ccd6804a03374739199
GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 327000
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Sep 2022 16:40:18 GMT
expires: Fri, 01 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 201087
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
85.234.151.73200 OK 471 B URL HTTP/1.1 www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 485416
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.2
85.234.151.73200 OK 24 kB URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/responsive.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 110619
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:10:21 GMT
expires: Wed, 30 Aug 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 372084
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
142.250.74.163200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Hash 1c6c65523675abc6fcd78e804325bd77
898d9808304dc157f5dcb18ca169ec6e2b96b3d7
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:15:31 GMT
expires: Wed, 30 Aug 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 371774
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 98125354dbaa891018a9429a7aae3ea1
a692cc9a073c9666971db41444342fc9d7dab2e2
771b96e4fb485d1ef041ee20fc060bb5b4b521043ec7a51ceaccefcbe837bd4f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
85.234.151.73200 OK 1.5 kB URL HTTP/1.1 www.tofi.it/wp-content/uploads/2020/12/favicon-tofi.png
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 66cc32a57727ac9775d9466634b24e7a
15baf4fd5dffe9cd12ab5919dc5fe650cffb9678
c85c46e673c2c4cffd9297b5184b02cc8adee620d36e2edea48d4dd17b7716be
GET /wp-content/uploads/2020/12/favicon-tofi.png HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:32:51 GMT
Accept-Ranges: bytes
Content-Length: 1488
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/iframe_api
142.250.74.46200 OK 54 kB URL HTTP/2 www.youtube.com/iframe_api
IP 142.250.74.46:0
File type ASCII text, with very long lines (509)
Hash f5d81ef9fa6de62c08da7f903134ed29
372b22da4d018319d166898eec37ea17a906e03e
b0920169df81978f2b0e53e4b43a13a416f7c44669d8c366c995defba77c0db2
GET /iframe_api HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
x-content-type-options: nosniff
expires: Sun, 04 Sep 2022 00:31:45 GMT
date: Sun, 04 Sep 2022 00:31:45 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=vNd2brXpMuU; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=4mlWPOe-yM8; Domain=.youtube.com; Expires=Fri, 03-Mar-2023 00:31:45 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+698; expires=Tue, 03-Sep-2024 00:31:45 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 51df98c169fb7de773301d014bcea4b8
9bdf9bdb9b5eee378e9ac4ec68ca07c665ae4819
c8336f3a2e16c9390b610c612ce9be7c19286f04a6328a29200cbf65db5801c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 00:31:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sun, 04 Sep 2022 00:31:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sun, 04 Sep 2022 00:31:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sun, 04 Sep 2022 00:31:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sun, 04 Sep 2022 00:31:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2571
Expires: Sun, 04 Sep 2022 01:14:36 GMT
Date: Sun, 04 Sep 2022 00:31:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0eecb70391b63b662d13355e32d95ea1
5d5c724e26af57967b9a132a77d3986ba8d6ed9c
2c7f2aa1c725a5d39daf44ee746bb24b5c15aab41c67cf160814f7f87d1aacdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8931
x-amzn-requestid: cfc0940f-ad6a-4535-91b7-70b200af68d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwGEVEoAMFriw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-5b6e6e5e3401eba533fb63df;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: -ASFa6a22qh9wxe5u-hQxXe9R7JSyBVFLZb6291gbrUeftSsYDXAJA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:31:42 GMT
etag: "5d5c724e26af57967b9a132a77d3986ba8d6ed9c"
content-type: image/jpeg
age: 7203
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75330c10-c792-473d-a3d2-0529a16f1fc2.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75330c10-c792-473d-a3d2-0529a16f1fc2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ff702bc582048928c5ecab8a6fa55d84
8e125792ea9dde5788e65d6491ba2eceade062d8
0c94940760d4c137f502da7310bc02f04a9adb5c8e2ea3c90370521e8a467e3a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75330c10-c792-473d-a3d2-0529a16f1fc2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6081
x-amzn-requestid: 030b9f1e-39af-44c8-80fa-23d0fb333fed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wxNEE-IAMFfSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c807-0ba8976b2f8934403cae41fa;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HtqsICZqA65XxVpMrwhlYSvvdqJDPO35wjejUpgwvOpg4VE2_AgWww==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:03:19 GMT
age: 8906
etag: "8e125792ea9dde5788e65d6491ba2eceade062d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a65f81-cc75-4344-b2c9-b175dee43d52.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a65f81-cc75-4344-b2c9-b175dee43d52.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c7c7824789fc28f90fdfc7afe9856bd
fd24bc01d65805deff463e77bd875a1a299e8b9d
1c5afb4c9648efb6c0117a47cb7613aa1072f7731fa3c7c325228373c8e07106
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a65f81-cc75-4344-b2c9-b175dee43d52.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6879
x-amzn-requestid: 75e0d594-5ef0-4cc0-b34b-7a20d2f1a85e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xv3i5GhRoAMFjyA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630fd2df-10e5e0bb386fbccb79250553;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 21:30:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bantvlTnQVyRs4-vDCPzl1xs4yeYwq2g_gOSL5wwfebr5i4dN_6h5w==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:17:08 GMT
age: 8077
etag: "fd24bc01d65805deff463e77bd875a1a299e8b9d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: e408351e-ba6c-4e55-815d-449af808282f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMEFBLoAMFtqg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-13831d8572a3b3cf54a0e747;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: GFM9jerDkTPdhlUTm99E7Lpksw2ZGnV81bNVaZLvWSAiRNDNtkZi4g==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
age: 9818
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1fc7703787379eb11904c4401cf312cc
96fdf64be0c9fdf0863b0f6daff8ea8ec123ee88
60277b56243f960c5c8cd4114075ae15e4b03b610093095b8bcc2890cffaca72
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1bab7d82-0a83-46ba-924e-b2c243917612.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8454
x-amzn-requestid: 6c8ece2f-7281-482d-9089-bca75c0e336d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5yMGEnGIAMFp1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313ca4d-3e8167960ddf23782816e488;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:42:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: aLlHMCR_I2UMrp-NcFroljqK6lI1AIpAtJxPIc7c6iL7uSU8KW8Q2Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "96fdf64be0c9fdf0863b0f6daff8ea8ec123ee88"
content-type: image/jpeg
age: 9818
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acac2bb5e293a186468a570578cb95d7
2884e46ae1e15d29f26abc040dd43d173a9b04c8
e336b7fbac184be0ed78002ad60fc3fea1c4064c1c0a48fdfed5ad011308c0e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25364423-42e8-41d8-af39-740ce9796e2f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3964
x-amzn-requestid: 50691b02-9efe-4615-b4ff-a6ea75af162c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwIHrlIAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-694671fc5371369d3901c55b;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: mgPk7HRZxd9mH9tSdWw3Sp60k4YkZ-WQs5zhoLOKAW2Fa7wIMIwvGA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 21:48:07 GMT
etag: "2884e46ae1e15d29f26abc040dd43d173a9b04c8"
content-type: image/jpeg
age: 9818
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.2
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.2
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Analyzer Verdict Alert fortinet Phishing
GET /wp-content/themes/electroserv/css/__colors.css?ver=6.0.2 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:01 GMT
Accept-Ranges: bytes
Content-Length: 357146
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Accept-Ranges: bytes
Content-Length: 89521
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: application/javascript
fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Sep 2022 00:31:45 GMT
date: Sun, 04 Sep 2022 00:31:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
85.234.151.73200 OK 0 B URL HTTP/1.1 www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16
IP 85.234.151.73:0
ASN #29550 Simply Transit Ltd
Analyzer Verdict Alert fortinet Phishing
GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1
Host: www.tofi.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 00:31:45 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 157610
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: application/javascript