Overview

URL tofi.it/welbin-webcatche/emailsetting.zip
IP85.234.151.73
ASNSimply Transit Ltd
Location United Kingdom
Report completed2022-10-01 01:14:02 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-01 2 tofi.it/welbin-webcatche/emailsetting.zip Phishing
2022-10-01 2 tofi.it/welbin-webcatche/emailsetting.zip Phishing
2022-10-01 2 www.tofi.it/welbin-webcatche/emailsetting.zip Phishing
2022-10-01 2 www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/c (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.cs (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 Phishing
2022-10-01 2 www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embed (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_ico (...) Phishing
2022-10-01 2 www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?v (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Phishing
2022-10-01 2 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ve (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?v (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ve (...) Phishing
2022-10-01 2 www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2 Phishing
2022-10-01 2 www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver= (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front (...) Phishing
2022-10-01 2 www.tofi.it/wp-content/themes/electroserv/js/__scripts.js Phishing
2022-10-01 2 www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS tofi.it (2) 0 2015-05-22 06:40:13 UTC 2022-09-24 02:45:36 UTC 85.234.151.73 Unknown ranking
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-30 04:56:26 UTC 34.117.237.239
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-09-30 21:45:49 UTC 93.184.220.29
mnemonic passive DNS ocsp.pki.goog (10) 175 2017-06-14 07:23:31 UTC 2022-09-30 04:55:27 UTC 142.250.74.3
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-30 16:59:18 UTC 142.250.74.10
mnemonic passive DNS r3.o.lencr.org (4) 344 2020-12-02 08:52:13 UTC 2022-09-30 04:55:29 UTC 23.36.77.32
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-30 05:34:07 UTC 216.137.44.95
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-30 05:12:28 UTC 54.149.28.179
mnemonic passive DNS www.tofi.it (39) 0 2015-11-14 15:52:21 UTC 2022-09-24 02:45:36 UTC 85.234.151.73 Unknown ranking
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-30 13:49:02 UTC 34.120.237.76
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-09-30 04:55:47 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS www.youtube.com (2) 90 2013-05-30 23:21:49 UTC 2022-09-30 04:55:30 UTC 142.250.74.46
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-09-30 21:46:18 UTC 18.164.68.21


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 85.234.151.73

Date UQ / IDS / BL URL IP
2022-11-11 09:42:55 +0000
0 - 0 - 28 tofi.it/alk/zeam.zip 85.234.151.73
2022-11-10 02:51:53 +0000
0 - 0 - 28 tofi.it/welbin-webcatche/upgrade%20_2%20_1/up (...) 85.234.151.73
2022-11-10 02:01:34 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73
2022-11-08 04:36:35 +0000
0 - 0 - 29 tofi.it/ 85.234.151.73
2022-11-07 02:44:31 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/emailsetting.zip 85.234.151.73

Last 5 reports on ASN: Simply Transit Ltd

Date UQ / IDS / BL URL IP
2022-12-08 13:04:49 +0000
0 - 0 - 5 sonomosnesa.fr/ 94.76.228.135
2022-12-08 01:53:16 +0000
0 - 0 - 5 ilingi.fr/ 94.76.228.135
2022-12-06 14:37:11 +0000
0 - 0 - 5 sastonlisne.com/ 94.76.228.135
2022-12-06 11:50:34 +0000
0 - 0 - 5 sastonlisne.com/ 94.76.228.135
2022-12-05 23:01:16 +0000
0 - 0 - 2 warukraine.co/un/kl334.zip 213.229.66.214

Last 5 reports on domain: tofi.it

Date UQ / IDS / BL URL IP
2022-11-11 09:42:55 +0000
0 - 0 - 28 tofi.it/alk/zeam.zip 85.234.151.73
2022-11-10 02:51:53 +0000
0 - 0 - 28 tofi.it/welbin-webcatche/upgrade%20_2%20_1/up (...) 85.234.151.73
2022-11-10 02:01:34 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73
2022-11-08 04:36:35 +0000
0 - 0 - 29 tofi.it/ 85.234.151.73
2022-11-07 02:44:31 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/emailsetting.zip 85.234.151.73

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-11-11 09:42:55 +0000
0 - 0 - 28 tofi.it/alk/zeam.zip 85.234.151.73
2022-11-10 02:51:53 +0000
0 - 0 - 28 tofi.it/welbin-webcatche/upgrade%20_2%20_1/up (...) 85.234.151.73
2022-11-10 02:01:34 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73
2022-11-07 02:44:31 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/emailsetting.zip 85.234.151.73
2022-10-08 07:33:20 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73


JavaScript

Executed Scripts (25)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (73)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Backoff, Content-Length, Retry-After
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 01 Oct 2022 01:02:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f1b5cccb468453b067a2a271f6f316a4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: dCGNjrC-or1Z7fkZEgwfFl1rBEZrWI6iwYshAPCrzrqcl1NmMzqH4g==
Age: 693


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    1b3053fa528e28810f8a2cc9284cc921
Sha1:   cca9eb471d941881a6b9a1793aecb6c281908f6a
Sha256: a2427848ba35575dda8a82cf88f104978234c05389deebc3fc8279d9075eff45
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "763E2DADFDD286A51327CD2000CA335E30CD0B9B7267875D22CA33F7556BA200"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6230
Expires: Sat, 01 Oct 2022 02:57:41 GMT
Date: Sat, 01 Oct 2022 01:13:51 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.137.44.95
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 30 Sep 2022 03:33:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c79c2a81ac4d9188a11e797e452b6892.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P2
x-amz-cf-id: OvuqXnf1tQOrFmINeUcu_Cz18MzIGRC8FxU3niuSD6fmsCoE78regw==
age: 78037
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /welbin-webcatche/emailsetting.zip HTTP/1.1 
Host: tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         85.234.151.73
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 01 Oct 2022 01:13:51 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tofi.it/welbin-webcatche/emailsetting.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 01 Oct 2022 01:13:52 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.164.68.21
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Type, Expires, Backoff, ETag, Last-Modified, Pragma, Cache-Control, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Sat, 01 Oct 2022 01:12:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 01 Oct 2022 01:15:42 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6e05560e2a116f10e93777df92ea6478.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: LHR50-P4
X-Amz-Cf-Id: xeQ_ezRlh0FFPCCfNoogbAwRFDsq0zMTUaNs2Sdh4M3KpFaTLzR2TA==
Age: 2459


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5739
Cache-Control: 'max-age=158059'
Date: Sat, 01 Oct 2022 01:13:52 GMT
Last-Modified: Fri, 30 Sep 2022 23:38:13 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7mwaS7dyckIn5w2I+FqGeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         54.149.28.179
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BrbMZ+aYI3ors3cdwZfVFMy1H5E=

                                        
                                            GET /welbin-webcatche/emailsetting.zip HTTP/1.1 
Host: tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         85.234.151.73
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 01 Oct 2022 01:13:52 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /welbin-webcatche/emailsetting.zip HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         85.234.151.73
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 01 Oct 2022 01:13:53 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.tofi.it/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size:   54800
Md5:    3ccbfa3e0c0f20ad69f7944da5218d3c
Sha1:   a8a7185564d7f1dbf04f8f075840ade12ae5f455
Sha256: 5d0bc7c0dad570e9a07ac0ca26a079eac3e3e14f03adf88b1d9a691a2ce669c7

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:53 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2022 19:20:44 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   88932
Md5:    b7915926fe42d76e9c802353ab01dae4
Sha1:   3a8192a4312f25f53de25b100d62829c0f14d67c
Sha256: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   18617
Md5:    32beb68a374e3aeac00abdf9e12b84ea
Sha1:   b5d18aa625e8696dd9d07cd0869337717b211ae0
Sha256: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
                                        
                                            GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 5461
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (5461), with no line terminators
Size:   5461
Md5:    fd081bc5500fcaf246c15ffcad3467c7
Sha1:   62ff35896a1803419163ffc3117fe077d0d59054
Sha256: 52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 1920
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1920
Md5:    a2e915fb21387a23a3578cb1b2b5a724
Sha1:   c3601301dacf90fc9eede9363f2698d922c05327
Sha256: fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 12663
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   12663
Md5:    4045fbc98e0caae7e213f52330c52c21
Sha1:   253b81dc846081e189174789220a296d96849681
Sha256: 168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/swiper/swiper.min.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 17710
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (17459)
Size:   17710
Md5:    888fdd39e95ee8ecfabd72580861683a
Sha1:   d5ea47f1de0ca987682f4b89c851d7ef18d8752f
Sha256: 9240a25a99b786a64ed9f39d2aa70a327f019ccc4269dcc6bf70779863294817
                                        
                                            GET /wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 5156
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (5156), with no line terminators
Size:   5156
Md5:    301f825956e0202555eeb32a62b20edb
Sha1:   b4bb15601acb7aa9d1b0029f389e590195c65dbf
Sha256: 5bf51d12e86de98c7f594516b6b5c9613da60f64c863a803c3e870fa871f3e7f
                                        
                                            GET /wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 81317
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   81317
Md5:    0c86cdcbd3de3b1fb99d7e1882030f81
Sha1:   8e96156956fcfc8b7074c72f7b303da326824de8
Sha256: fdaebf38e9d60745a2e2cdcbf9550bf50058d490f4c0a5eeef93671c7659475b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 42720
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (7136)
Size:   42720
Md5:    be226b70c4a044c014c0fc8c5afca14e
Sha1:   9d6165705084ebef3a550df37cad765a8004474d
Sha256: 4062e6f54df1e95d09317853df6fad95e103ab7ae67bbadd22ab2769c711a2f1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 7874
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (7873)
Size:   7874
Md5:    39af00ca0151248005d3a90ae3e48289
Sha1:   6ef42eafe3c578530a3df35ea3b7adb3f6aa3257
Sha256: 219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 60053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Size:   60053
Md5:    6965137b6996c7953be805866df582ed
Sha1:   7fa546bdc941a31224fcc0b64c75d30f23630583
Sha256: b86f3cdcccad303cb5300fab4d2774eafc3a2788f07ff1f3cd1953dd0debaa3f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 308532
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65217)
Size:   308532
Md5:    6753dbc1940419475691cbd572835cb1
Sha1:   ecd9e7c611fa605ed64a3482e384979e0526247b
Sha256: 8a543831320f80549300cd85bf432627d6d2b9dd308367a0507b13115899ba05

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/style.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 146976
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   146976
Md5:    65674f4c837f876b229cfaaeb02a651f
Sha1:   57739f6a9bf7fa8bbdaaae3e863c7ef858d45589
Sha256: a9b1e17454837eb51bb49944ba490314f44ae6617a0e045d28b7b43e242a2065
                                        
                                            GET /wp-content/plugins/trx_addons/css/trx_addons.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 259021
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65389)
Size:   259021
Md5:    24bc41d3b6194f8598fd82a1e43efb73
Sha1:   3472c81afeeb2722a31a440271588ba0c89f6b53
Sha256: 17a73aa1104951434d367e50ef97d524e782089bcf090ef8ceee1e130f290d3f
                                        
                                            GET /wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 207790
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65169)
Size:   207790
Md5:    10493a040ec70e6f997887b04a4fef13
Sha1:   bfdfe3e0123bca9c9b6d3ac17de1c8b6c610aabb
Sha256: 474c7151d471e8dfdd71ff90539ed619a3a621fea465e6fc6d226dc70f0c75d0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 11256
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (11256), with no line terminators
Size:   11256
Md5:    2b0dd7eecea03b4bdedb94ba622fdb03
Sha1:   703becba85161118dd6fc66af465428ef43f561c
Sha256: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/css/__colors.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:01 GMT
Accept-Ranges: bytes
Content-Length: 357146
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65384)
Size:   357146
Md5:    92e8131e1a390042435247f2896d4e0e
Sha1:   42bc98de063148b711a5ac54340f50916a393b53
Sha256: 76ea2b5e1611a0094e2ae360caad752de442e722d85bada9556c26900885d6e3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10844
Expires: Sat, 01 Oct 2022 04:14:38 GMT
Date: Sat, 01 Oct 2022 01:13:54 GMT
Connection: keep-alive

                                        
                                            GET /wp-content/themes/electroserv/css/__styles.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 116927
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65384)
Size:   116927
Md5:    cbf0c557f5cc513fe1881ec1f53ad90e
Sha1:   6169b1c05f01169d9e5a2290d1c14f7fe869677b
Sha256: 64245dd70f9080ff8d1b391478958d61033e994aea3d5cfdf77a00166bf323c8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0222b19-e28d-42f0-b085-23b2b665419f.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5845
x-amzn-requestid: 5f7a3d43-3c65-4cde-9b7f-fcb6223200c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZSxLEEchIAMFTjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63376246-027b8cc4272f027521eea8c7;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 21:40:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: gsT8eVPGsaXk-982_8xS2qNOhEG6lWsrXtJf3AD9VsgZVtyOQHjPvg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 22:00:47 GMT
age: 11587
etag: "aad835c1f25a742cc8f3b8f695ddc2a8a83220b9"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5845
Md5:    bf40d5ad9837589adb9464463083ed29
Sha1:   aad835c1f25a742cc8f3b8f695ddc2a8a83220b9
Sha256: 9883621d6a4802c1d12e6c8c4dd5a194a81ee84bbede42da853a9e23027aaa09
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F560edc86-1e97-4593-b97a-0e5e481931eb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11373
x-amzn-requestid: 63c9c5f9-ab5b-447c-9837-a20ae37cefc9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLlMEq6oAMFRXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f2ed-36d33fe66aec59b477696c26;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:08:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: QSCSEPZCfx7H19whFgxP2kAGKYDcqBv6dEIstTnzKmZHxzpkTFZr1Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 12:08:44 GMT
age: 47110
etag: "2b18eae551b2a537b6f839cf97ba6eff6d1b7d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11373
Md5:    05fe3ce0222762233d97a00a63dc8960
Sha1:   2b18eae551b2a537b6f839cf97ba6eff6d1b7d07
Sha256: 69c2d96e2c3543cded0e4778d3e1206d7a2fff7ede92c1437bb7b66d4363596e
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   11224
Md5:    79b4956b7ec478ec10244b5e2d33ac7d
Sha1:   a46025b9d05e3df30d610a8aef14f392c7058dc9
Sha256: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Accept-Ranges: bytes
Content-Length: 4186
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (4186), with no line terminators
Size:   4186
Md5:    ea958276b7de454bd3c2873f0dc47e5f
Sha1:   b143f6e8e8f79d8f104c26b0057ef5514d763219
Sha256: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/css/responsive.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 110619
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  assembler source, ASCII text, with very long lines (696)
Size:   110619
Md5:    4a89add69adeb951442caeee5db24d80
Sha1:   4e341b21e8d0f71b47bcbbae5092e67e7215bcca
Sha256: f067d724c42c05a9604ec4036d0ee641c3fe1f79ac620d7cfd8c18b495230f62

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 9332
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (9332), with no line terminators
Size:   9332
Md5:    6a229fc927df63e2b5f436bb01d2c37f
Sha1:   d09285c647f007d920a36aced75a0179d40ff4cb
Sha256: dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff3837333-445d-4cb3-9734-b6d600909325.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8586
x-amzn-requestid: 7b1086bb-d953-4248-989b-3bca5cc70cc6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM83cG8soAMFRbg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350e95-193af5f92dff316d146e693f;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:18:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hf0Pj9q9HdufvMZ-pjVvlflJ0z9R7Y45tvukrcVaZTAABBushRT8AA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 16:26:32 GMT
age: 31642
etag: "fe6ca607e220c55494e3b2d0aae5022959c4a5af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8586
Md5:    9fb275e930996f302ab80412269d258a
Sha1:   fe6ca607e220c55494e3b2d0aae5022959c4a5af
Sha256: 6b03622b60a4ad077f1e0ac62d3b322d93ec0c332a65f84b8e1caab61ca2edae
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 119386
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (41022), with CRLF line terminators
Size:   119386
Md5:    1eca6ed028850aa07d5f4a003fd7079e
Sha1:   1f02b8c5485108373bdd14a96bb1fe22d72e157b
Sha256: 9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F979b163e-e6cb-49a1-a2a2-de55e3c86685.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6655
x-amzn-requestid: ade9e38b-a622-4ec5-b8be-29d4ba80d883
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZP6jHGNioAMFVbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63363e13-02fb28271686b4c97d95bde3;Sampled=0
x-amzn-remapped-date: Fri, 30 Sep 2022 00:53:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wwTf6va45g9yXUUnmddByF22fmAQCX6ZVK6PwpElVK41tesFsq0mlA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 13:43:10 GMT
age: 41444
etag: "bb9a3611d2eb51e0eef79106f1497e3f460a03cb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6655
Md5:    72a92d7de4dd5ccce4cdf54dd132b948
Sha1:   bb9a3611d2eb51e0eef79106f1497e3f460a03cb
Sha256: 7654b1824c07d1c121e288c19ea587eff25579333a783978bc73dc37cc9b35a4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d8201d9-93ae-492b-8ea9-d245fa2e4073.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3640
x-amzn-requestid: b5f5c567-8aa9-414b-8310-cf3006711ee9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZJo1vFIwoAMF2mA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333bb57-0f1cbcbb29287f5367a14b67;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 03:11:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HiU5q54X8yU3PXfTqYyCa9c3NbGAmjVLQRYn3P47trBJhtCP4juxRQ==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 11:34:12 GMT
age: 49182
etag: "303c6bb672425443a15bbe22394bd1149f887904"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3640
Md5:    a9e7ba045a723120501994dea21709db
Sha1:   303c6bb672425443a15bbe22394bd1149f887904
Sha256: b1bea7212e55ec8eaf62434214a86fed7d6a990d105984d79a7fa0e793395d59
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10844
Expires: Sat, 01 Oct 2022 04:14:38 GMT
Date: Sat, 01 Oct 2022 01:13:54 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.3 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 14280
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   14280
Md5:    f89263c0c2f24398a1df52eead69f5f8
Sha1:   850e9cfb1680eb1df4365889724e69f38df7bb9e
Sha256: 125ec330f66081e7dc9f2814e9ec18f4e2d0baa1936d497375eedfda7ac12e5c
                                        
                                            GET /wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 87126
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32020)
Size:   87126
Md5:    93150feefb986b403aedf9e26c914092
Sha1:   64c397ca8c093de3bdb2c2eda2205fbfb8173f32
Sha256: b18bb25b43e0bd89fa67b62f914da8ef6286e626c0690f0b4fac74e7a52f700c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 327000
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (64268)
Size:   327000
Md5:    8a5702feb8810be04c356543d737724b
Sha1:   3385fcee5497e03be43e3bbd17e052bb533f3994
Sha256: 60f59e08903c3d0b70e928af542ded081c10a790b6c198c7026788b77f4256ac
                                        
                                            GET /wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 20216
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (20087)
Size:   20216
Md5:    ba6cf724c8bb1cf5b084e79ff230626e
Sha1:   f455c5f153f872e52265f87a644ff89fe14a6fb6
Sha256: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 485416
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65358)
Size:   485416
Md5:    2fcf15b9242ca9cbf091c45419959fdb
Sha1:   52e744ee97e3612e790305643ab5046201831618
Sha256: f1dbbc4be8d88ae17466b1d7a8fd7bf4f9d9b5ab492719cdea721d82cecb738d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 6985
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   6985
Md5:    f2d8d0aeb67bf6d5258efd5d6018c9fe
Sha1:   66a55167b4923cf03470b7013546893b0934041d
Sha256: 997c7e1d4ca02022f240b77a3e6d37c4693d8b7566349ee2b9c81dd34f66b8d3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 6685
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (6684)
Size:   6685
Md5:    4c35d53fb0a5355136c6ab4df90ca3e1
Sha1:   388a6dc93b1d1d7d99700151dc495e045f4f3afa
Sha256: af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C17A343CEB786A421F8C3ABFFFAE350E12C92271A69FC88EB8E8BAB568877D6B"
Last-Modified: Fri, 30 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10844
Expires: Sat, 01 Oct 2022 04:14:38 GMT
Date: Sat, 01 Oct 2022 01:13:54 GMT
Connection: keep-alive

                                        
                                            GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1191), with no line terminators
Size:   1191
Md5:    51300497928562f8c86c7aaba99237cd
Sha1:   e5826832b85c6afc6502b74cbb8ac5394b04c363
Sha256: 6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 157610
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65266)
Size:   157610
Md5:    6de31d697a1b1b2b0e2a3b29b1fb458b
Sha1:   c9b6c996a66918f7c4d49c9b60134ce282c47143
Sha256: 443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 13:35:18 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (906), with no line terminators
Size:   906
Md5:    2c6d3b562a48e0df5474999dd47e58fb
Sha1:   945220e990eb176c14e53cc663fb01e04e31b59f
Sha256: 3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
                                        
                                            GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 20697
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (20478)
Size:   20697
Md5:    b19cf4664534718fbf45d1ab11c1e03f
Sha1:   46236e58872c4f83370dc2239f737ac9c9670428
Sha256: 527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3f707500-bb78-464b-8e9e-2668be34caad.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12024
x-amzn-requestid: 1e64f9da-2a35-4629-a7e9-9b0738c7c172
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZM65THQ-IAMFYWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63350b6e-160e7397241a05bb638cd47d;Sampled=0
x-amzn-remapped-date: Thu, 29 Sep 2022 03:05:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0MC3mLDLxSn-9vHW4vaEysK2Xz9apPi9m-nvz5gKQyVmuU9HC-hQKQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Sep 2022 03:52:06 GMT
age: 76908
etag: "cb342453361e167efb495b22a3ce3d3c21e7742f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:10:21 GMT
expires: Wed, 27 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 288213
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size:   23040
Md5:    de69cf9e514df447d1b0bb16f49d2457
Sha1:   2ac78601179c3a63ba3f3f3081556b12ddcaf655
Sha256: c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
                                        
                                            GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:10:21 GMT
expires: Wed, 27 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 288213
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size:   23580
Md5:    e1b3b5908c9cf23dfb2b9c52b9a023ab
Sha1:   fcd4136085f2a03481d9958cc6793a5ed98e714c
Sha256: 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:15:31 GMT
expires: Wed, 27 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 287903
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Size:   22504
Md5:    1c6c65523675abc6fcd78e804325bd77
Sha1:   898d9808304dc157f5dcb18ca169ec6e2b96b3d7
Sha256: 08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/12/favicon-tofi.png HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:32:51 GMT
Accept-Ranges: bytes
Content-Length: 1488
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   1488
Md5:    66cc32a57727ac9775d9466634b24e7a
Sha1:   15baf4fd5dffe9cd12ab5919dc5fe650cffb9678
Sha256: c85c46e673c2c4cffd9297b5184b02cc8adee620d36e2edea48d4dd17b7716be
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/player/a336babc/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 52493
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 30 Sep 2022 21:48:15 GMT
expires: Sat, 30 Sep 2023 21:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 29 Sep 2022 00:20:07 GMT
age: 12339
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (717)
Size:   52493
Md5:    4a1a1c223dc240bce59eb4a28b229f06
Sha1:   f4e1d64010cf7d53754b4f23ef04755dccb16746
Sha256: 5acdfcedc1a70cc2ee42f6152c722084a5cc97722bba2a24280d9378fbc09139
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Accept-Ranges: bytes
Content-Length: 89521
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
                                        
                                            GET /wp-content/themes/electroserv/js/__scripts.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 84953
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/trx_addons.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/emailsetting.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Sat, 01 Oct 2022 01:13:54 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 133329
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /iframe_api HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.46
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-content-type-options: nosniff
expires: Sat, 01 Oct 2022 01:13:54 GMT
date: Sat, 01 Oct 2022 01:13:54 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=FyCXNzttDD4; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=9cmRtIymjo4; Domain=.youtube.com; Expires=Thu, 30-Mar-2023 01:13:54 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+167; expires=Mon, 30-Sep-2024 01:13:54 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.2 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 01 Oct 2022 01:13:54 GMT
date: Sat, 01 Oct 2022 01:13:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---