Overview

URL tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
IP85.234.151.73
ASNSimply Transit Ltd
Location United Kingdom
Report completed2022-10-04 01:11:20 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-10-04 2 tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip Phishing
2022-10-04 2 tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip Phishing
2022-10-04 2 www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip Phishing
2022-10-04 2 www.tofi.it/wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/essential-grid/public/assets/css/settings.cs (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/essential-grid/public/assets/font/fontello/c (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/themes/electroserv/css/font-icons/css/fontello-embed (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/themes/electroserv/css/__styles.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_ico (...) Phishing
2022-10-04 2 www.tofi.it/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?v (...) Phishing
2022-10-04 2 www.tofi.it/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/themes/electroserv/css/__colors.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/themes/electroserv/css/responsive.css?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ve (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/js_composer/assets/css/js_composer.min.css?v (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ve (...) Phishing
2022-10-04 2 www.tofi.it/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2 Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/js_composer/assets/js/dist/js_composer_front (...) Phishing
2022-10-04 2 www.tofi.it/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver= (...) Phishing
2022-10-04 2 www.tofi.it/wp-content/plugins/trx_addons/js/trx_addons.js Phishing
2022-10-04 2 www.tofi.it/wp-content/themes/electroserv/js/__scripts.js Phishing
mnemonic secure dns  No alerts detected
Quad9 DNS  No alerts detected


Files

No files detected



Passive DNS (13)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-10-03 07:33:36 UTC 23.36.76.226
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-03 09:28:24 UTC 34.117.237.239
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-03 09:28:24 UTC 35.86.38.2
mnemonic passive DNS fonts.gstatic.com (4) 0 2014-08-29 13:43:22 UTC 2022-10-03 19:40:13 UTC 172.217.21.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS ocsp.pki.goog (10) 175 2017-06-14 07:23:31 UTC 2022-10-03 07:14:52 UTC 142.250.74.3
mnemonic passive DNS www.youtube.com (2) 90 2013-05-30 23:21:49 UTC 2022-10-03 07:12:14 UTC 142.250.74.110
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-03 14:02:45 UTC 34.120.237.76
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-03 17:23:50 UTC 143.204.55.35
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-03 08:07:24 UTC 143.204.55.49
mnemonic passive DNS tofi.it (2) 0 2015-05-22 06:40:13 UTC 2022-10-01 03:39:58 UTC 85.234.151.73 Unknown ranking
mnemonic passive DNS ocsp.digicert.com (1) 86 2012-05-21 07:02:23 UTC 2022-10-03 20:32:42 UTC 93.184.220.29
mnemonic passive DNS www.tofi.it (39) 0 2015-11-14 15:52:21 UTC 2022-10-01 01:13:53 UTC 85.234.151.73 Unknown ranking
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-10-03 17:32:53 UTC 142.250.74.10


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 85.234.151.73

Date UQ / IDS / BL URL IP
2022-11-11 09:42:55 +0000
0 - 0 - 28 tofi.it/alk/zeam.zip 85.234.151.73
2022-11-10 02:51:53 +0000
0 - 0 - 28 tofi.it/welbin-webcatche/upgrade%20_2%20_1/up (...) 85.234.151.73
2022-11-10 02:01:34 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73
2022-11-08 04:36:35 +0000
0 - 0 - 29 tofi.it/ 85.234.151.73
2022-11-07 02:44:31 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/emailsetting.zip 85.234.151.73

Last 5 reports on ASN: Simply Transit Ltd

Date UQ / IDS / BL URL IP
2022-12-08 13:04:49 +0000
0 - 0 - 5 sonomosnesa.fr/ 94.76.228.135
2022-12-08 01:53:16 +0000
0 - 0 - 5 ilingi.fr/ 94.76.228.135
2022-12-06 14:37:11 +0000
0 - 0 - 5 sastonlisne.com/ 94.76.228.135
2022-12-06 11:50:34 +0000
0 - 0 - 5 sastonlisne.com/ 94.76.228.135
2022-12-05 23:01:16 +0000
0 - 0 - 2 warukraine.co/un/kl334.zip 213.229.66.214

Last 5 reports on domain: tofi.it

Date UQ / IDS / BL URL IP
2022-11-11 09:42:55 +0000
0 - 0 - 28 tofi.it/alk/zeam.zip 85.234.151.73
2022-11-10 02:51:53 +0000
0 - 0 - 28 tofi.it/welbin-webcatche/upgrade%20_2%20_1/up (...) 85.234.151.73
2022-11-10 02:01:34 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/new-auto-upgrade%20_ (...) 85.234.151.73
2022-11-08 04:36:35 +0000
0 - 0 - 29 tofi.it/ 85.234.151.73
2022-11-07 02:44:31 +0000
0 - 0 - 29 tofi.it/welbin-webcatche/emailsetting.zip 85.234.151.73

No other reports with similar screenshot



JavaScript

Executed Scripts (25)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (75)


Request Response
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 00:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _iSA5dabsbVZ_hdAJIAPRFEddHbQPMy_n2H0FAB7wEv8k5a2tVITyg==
Age: 1446


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB128AEC099DBF1919EE5D965221E904AD3A2162583683CEC44518640B505447"
Last-Modified: Sat, 01 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8104
Expires: Tue, 04 Oct 2022 03:26:14 GMT
Date: Tue, 04 Oct 2022 01:11:10 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.49
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 03 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rxGJPIsmx-JC39tyNpdINJjdImxgtQD_ZMZvQtOfESbbVsucPvz1eQ==
age: 70963
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1 
Host: tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         85.234.151.73
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 01:11:10 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Tue, 04 Oct 2022 01:11:10 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 00:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 01:09:06 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ptuwwPBfVopFFtCRz3dBE2o2zo5K8i9cxPlxLDZ1XKy90QW8nb3s6g==
Age: 2497


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1 
Host: tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         85.234.151.73
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 01:11:10 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5653
Cache-Control: 'max-age=158059'
Date: Tue, 04 Oct 2022 01:11:10 GMT
Last-Modified: Mon, 03 Oct 2022 23:36:57 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /welbin-webcatche/upgrade%20_2%20_1/upgrade.zip HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         85.234.151.73
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Tue, 04 Oct 2022 01:11:10 GMT
Server: Apache
X-Powered-By: PHP/7.4.30
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Link: <https://www.tofi.it/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Size:   54877
Md5:    295bac5a53be00e1d50cbc51b25fb4f5
Sha1:   70638d0a672cefb41cb930d2815296f582bfa3e0
Sha256: c9231b19345c8a63d298f5ae33295c5c0bab00348acd662a9c775f3315809f3c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sqTs6nmSZH8vtKJCpMJMyQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         35.86.38.2
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fc8WhrhP6bcP4f5tZcRaKYme49k=

                                        
                                            GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2022 19:20:44 GMT
Accept-Ranges: bytes
Content-Length: 88932
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (43771)
Size:   88932
Md5:    b7915926fe42d76e9c802353ab01dae4
Sha1:   3a8192a4312f25f53de25b100d62829c0f14d67c
Sha256: d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.3 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 1920
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   1920
Md5:    a2e915fb21387a23a3578cb1b2b5a724
Sha1:   c3601301dacf90fc9eede9363f2698d922c05327
Sha256: fbf8ab57db7f9981bd71d79c7daaa01a3c578ffa0aa8e9b4a9b2bfe2e9927427

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=3.0.7 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 42720
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (7136)
Size:   42720
Md5:    be226b70c4a044c014c0fc8c5afca14e
Sha1:   9d6165705084ebef3a550df37cad765a8004474d
Sha256: 4062e6f54df1e95d09317853df6fad95e103ab7ae67bbadd22ab2769c711a2f1

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/swiper/swiper.min.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 17710
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (17459)
Size:   17710
Md5:    888fdd39e95ee8ecfabd72580861683a
Sha1:   d5ea47f1de0ca987682f4b89c851d7ef18d8752f
Sha256: 9240a25a99b786a64ed9f39d2aa70a327f019ccc4269dcc6bf70779863294817
                                        
                                            GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Accept-Ranges: bytes
Content-Length: 18617
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (15660)
Size:   18617
Md5:    32beb68a374e3aeac00abdf9e12b84ea
Sha1:   b5d18aa625e8696dd9d07cd0869337717b211ae0
Sha256: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
                                        
                                            GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 5461
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (5461), with no line terminators
Size:   5461
Md5:    fd081bc5500fcaf246c15ffcad3467c7
Sha1:   62ff35896a1803419163ffc3117fe077d0d59054
Sha256: 52f668d0c674f4029e8e4ff528bcc1e51307e6568c03c9c6a4d3ba6c9ac1302e
                                        
                                            GET /wp-content/plugins/essential-grid/public/assets/font/fontello/css/fontello.css?ver=3.0.7 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:56 GMT
Accept-Ranges: bytes
Content-Length: 12663
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   12663
Md5:    4045fbc98e0caae7e213f52330c52c21
Sha1:   253b81dc846081e189174789220a296d96849681
Sha256: 168642741cf6acd34501d09c8cc1c7e6be332ca9222f3223419bd1664b381839

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/magnific/magnific-popup.min.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 5156
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (5156), with no line terminators
Size:   5156
Md5:    301f825956e0202555eeb32a62b20edb
Sha1:   b4bb15601acb7aa9d1b0029f389e590195c65dbf
Sha256: 5bf51d12e86de98c7f594516b6b5c9613da60f64c863a803c3e870fa871f3e7f
                                        
                                            GET /wp-content/plugins/wp-gdpr-compliance/assets/css/front.min.css?ver=1603730581 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 7874
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (7873)
Size:   7874
Md5:    39af00ca0151248005d3a90ae3e48289
Sha1:   6ef42eafe3c578530a3df35ea3b7adb3f6aa3257
Sha256: 219222bf1646c16a6f0137ead39b1cf86b23b00533f493a84008d5e19288ad46
                                        
                                            GET /wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 60053
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (12602), with CRLF line terminators
Size:   60053
Md5:    6965137b6996c7953be805866df582ed
Sha1:   7fa546bdc941a31224fcc0b64c75d30f23630583
Sha256: b86f3cdcccad303cb5300fab4d2774eafc3a2788f07ff1f3cd1953dd0debaa3f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/css/trx_addons.animation.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 81317
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   81317
Md5:    0c86cdcbd3de3b1fb99d7e1882030f81
Sha1:   8e96156956fcfc8b7074c72f7b303da326824de8
Sha256: fdaebf38e9d60745a2e2cdcbf9550bf50058d490f4c0a5eeef93671c7659475b

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/css/font-icons/css/fontello-embedded.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 308532
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65217)
Size:   308532
Md5:    6753dbc1940419475691cbd572835cb1
Sha1:   ecd9e7c611fa605ed64a3482e384979e0526247b
Sha256: 8a543831320f80549300cd85bf432627d6d2b9dd308367a0507b13115899ba05

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/css/trx_addons.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 259021
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65389)
Size:   259021
Md5:    24bc41d3b6194f8598fd82a1e43efb73
Sha1:   3472c81afeeb2722a31a440271588ba0c89f6b53
Sha256: 17a73aa1104951434d367e50ef97d524e782089bcf090ef8ceee1e130f290d3f
                                        
                                            GET /wp-content/themes/electroserv/css/__styles.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 116927
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65384)
Size:   116927
Md5:    cbf0c557f5cc513fe1881ec1f53ad90e
Sha1:   6169b1c05f01169d9e5a2290d1c14f7fe869677b
Sha256: 64245dd70f9080ff8d1b391478958d61033e994aea3d5cfdf77a00166bf323c8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/css/font-icons/css/trx_addons_icons-embedded.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 207790
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65169)
Size:   207790
Md5:    10493a040ec70e6f997887b04a4fef13
Sha1:   bfdfe3e0123bca9c9b6d3ac17de1c8b6c610aabb
Sha256: 474c7151d471e8dfdd71ff90539ed619a3a621fea465e6fc6d226dc70f0c75d0

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 11256
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (11256), with no line terminators
Size:   11256
Md5:    2b0dd7eecea03b4bdedb94ba622fdb03
Sha1:   703becba85161118dd6fc66af465428ef43f561c
Sha256: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Accept-Ranges: bytes
Content-Length: 4186
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (4186), with no line terminators
Size:   4186
Md5:    ea958276b7de454bd3c2873f0dc47e5f
Sha1:   b143f6e8e8f79d8f104c26b0057ef5514d763219
Sha256: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/style.css HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 146976
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   146976
Md5:    65674f4c837f876b229cfaaeb02a651f
Sha1:   57739f6a9bf7fa8bbdaaae3e863c7ef858d45589
Sha256: a9b1e17454837eb51bb49944ba490314f44ae6617a0e045d28b7b43e242a2065
                                        
                                            GET /wp-content/themes/electroserv/css/__colors.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:01 GMT
Accept-Ranges: bytes
Content-Length: 357146
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65384)
Size:   357146
Md5:    92e8131e1a390042435247f2896d4e0e
Sha1:   42bc98de063148b711a5ac54340f50916a393b53
Sha256: 76ea2b5e1611a0094e2ae360caad752de442e722d85bada9556c26900885d6e3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/css/responsive.css?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 12 Oct 2020 09:15:58 GMT
Accept-Ranges: bytes
Content-Length: 110619
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive


--- Additional Info ---
Magic:  assembler source, ASCII text, with very long lines (696)
Size:   110619
Md5:    4a89add69adeb951442caeee5db24d80
Sha1:   4e341b21e8d0f71b47bcbbae5092e67e7215bcca
Sha256: f067d724c42c05a9604ec4036d0ee641c3fe1f79ac620d7cfd8c18b495230f62

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Accept-Ranges: bytes
Content-Length: 89521
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   89521
Md5:    02dd5d04add4759122013c5ab4dc5cc2
Sha1:   a45a56e396ac549b4ff39b696ce9e0c16a7612de
Sha256: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
                                        
                                            GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Accept-Ranges: bytes
Content-Length: 11224
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (11126)
Size:   11224
Md5:    79b4956b7ec478ec10244b5e2d33ac7d
Sha1:   a46025b9d05e3df30d610a8aef14f392c7058dc9
Sha256: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=1.3.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Wed, 18 Nov 2020 15:27:30 GMT
Accept-Ranges: bytes
Content-Length: 9332
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (9332), with no line terminators
Size:   9332
Md5:    6a229fc927df63e2b5f436bb01d2c37f
Sha1:   d09285c647f007d920a36aced75a0179d40ff4cb
Sha256: dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 119386
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (41022), with CRLF line terminators
Size:   119386
Md5:    1eca6ed028850aa07d5f4a003fd7079e
Sha1:   1f02b8c5485108373bdd14a96bb1fe22d72e157b
Sha256: 9556bca5ad5eb24439887d7339fcb687088776bbaa995553aa489c9607cf9e19

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.4.1 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 485416
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65358)
Size:   485416
Md5:    2fcf15b9242ca9cbf091c45419959fdb
Sha1:   52e744ee97e3612e790305643ab5046201831618
Sha256: f1dbbc4be8d88ae17466b1d7a8fd7bf4f9d9b5ab492719cdea721d82cecb738d

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/swiper/swiper.jquery.min.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 87126
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (32020)
Size:   87126
Md5:    93150feefb986b403aedf9e26c914092
Sha1:   64c397ca8c093de3bdb2c2eda2205fbfb8173f32
Sha256: b18bb25b43e0bd89fa67b62f914da8ef6286e626c0690f0b4fac74e7a52f700c

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/js/magnific/jquery.magnific-popup.min.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 20216
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (20087)
Size:   20216
Md5:    ba6cf724c8bb1cf5b084e79ff230626e
Sha1:   f455c5f153f872e52265f87a644ff89fe14a6fb6
Sha256: 3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/trx_addons/components/cpt/layouts/shortcodes/menu/superfish.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 6985
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text
Size:   6985
Md5:    f2d8d0aeb67bf6d5258efd5d6018c9fe
Sha1:   66a55167b4923cf03470b7013546893b0934041d
Sha256: 997c7e1d4ca02022f240b77a3e6d37c4693d8b7566349ee2b9c81dd34f66b8d3

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/plugins/wp-gdpr-compliance/assets/js/front.min.js?ver=1603730581 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 6685
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (6684)
Size:   6685
Md5:    4c35d53fb0a5355136c6ab4df90ca3e1
Sha1:   388a6dc93b1d1d7d99700151dc495e045f4f3afa
Sha256: af57165e63b7efba5117220d832d16a5919b941d646b9e23bb7d455e0f343218

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Fri, 08 Apr 2022 20:07:18 GMT
Accept-Ranges: bytes
Content-Length: 1191
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (1191), with no line terminators
Size:   1191
Md5:    51300497928562f8c86c7aaba99237cd
Sha1:   e5826832b85c6afc6502b74cbb8ac5394b04c363
Sha256: 6d161e98e47ae150b51211443eef37040fb6269dcf85ad2048548066dca99e6f

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=6.4.1 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:43:01 GMT
Accept-Ranges: bytes
Content-Length: 20697
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (20478)
Size:   20697
Md5:    b19cf4664534718fbf45d1ab11c1e03f
Sha1:   46236e58872c4f83370dc2239f737ac9c9670428
Sha256: 527beb6c2c7fb7390156ab5c7e269b74994831e1cae8a54bec16e6165b908fc4

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.16 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Accept-Ranges: bytes
Content-Length: 157610
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive


--- Additional Info ---
Magic:  ASCII text, with very long lines (65266)
Size:   157610
Md5:    6de31d697a1b1b2b0e2a3b29b1fb458b
Sha1:   c9b6c996a66918f7c4d49c9b60134ce282c47143
Sha256: 443ba0af7a7ed827223c7fb3c008c02b9ff1d651b6492e9c270378b07d9f6008

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=6.0.2 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Wed, 20 Jan 2021 13:35:18 GMT
Accept-Ranges: bytes
Content-Length: 906
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (906), with no line terminators
Size:   906
Md5:    2c6d3b562a48e0df5474999dd47e58fb
Sha1:   945220e990eb176c14e53cc663fb01e04e31b59f
Sha256: 3e6131330963c472b950b8aaf544ba3829735b8ccb103d614ba7793e3a786550
                                        
                                            GET /wp-content/uploads/2020/11/logo.png HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 09 Nov 2020 17:32:08 GMT
Accept-Ranges: bytes
Content-Length: 21477
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 200 x 113, 8-bit/color RGBA, non-interlaced\012- data
Size:   21477
Md5:    5f5bc92861c7d332c46c99d8665fad56
Sha1:   98911e8a3fd9aa9ce944d94034741325b2d43a65
Sha256: 31b8f6d3b6d6216568b8df126992f05b2f46be2a99af58aeea55dac26746db22
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 16:40:18 GMT
expires: Fri, 29 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 376253
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size:   30928
Md5:    ac0d2859ea5f8fd6bcb3c305c08ec184
Sha1:   7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
Sha256: ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:10:21 GMT
expires: Wed, 27 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 547251
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Size:   23580
Md5:    e1b3b5908c9cf23dfb2b9c52b9a023ab
Sha1:   fcd4136085f2a03481d9958cc6793a5ed98e714c
Sha256: 918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:15:31 GMT
expires: Wed, 27 Sep 2023 17:15:31 GMT
cache-control: public, max-age=31536000
age: 546941
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 22504, version 1.0\012- data
Size:   22504
Md5:    1c6c65523675abc6fcd78e804325bd77
Sha1:   898d9808304dc157f5dcb18ca169ec6e2b96b3d7
Sha256: 08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
                                        
                                            GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tofi.it
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         172.217.21.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 27 Sep 2022 17:10:21 GMT
expires: Wed, 27 Sep 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 547251
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size:   23040
Md5:    de69cf9e514df447d1b0bb16f49d2457
Sha1:   2ac78601179c3a63ba3f3f3081556b12ddcaf655
Sha256: c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /wp-content/uploads/2020/12/favicon-tofi.png HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Date: Tue, 04 Oct 2022 01:11:12 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:32:51 GMT
Accept-Ranges: bytes
Content-Length: 1488
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive


--- Additional Info ---
Magic:  PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size:   1488
Md5:    66cc32a57727ac9775d9466634b24e7a
Sha1:   15baf4fd5dffe9cd12ab5919dc5fe650cffb9678
Sha256: c85c46e673c2c4cffd9297b5184b02cc8adee620d36e2edea48d4dd17b7716be
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/player/374003a5/www-widgetapi.vflset/www-widgetapi.js HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript
                                        
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 52508
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 14:49:51 GMT
expires: Tue, 03 Oct 2023 14:49:51 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 03 Oct 2022 00:23:06 GMT
age: 37281
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (717)
Size:   52508
Md5:    e1a483aa5290aa849567406a9c69ce75
Sha1:   f0d1dc9d8b8dd63a84d83c1783b2aa885981ce0c
Sha256: 016893a39d3ceb3a2b18e841f40018ad74b0e30869b63b64aa8b0aa3d0dee9df
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Tue, 04 Oct 2022 01:11:12 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6805
Expires: Tue, 04 Oct 2022 03:04:37 GMT
Date: Tue, 04 Oct 2022 01:11:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6805
Expires: Tue, 04 Oct 2022 03:04:37 GMT
Date: Tue, 04 Oct 2022 01:11:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6805
Expires: Tue, 04 Oct 2022 03:04:37 GMT
Date: Tue, 04 Oct 2022 01:11:12 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6805
Expires: Tue, 04 Oct 2022 03:04:37 GMT
Date: Tue, 04 Oct 2022 01:11:12 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffd3966c4-a932-4eb5-a3bf-ca25cde92ccb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5317
x-amzn-requestid: 84ffe752-ae82-4fb6-9b29-9b69a3a3dcdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuGEjIAMF8Bw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-3717ba3f22da06bc791b20b6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uS3VqXlUimv6Ef0jk6sxGp4xrg7LxbU9w34IE5KF4boZwkkhv6qfAQ==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 12412
etag: "4d208807e10e73309811101ef2d26ff33b642585"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5317
Md5:    a0927f94dd9e0cc7272f77972048658c
Sha1:   4d208807e10e73309811101ef2d26ff33b642585
Sha256: 3f184d9ba1588d451dfe5e4dfd84456ce533cbccaf1390ad423e1c6d38c8a35b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F92e2742a-a49a-4d87-a767-7dbb56cff473.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6107
x-amzn-requestid: 6516bfcd-d6a5-4f46-81fa-ef6033e21aa7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcqO7GXOoAMF8hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b572c-27fb158e152659380e27c292;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:42:04 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SVkRglRw_TkmAMN-8BydwiWrLcFxpaR9hPsG7OjvGN5KtxteTiVYlw==
via: 1.1 7514e5e25722778fd4b1744d4ecc67e0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:30 GMT
age: 12402
etag: "291232594a2f3170afed3b4814e3a11233d0f05e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6107
Md5:    1f0977129995c466e4710e0ae4304d3e
Sha1:   291232594a2f3170afed3b4814e3a11233d0f05e
Sha256: 80927a148dff4908b799b9f6d167769e68346491092520f5e3638b0f8b5d55a3
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: O1yNc4H21kixhUEE7099oNqs7a5ZnJBBjlZbsbmLvaXyzXzrK0dL3w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:33 GMT
age: 12399
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5504
Md5:    6c6882c60d7ca6f918c77104e3ad1d52
Sha1:   20ef861be49c652a938e0145e4ca3a60159367e2
Sha256: 861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5d0984d7-fe4f-4f96-9f0f-17e0197a5cb6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5857
x-amzn-requestid: 51f3a938-30f6-418e-970b-439bdfbb7c2b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHIAIAMF6PQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-6d97d5ff3c3589ee1e900a3b;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OModa8qHXEimXsJhr1DiYifYbFLgI-yMvAaKZA2SsRyU1N5CWwoVOg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 22:16:34 GMT
age: 10478
etag: "1d90e98d3666fc8618130eac15972d3a08addf16"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5857
Md5:    78caa2bb8e856110416bc85ed2420d20
Sha1:   1d90e98d3666fc8618130eac15972d3a08addf16
Sha256: 5175905bdbcd0a325ff666148a77503f14d1922d826ad14a9c3d09846d77dff5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F180dee10-1cde-4fbe-8a74-62b7b3bdb1e2.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6315
x-amzn-requestid: 6aa75b16-32e4-48a7-9fb0-9e3d5528c2d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZWSdsHUnIAMFXtw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6338cabd-742d8a436403683e0cd9368f;Sampled=0
x-amzn-remapped-date: Sat, 01 Oct 2022 23:18:21 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TVz3oiy-Z2r9lGFDgsnGNxotvvAPeOaa7LMzqs432QjZpZo-PNt1-g==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 04:42:51 GMT
age: 73701
etag: "58ff0bf8ce7528b303d28bab01a80ad721705569"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6315
Md5:    206fb65e75dbadf119512f71e0b78402
Sha1:   58ff0bf8ce7528b303d28bab01a80ad721705569
Sha256: 56c8d5f3b3060ee54bf81995269b86c070855d8c33bf437161339a45b309703f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fec31ab6c-46f2-4d77-a807-9f14bb5073bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11955
x-amzn-requestid: ce6bbe93-95b0-4b6e-a8bc-012796485e67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zcqb9FUtoAMF0WQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b577f-59dc0a18523f900a059aa5df;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:43:27 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 44jC1Ww19YUJjZHw9_3cSSR5Y7nw5df412G-RxWFTcbRz1XDKaT3zQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:35 GMT
age: 12397
etag: "e2ea2ef6805e391c497e62e101e76a0bdecfce64"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11955
Md5:    54b3ef7aa50273b78b59c24511b0c1f9
Sha1:   e2ea2ef6805e391c497e62e101e76a0bdecfce64
Sha256: 296e8954022d5160137b3e02ab5085a15cee7c23cd6d4ca61b36880706062457
                                        
                                            GET /wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.2.23 HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:57 GMT
Accept-Ranges: bytes
Content-Length: 327000
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive


--- Additional Info ---
                                        
                                            GET /wp-content/plugins/trx_addons/js/trx_addons.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 26 Oct 2020 16:42:55 GMT
Accept-Ranges: bytes
Content-Length: 133329
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /wp-content/themes/electroserv/js/__scripts.js HTTP/1.1 
Host: www.tofi.it
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/welbin-webcatche/upgrade%20_2%20_1/upgrade.zip
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

                                         
                                         85.234.151.73
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Tue, 04 Oct 2022 01:11:11 GMT
Server: Apache
Last-Modified: Mon, 07 Dec 2020 16:33:02 GMT
Accept-Ranges: bytes
Content-Length: 84953
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Phishing
                                        
                                            GET /css?family=Lato%3A400%2C400italic%2C700%2C700italic%2C900%2C900italic%7CMontserrat%3A400%2C400italic%2C500%2C500italic&subset=latin%2Clatin-ext&ver=6.0.2 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 01:11:11 GMT
date: Tue, 04 Oct 2022 01:11:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /iframe_api HTTP/1.1 
Host: www.youtube.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.tofi.it/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.110
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-content-type-options: nosniff
expires: Tue, 04 Oct 2022 01:11:12 GMT
date: Tue, 04 Oct 2022 01:11:12 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=ErpyjFdwLSM; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=8aE87ol9a8E; Domain=.youtube.com; Expires=Sun, 02-Apr-2023 01:11:12 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+986; expires=Thu, 03-Oct-2024 01:11:12 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---